LoveMyTool - Open Community for Network Management and Monitoring: NetFlow & sFlow Analysis

27 posts categorized "NetFlow & sFlow Analysis"

March 11, 2010

A Great Offer - Only for Lovemytool Readers!!!

Announcement and Great offer!!!

Laura Chappell’s New Book on using Wireshark to be a Network Analyst PLUS a Study Guide to become a Certified Network Analyst!

By: Oldcommguy™

I have known Laura for more than a decade or two and she has always delivered more than expected and her new book is no exception! That coupled with her most generous offer you should consider this carefully as it is only good for a few weeks.

Laura has created a compendium of real and applicable Wireshark skills presented in this ultimate guide to real Network Analysis! These 800 pages are an accumulation of many years of study and REAL network analysis skills obtained by Laura and other contributors! She is sharing these secrets with you in this new book with the goal of helping you become a better Network Analyst. The forward is written by my friend and a most trusted technologist Gerald Combs, the Founder of Wireshark.

Continue reading "A Great Offer - Only for Lovemytool Readers!!!" »

Posted in NetFlow & sFlow Analysis, Oldcommguy, Open Source Tools, Protocol Analysis | Permalink | Comments (0) | TrackBack (0)

February 22, 2010

Ingress or Egress NetFlow Analysis (by Michael Patterson)

Author Profile - Michael Patterson is currently the Product Manager of Scrutinizer NetFlow and sFlow Analyzer at Plixer International. Prior to Plixer Michael worked for Cabletron Systems as the Director for outsourced network management.

Ingress or Egress, That is the Question

Are you considering a NetFlow export configuration with egress flows? Do you know why you would or wouldn’t want to export egress flows?

Most of us are exporting NetFlow v5 which only supports ingress flows. This means that traffic coming in on an interface is monitored and exported in NetFlow datagrams. What about traffic going out an interface? It isn’t monitored in NetFlow v5. Most NetFlow vendors look at where an ingress flow is headed by looking at the destination interface. Using this information, we can determine outbound utilization on any given interface as long as AND THIS IS IMPORTANT, you enable NetFlow v5 on all interfaces of the switch or router.

Lets say you only enable NetFlow on interfaces 1 and 2 of a three interface router. Traffic coming in on interface 3 that is destined for interface 1 or 2 will be missing when the NetFlow Analyzer calculates outbound utilization on these interfaces. In short, when using NetFlow v5 or v9 (ingress only flows) enable NetFlow on all interfaces as outbound utilization on any given interface is calculated by using ingress flows from the other interfaces. Pretty much all NetFlow reporting tools operate this way.

Continue reading "Ingress or Egress NetFlow Analysis (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis, Switching & Routing, WAN Management | Permalink | Comments (0) | TrackBack (0)

February 04, 2010

Free Tool and Free Tips for Network Configuration Management (by Josh Stephens)

Author Profile - Josh Stephens is the Head Geek and VP of technology at SolarWinds, a leading provider of network management software based in Austin Texas. Josh has extensive experience in network management systems, network engineering, and software development. His 15-plus years of experience in technology include designing and deploying advanced networks and network management systems within organizations including the US Air Force, Sprint, MCI/UUNET, and WalMart. He has received several industry certifications including those from Cisco Systems, Microsoft, and HP.

Opening – by Tim O’Neill - I am always on the lookout for cool tools for the Lovemytool readers, especially when they are FREE!

I had recently received an announcement of this new tool that could save you some of your valuable time. Plus as I get older I realize that one simply cannot remember everything including Configurations and I HATE Scripting ... It seems to me that as advanced as we are, everything should be visualized and controlled by simple, traceable, change management focused, safe and secure GUI’s. Well, that is not the case so here is a sweet tool to help every one of you command config people save some time and burning up those “little grey cells”!

I remember meeting the Younce brothers at Walmart when I was with the original Network General Team as the CTM – That is “Chief Trouble Maker”. Then they started Solarwinds and WOW has it come far and done well. I had used their very cool and advanced Engineering Tools for years, until I lost my license.

Well back to the subject - Check out this new Free Tool and look over their exciting Orion technology. I have often wondered why companies do not give away more solutions to prove that their Technology is the best and that they want to be part of THE SOLUTION?

