I was cleaning out one of my boxes of stuff the other day and I came across this post card that I received from the Business Software Alliance  about 10 years ago.

The reason I kept it is because I thought it was a pretty aggressive marketing tactic. What do you think? Imagine if we marketed NetFlow to Nail Your Boss with NetFlow Analysis.  Here is the back of the post card:

Years ago I worked at Cabletron Systems and a friend of mine was catching the director of the departments internet traffic with a packet analyzer. He was trying to learn about his stock trades.  I’m not sure if he was ever able to learn anything significant however, what he was trying to do is very difficult in a purely switched environment.  A promiscuous packet analyzer doesn’t do you much good these days unless you are on a spanned port.

With NetFlow reporting however, it is a different story as spanning or mirroring interfaces isn’t necessary and the number of collection points goes up significantly. The short coming of most NetFlow exports is that we don’t get all of the juicy details (e.g. URLs, latency, etc.) that a packet analyzer provides. The nProbe of course is a close exception as it exports URLs in NetFlow however, it brings back the mirrored port requirement.

What we can do is monitor for things like social networking traffic and run reports to determine who spends the most time and transfers the most amount of traffic to these sites.  Below I filtered for all Facebook on our Enterasys NetFlow switch and then ran a report for the top hosts hitting the domain:

I noticed that my computer showed up in the list so I ran other report on my IP address to see what domains I have visited during the day:

I’m grateful that facebook.com didn’t show up in the top 25! 🙂

24/7 Wall St. looked at a number of workplace studies about how people spend time online. Most of this research says that workers with PCs are on the Web for 20 to 22 hours a week. About a quarter of that is time spent on personal matters. That is about five hours of lost productivity each week.”

Because of stories like the one above, 54% of companies were banning the use of social networking sites like Facebook, Twitter, MySpace and LinkedIn.
Read more on this:   I thought it was very interesting.

If you are really interested in the amount of communication between websites like Facebook and employees, try Mailinizer for Exchange log email reporting. It will definitely open your eyes. We don’t have much Facebook email anymore because everyone in the company knows about Mailinizer.  Below I filtered for ‘gmail.com’.  It’s amazing:

NetFlow doesn’t have to be used to nail anyone rather, it can be leveraged to educate employees on what this type of traffic can do to the network.  It will also make them aware that their traffic can be monitored and hopefully discourage them from engaging in excessive use of these types of web sites. At least, this is one school of thought.

Mike Patterson author pic


Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.


Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply