NetFlow analyzers vs. packet analyzers – are really complementary technologies. For years NetFlow has been a valuable tool used to suppliment the use of packet analysis; and to a certain extent that is still the case. With the adoption of Flexible NetFlow and the new release of Scrutinizer 7.5, the value that NetFlow analysis brings to packet analysis becomes even more significant.
As of January 18th, 2010, Scrutinizer v7.5 has been available of download. For current users of Plixer’s flagship NetFlow and sFlow analysis tool, clicking the information icon at the top right of the screen indicates that the update is available. This release is packed with 3 primary new features:
1) Enter The Matrix
For some, Scrutinizer 7.5 feels a bit more like a packet analysis tool in a few different ways. The first is the way in which data is presented. Sure, pie charts are great for showing the board of directors how market share has increased. To further that idea, line graphs are perfect for indicating fiscal growth over a quarter to quarter basis. However, are these the most appropriate ways to be viewing network traffic flows? Of course not!
The new Matrix view in Scrutinizer v7.5 gives an easy to understand representation of where traffic is coming from and where it is going to. The Matrix is a wheel of IPs and host names, which correspond to the time frame and data set selected. Clicking a host shows all connections coming from and going to that host in either blue (outbound) or green (inbound). Now here is a way of looking at network traffic data that is actually useful! Sure, it’s nice to know what your top 10, 25 or 100 bandwidth consuming hosts on your Internet connection are, but just as importantly, what are the connections that are making up that traffic?
Take the new Matrix view for a spin at the Plixer Innovations Lab. Click! Spin! Zoom! Enjoy!
2) NetFlow and NBAR: The best of both worlds
Previously, NBAR statistics were typically gathered using SNMP monitoring applications. This was helpful in the sense that it provided information on how much of the total bandwidth being consumed on a particular link was let’s say Skype or BitTorrent. However, with this method, there was no way to see which hosts made up that Skype traffic or that BitTorrent traffic.
Currently, Scrutinizer is the only NetFlow monitoring application available that by supporting the Flexible NetFlow v9 template, is able to provide full support for NBAR definitions. How is the NBAR information gathered? Yup, deep packet inspection. Again, another way that the combination of Cisco NetFlow and Scrutinizer are behaving a bit more like a packet analyzer.
More information on how to setup and enable NBAR through NetFlow can be found in this article, “How-to configure Cisco Flexible NetFlow for NBAR exports,” at NetworkWorld.com.
3) Be a Flow Expert with the Flow Expert Window
Yet another feature typically found in packet analysis applications, the Flow Expert Window has been introduced in Scrutinizer 7.5. This new view is meant to provide complete analysis and insight over the NetFlow data already being collected.
From a single view, network admins can get a plethora of information critical to their network health. Whether it’s something simple, like the top utilized interfaces across the network, or something more complex, like the Threats Overview that shows DoS attacks, SYN violations, network scans, improperly terminated connections, etc., it’s all consolidated into a single usable NetFlow dashboard.
The future of network traffic analysis
Packet analyzers will continue to be a valuable tool in the IT admin’s arsenal, still, companies like Cisco Systems and Plixer International continue to show that NetFlow technology is more than just a list of top talkers. While NetFlow will never replace the need for packet analyzers, with the right collector, it can certainly reduce the need to strategically place packet sniffers on the wire. Ultimately, NetFlow saves companies money by delivering network traffic insight using existing hardware. NetFlow and sFlow reporting reduce the requirement for hardware probes, avoid the additional maintenance and ultimately save you tens of thousands of dollars.
We here at Plixer are excited to play a more important role in this market. We hope that you will find the new features and improvements in the latest version of Scrutinizer as useful as we think they are. Download Scrutinizer version 7.5 now and see for yourself!