Many Thanks to SolarWinds and Josh –

I wish you less Stress and More Success - Oldcommguy

Continue reading "Free Tool and Free Tips for Network Configuration Management (by Josh Stephens)" »

Posted in NetFlow & sFlow Analysis, Switching & Routing, Test & Measurement | Permalink | Comments (0) | TrackBack (0)

December 07, 2009

NetFlow Overflow with TCAM Tables (by Michael Patterson)

NetFlow overflow with TCAM Tables on the Cisco 6513

I’ve wanted to blog about this for awhile ever since a customer approached me with the issue at Cisco Networkers. I’ve pieced together the issue based on information I have collected over time from customers. Below I outline how I compared NetFlow Reports to that status of the TCAM tables on a Cisco Catalyst 6513. Some feedback from a knowledgeable reader would be fantastic. I think this is an important topic.

Apparently there is a condition on the Cisco Catalyst 6513 revolving around TCAM tables and excessive connection requests. If the TCAM tables get full in the Supervisor Engine 720. When this happens, a NetFlow overflow can occur caused by excessive entries.

What is a TCAM?

Ternary Content Addressable Memory. Before we get into TCAMs, let’s start with a plain old ‘CAM’ definition which is used to search only for ones and zeros; a simple operation. Charlie Schluting explained this well: MAC address tables in switches commonly get stored inside binary CAMs. You can bet that just about any switch capable of forwarding Ethernet frames at line-speed gigabit is using CAMs for lookups. If they were using RAM, the operating system would have to remember the address where everything is stored. With CAMs, the operating system can find what it needs in a single operation.

Continue reading "NetFlow Overflow with TCAM Tables (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis, Protocol Analysis, Switching & Routing | Permalink | Comments (6) | TrackBack (0)

September 01, 2009

NetFlow Analysis on the Cisco ASA (by Michael Patterson)

Plixer International is one of the fastest growing network performance measuring companies in the industry. Merged with Somix Technologies, Inc. in 2006 and founded in 1999, the team at Plixer works on many of the largest networks in the world. Many companies still spend the majority of their time focusing on reactive issues and individual equipment problems. Plixer solutions provide a holistic view of the entire enterprise regardless of equipment vendor.

Scrutinizer NetFlow & SFlow Analyzer

The Cisco ASA and NetFlow

Who or what is clogging up a connection has always been a strength of NetFlow Analysis. The Cisco ASA is a different beast when it comes to NetFlow.

Collecting and reviewing the NetFlow information from your ASA Firewall will allow you to find out:

Who is making the most connections and causing the most traffic
Which applications are consuming the most bandwidth
What traffic is taking advantage of ToS and DSCP
Much much more …

Continue reading "NetFlow Analysis on the Cisco ASA (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis, Protocol Analysis, Switching & Routing | Permalink | Comments (0) | TrackBack (0)

May 26, 2009

Maximizing Network Performance with MIB Analysis (by Nicholas Saparoff)

Author Profile - Nicholas Saparoff is the President and Founder of ByteSphere Technologies and has over 20 years experience designing software and data communication networks. Prior to ByteSphere, Nicholas has held key engineering positions at several hot technology companies in the Boston area.

ByteSphere® is a Boston area software company specializing in Global IT Management and Monitoring solutions and is the world's leading provider of SNMP-enabled network administration and testing tools. ByteSphere's flagship product, OidView, provides the network management community with an incredibly advanced administration and testing toolkit for engineers, support, and field personnel. It is in use by thousands of companies worldwide.

Corporate networks continue to grow at a rapid rate as more and more devices become integrated into the mix. From PDAs, to netbooks, to high powered routers, and the normal assortment of servers, the typical network has a lot in it to manage. Not managing a network is not only likely to increase the likelihood of problems, but it will most probably cost you more in the long run. Inefficient networks mean lower productivity, more calls to tech support, and more wasted time trying to figure out the problems on the network. There are a number of tools we recommend using.

