I was working with a customer last week who only wanted TCP, UDP, HOPOPT and ICMP on the network.  In addition to that they wanted to be alarmed if any other transport protocol passed through their Cisco ASA .  I introduced them to the Top Network Transports gadget in Flow Analytics.
First I made sure that the Cisco ASA was added to the Top Network Transports algorithm. The gadget below is part of the Flow Expert tab in MyView:
If you click on the ‘Configure’ button above, it will bring up the dialog box where you can enter the allowed protocols.  You can also just click on the + sign next to the above protocol.
In the Top Network Gadgets screenshot above, I clicked on PUP(12) to see the host using this unwanted transport protocol. Most Cisco NetFlow reporting tools don’t have a behavior analysis capability like this.
We have been performing network threat detection like this with our NetFlow collector for over 3 years.  We constantly strive to be the leader in NetFlow and IPFIX analysis.
Jim D author pic

James Dougherty

I have worn many hats in my professional life. Support engineer, developer, network admin and manager are all points on my resume, but the one common thread with all of these jobs is that I enjoy working with people; that is what I do here at Plixer. I make sure that everyone understands our product and can get the most out of it. It's just simple 'no bull' support!

Let me know if you have any questions, I would be happy to help.

- Jimmy D

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply