First of all, Net Flow is spelled NetFlow, and today, we’re going to talk about an IT Monitoring Service that provides Network Traffic Monitoring. Specifically, we want to monitor BYOD Traffic. The modern workplace is often being assaulted by these devices. Why? Androids and iPhones are constantly searching for a Network to connect to. Once attached, some employees are so ‘connected’ with friends that these smart phones start flooding the network and pestering the user to participate in Facebook, Farmville or even Scrabble. How can you find out when, where , and what they are doing?
Perhaps your company has an Internet Acceptable Use Policy (IAUP) in place that covers the use of BYOD? Now it’s time to check in on these devices to ensure that the IAUP is being adheared to. NBAR, aka “Network Behavior Application Recognition,” is a popular technology supported by Cisco Routers and can eliminate some headaches when trying to gain insight into all the applications that use port 80. SonicWALL Firewalls, Palo Alto Networks, nBox and Exinda support DPI technologies that are similar to NBAR. Without DPI application recognition we can see that a user is/was on the internet; however, can we actually see what they were doing?
Another strategy for narrowing in on mobile devices is to filter on the vendor ID of the MAC addresses.
To export MAC Addresses in NetFlow, add these to your Flexible NetFlow Record:
- collect datalink mac source address input
- collect datalink mac destination address input
Other vendors such as Juniper and Enterasys also allow for the export of MAC addresses. What’s nice about Cisco’s Flexible NetFlow is that it is a customizable technology where you can create your own key fields for performance monitoring in areas such as VoIP and video, even Skype.
With Flexible NetFlow and IPFIX, you can rest assured that monitoring BYOD is a snap. NetFlow will give you a definitive record of the who, what, where and when of each conversation on the network. Flow Analytics, our NetFlow Analysis Tool’s core architechture, allows you to create thresholds that can trigger alarms. Soon you’ll be notified when someone goes over a certain amount of traffic with a specific application.
Get in touch with us if you have any questions on how to do this.