One of the most effective tools that network administrators will typically use is called a MIB browser. The MIB browser allows the network administrator to perform a variety of administrative tasks, like examine loaded MIBs, modify, view, and configure features on routers and switches, and set SNMP trap thresholds. One of the most popular things to do with the MIB browser is to set and view specifications in various devices for when the software will trigger an alert to show that there is a problem in the network. Those alerts will typically be sent to a fault management system. This type of monitoring is called passive monitoring.

Continue reading "Maximizing Network Performance with MIB Analysis (by Nicholas Saparoff)" »

Posted in Application Performance, NetFlow & sFlow Analysis, Switching & Routing | Permalink | Comments (0) | TrackBack (0)

May 19, 2009

More Data = Faster Problem Resolution (by Tim O'Neill)

Tim_oneill Editor Profile - Tim O’Neill is an independent technology consultant. He has over 30 years experience working in the WAN, Analog, ISDN, ATM and LAN test market. Tim has worked with companies like Navtel, Network General, Ganymede and ClearSight Networks and is now helping companies get lab recognition and technology verification. Tim is also the Chief Contributing Editor for LoveMyTool.com, a website designed to help network managers gain access to valuable information and real solution stories from other customers. Tim is a patent holding, published and degreed engineer, who has seen this technology grow from Teletype (current loop) data analysis to today’s 10 Gigabit LAN’s focused on business applications with heavy compliance demands. Tim can be reached at oldcommguy (at) bellsouth (dot) net.

The Anatomy of a TCP Connection (by the NetQoS Team)

More Data adds to Faster Problem Recognition – Reducing Time to Resolution!

NetQoS has raised the bar on Performance Analysis!

I often talk about the value of data as the basis of the Problem Resolution equation.

Data is the basis of information. Information, once assimilated, leads to Understanding. And Understanding leads to Problem Resolution. The more Data you have the more Information you will have to Understand your network and its issues. In short, Data is the most important building block in the process of Resolving Network Issues.

The problem has always been that there are so many different types and sources of network data that most solution vendors stick to those that they can best resolve. Most stick to common sources like SNMP or NetFlow.

I usually do not review products and write about them but I was offered a sneak peek by one of our sponsors, NetQoS, and what they showed me I had to share with the Lovemytool readers! So here is your sneak peek! This is being announced at InterOp. Today!

Continue reading "More Data = Faster Problem Resolution (by Tim O'Neill)" »

Posted in Application Performance, NetFlow & sFlow Analysis, Oldcommguy, VoIP Monitoring | Permalink | Comments (0) | TrackBack (0)

March 20, 2009

Now We're Having Fun (by Tim O'Neill)

As soon as I finished the previous article on having fun, I received two e-mails from old friends Bill Alderson and Scott Daughtry both work together at NetQoS along with several other friends including Steve Harriman VP Marketing and Joel Trammell the CEO. I have a tremendous amount of respect for all of these gentleman and the focus they have to help our industry and users!

Now having known these guys as well as many more inside NetQoS the following information did not surprise me one bit. The Team at NetQoS are all top professionals but they also know a thing or two about helping their customers as well as the industry in general and having a little FUN!

They surprised me when they told me that they had announced a new online trivia game called “The Network RockStar Challenge”!

Just Very Cool! You have got to try it!

Continue reading "Now We're Having Fun (by Tim O'Neill)" »

Posted in Application Performance, NetFlow & sFlow Analysis, Oldcommguy, VoIP Monitoring | Permalink | Comments (0) | TrackBack (0)

December 11, 2008

Real Time is Real Money (by Karen Kaliski)

Karen_kaliski Author Profile - Dartware, LLC develops the InterMapper® family of network mapping and monitoring software. InterMapper earns a quick return on investment by proactively alerting administrators to potential slow-downs, crashes, and other business interruptions. Its real-time, color-coded maps and other displays provide users with an instant view of their network and device status. Dartware's software is installed in financial services, healthcare, retail, education, government, non-profit, WISP and ISP organizations around the world.

Karen Kaliski has over 20 years of experience in software product development and marketing. She has focused on geographic data analysis and mapping, IT asset management, network management, customer support technology and other niches in roles inside corporations and as a marketing consultant.

Source: ZDNet

Greenhouse

Green House Data Executives Courtney Thompson (left) and Shawn Mills.

