54 posts categorized "Data Visualization" Feed

Introductory Guide to Network Packet Brokers (by Derek Burke)

Introductory Guide to Network Packet Brokers


What is a Network Packet Broker?

A Network Packet Broker (NPB) is a switch-like network device ranging in size from portables devices, to 1 and 2 RU units, up to massive chassis and blade systems. Unlike a switch a Network Packet Broker does not alter the traffic passing through it in any way unless specifically instructed to do so. An NPB can accept traffic on one or more interfaces, perform some pre-defined function on that traffic, and output it to one or more interfaces.

This is commonly referred to as “any to any”, “many to any”, and “any to many” port mapping. The functions that can be performed can be as simple as forwarding or dropping traffic and as complex as filtering on Layer 5+ information to identify a specific session. The interfaces on an NPB can be copper connections but are frequently SFP/SFP+ and QSFP cages to allow a broad variety of media and bandwidth speeds to be used. The feature sets of NPBs are built around the principle of maximizing the efficiency of network appliances; particularly monitoring, analysis, and security tools.

Continue reading "Introductory Guide to Network Packet Brokers (by Derek Burke)" »

Solving Network Issues - Machine Learning - The IT Sorcerer’s Apprentice! (by John Kerber)

The IT Sorcerer’s Apprentice!


Machine learning seemed an odd fit at first. Our company was formed as a simple network discovery tool, as reliable and useful as a carpenter’s hammer. If you don’t know us at Who’s On My WiFi, we started off by offering a platform-agnostic ARP scanning tool to discover connected devices on a network over time.  Our company path changed drastically when we started saving all the information we were scanning.  We made an important discovery: WWW.WhoIsOnMyWiFi.com

Large amounts of network data is useless without some way to make sense of all that information!

For example, the first problem people tried to solve using our software was detecting if an unknown device suddenly joined the network.

We initially required that customers tag devices as KNOWN, and then they could be alerted to any UNKNOWN devices.  But there is a problem with this, especially on larger networks.  Tagging devices is time-consuming and requires constant updating to be useful. Our customers’ IT managers would be tasked with tagging staff and network devices, while reporting on guests that entered their building. It was an up-front workload compounded by the inevitable influx of new devices or [shudders] network equipment overhauls.

The next problem people started solving with our basic network detection was trying to determine the number of people using a public WiFi network over time.  Although this sounds simple, to get accurate usage patterns, again, there is an up front cost of going through and tagging all equipment that could possibly be on a public WiFi network to exclude it.  Otherwise, always on devices like network equipment or printers incorrectly impacted the results.  And what about employees using the public WiFi?  Should they be counted as visitors or not?

To painstakingly go through a large public venue, tag all switches, APs, as well as employee equipment and smartphones was too much maintenance for IT administrators to keep up with.

Enter Machine Learning. 


Continue reading "Solving Network Issues - Machine Learning - The IT Sorcerer’s Apprentice! (by John Kerber)" »

I need a TAP for Total Visibility, what do I need to know? (by Derek Burke)

 I need a TAP, what do I need to know?

Deciding which TAP to purchase

Network TAPs (Test Access Points) are the absolute best way to gain access to network traffic, whether that be for network visibility solutions, network monitoring infrastructure, or network security auditing.  It is common at a certain point in an organization’s growth for it to be recognized that mirror ports and SPAN (Switch Port ANalyzer) ports, due to their many limitations, are no longer sufficient to provide traffic to monitoring and or security tools. When it comes time to begin building a TAP infrastructure there are several details to consider. Some are simple and obvious, and others may be subtler and more nuanced. This article is intended to be a primer on the main points to consider when searching for Network TAPs for your environment. The information contained herein applies primarily to Cubro Network Visibility TAPs as these are the products I have the most first-hand knowledge of.

Media Type and Connector Type

The first consideration for which TAP is best suited to environment is a fairly obvious one: Which media type do you intend to tap? Really, this is the difference between an electrical connection or a fiberoptic connection. On the electrical side we generally are talking about UTP (or perhaps STP cabling; it makes no difference for our purposes), although the use of DAC (Direct Attach Cabling) is relatively common as well. Fiberoptic cabling can be broken down into Single-Mode and Multi-Mode fiber and Multi-Mode fiber presents two possible core diameters to choose from.

Each of these media types will in turn necessitate a connector type on the TAP as well; fiber, again, having the most options. First let’s address electrical connections and specifically UTP as it is the most common electrical media that a TAP will be used with. The category of UTP cabling doesn’t really impact the decision of which TAP we will choose but would, of course, impact supported speeds and cable length. The speed of the link is a differentiating factor though.  Although it is not terribly common to encounter 10/100 links anymore it is important to point out that it is possible to have a completely passive electrical TAP (that requires power only for the monitor ports) at this speed. If you have 10/100 links in your environment the questions are whether it is more important to have a passive TAP that will not support 1G speeds or whether the option of upgrading the links without needing to replace the TAPs takes precedence.

10/100/1000 links are quite straightforward; you only have one choice. It is not possible to build a completely passive TAP for gigabit Ethernet over UTP; until now the industry approach has been to use relays to provide a fail-safe solution. This approach has not been problem-free though and instances where a link does not come back up or renegotiating a link after a failure takes an excessively long time are not rare. When I said you only had one choice earlier that is only partially true; in response to the number of issues with relay-based TAPs Cubro has designed a new type of 10/100/1000 TAP to drastically reduce these issues; adding a new, more reliable option to the mix.  


Continue reading "I need a TAP for Total Visibility, what do I need to know? (by Derek Burke)" »

Is your Network Security Slowing you Down? (by Jason Nutt)

Is Network Security Slowing you Down?

Measuring the Latency impact Created by Next Gen Security Solutions

As an IT professional, you are well aware of the challenges posed by network latency. Applications like audio and video delivery, bandwidth sensitive mobile applications, cloud computing and storage services are extremely sensitive to network latency.

What you may not realize, however, is the amount of latency created by your Next Generation Intrusion Prevention Systems (NG-IPS) and Next Generation Firewalls (NG-FW). While they are critical to protecting your network, these security tools and others that perform deep packet inspection can increase latency, significantly impacting your overall application performance.

Recently we worked with a large health care services provider trying to figure out why it was taking so long to send MRI data between locations. This was causing significant frustration for patients, doctors and medical staff. Having been aware of Aukua’s nanosecond precision capture and analysis tools, they asked for our help. The company suspected one of more of their NG-IPS devices was causing the delays, but they did not have a way to confirm this. Since these security tools do not treat all packets the same, they were unable to detect or measure the application latency issue with artificial traffic such as ICMP. And since some applications were being adversely delayed and others were not, they could not rely on the NG-IPS vendor’s generic latency specs for various packet sizes. In addition, compliance rules prohibited them from introducing new traffic into their live network.


Continue reading "Is your Network Security Slowing you Down? (by Jason Nutt)" »

No visibility in the GDPR era, be ready for BIG fines! (by Derek Burke)

No visibility in the GDPR era, be ready for BIG fines!

Legal problem!!! -

As of May 25, 2018 the EU General Data Protection Regulation (GDPR) went into effect.  GDPR requires compliance for any company interacting with persons in the EU and enforces strict standards on data handling and extremely fast responses to breaches of Personally Identifiable Information (PII).  Failing to fulfill these requirements can have dire consequences with fines ranging from a minimum €20.000.000,00 to 4% of a company’s gross annual earnings.  The demands that the GDPR places upon an organization are not only daunting but can seem insurmountable. 

Get Visibility #1

First steps - The first step -  a data flow and dependencies map to identify:

  • Data items (e.g. names, email addresses, records);
  • Formats (e.g. online data entry, database);
  • Transfer and sharing methods of data;
  • Locations where data is stored and needs protection inside and outside;
  • Who is connected to who and who has what information – via the network!

Technical problem #1 - Visibility


Continue reading "No visibility in the GDPR era, be ready for BIG fines! (by Derek Burke)" »