100% uptime is the gold standard and is a dream for today’s network administrators. When budgets are tight, uptime is even more imperative. Tight resources: people, computers, and networks, have to be up, running, and as productive as possible. Anything that distracts from the business focus of the network cuts into margins and profits!

Greenhouse Green House Data offers a great case in point. Green House, a data center located in Cheyenne, Wyoming, promises customers 100% uptime and 100% security.

“We need to be incredibly proactive in the data center,” explains Shawn Mills, Green House Data’s CEO. “We monitor everything from the point bandwidth enters the building, to the consumption of power supplies on servers.” Green House also keeps constant track of temperature and server capacity so that load can be redistributed when necessary.

Green House Data uses Dartware's InterMapper to monitor real-time network device performance and capacity along with environmental conditions, like temperature. They set thresholds so that alerts go out when things are trending in the wrong direction – server drives are filling up, bandwidth is decreasing, traffic is slowing, rooms are heating up. That allows corrective action to be taken before customers are affected and the Green House value proposition is lost.

Continue reading "Real Time is Real Money (by Karen Kaliski)" »

Posted in NetFlow & sFlow Analysis, Protocol Analysis, VoIP Monitoring | Permalink | Comments (0) | TrackBack (0)

December 09, 2008

Two (IT) Guys and a Garage (by Jesse Rothstein)

Author Profile - Jesse Rothstein is the CEO and co-founder of ExtraHop Networks, where his technical vision and expertise in enterprise networking give ExtraHop a competitive edge in the industry. With a world-class team of engineers under his leadership, Jesse is responsible for the technical architecture of the innovative ExtraHop Application Delivery Assurance platform. Jesse co-founded ExtraHop after a six-year tenure at F5 Networks where he was a Senior Software Architect and co-inventor of the TMOS platform. Jesse was the architect and project lead for the BIG-IP v9 development effort and the technical lead for frameworks, clustering, and performance. Prior to F5, Jesse worked in product development at Motive Communications and the Trilogy Development Group.

Editor's Note - Lovemytool Readers, please allow me introduce you Jesse Rothstein, co-founder and CEO of ExtraHop Networks. Today ExtraHop will publically unveil their new and revolutionary network solution!

Every once in a while, a new company with an innovative technology comes along that makes you say “Wow, this is the beginning of something big”. Well, that was just the feeling I had when the ExtraHop Team first explained to me their vision and demonstrated their interface.

If you talk to anybody who is in the day-to-day network trenches, who deals with network management, analysis and monitoring tools, they will all tell you that the Network Management problem is not solved, especially to meet today’s dynamic challenges.

Today’s network management and analysis techniques mostly use SNMP, Netflow and Packet Sniffing to gather data and statistics for “Analysis”. These traditional approaches can supply one with lots of data, but little overall integrated Information – Information is something that presents actionable details and information is the best and easiest way to find an issue, develop a solution and validate your network and application performance.

The ExtraHop solution brings a very cool and innovative new and fully integrated approach to this arena, one that has the potential to shake up the world of network management, monitoring and analysis. In short this new solutions helps you find your issues, solve problems and really see how efficient your network and business application are running. They do this by integrating lots of data and statistics from various network and application protocols, plus lots of system intelligence and then provide you, the network manager, with actionable information.

The ExtraHop technology is a powerful fully integrated solution with an intuitive User Interface (UI), impressive scalability and ease of deployment. I have seldom been shown a pre-release product that was ready for release as a prime time analysis system and ready for real world problem solving.

Get ready, for today there is a new dawn for the network management, analysis and monitoring market!

I wish the ExtraHop Team, Great Success with their lofty goal of forever changing the network solution market.

Be sure to check out their technology by clicking on their links above and I hope you will be as Wowed as I was.

I wish you all Less Stress and Great Success, Merry Christmas - Oldcommguy™

Continue reading "Two (IT) Guys and a Garage (by Jesse Rothstein)" »

Posted in Application Performance, Deep Packet Inspection, NetFlow & sFlow Analysis | Permalink | Comments (0) | TrackBack (1)

LoveMyTool - Open Community for Network Management and Monitoring

Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.

LMT Tweets

Local Search

Recent Comments

Recent Posts

Top 10 Posts

LMT Authors

By Technology