Monitor Audio Streaming with NetFlow
A while ago I was looking at one of our internet connections, I was running our different NetFlow reports against our Enterasys switch when I noticed a domain ‘last.fm’ sending a steady stream of traffic into our company. Just from the domain name I knew right away that it was streaming audio. I wasn’t crushing our internet connection, but I became curious about who was doing all the listening.
Network Acceptable Use Policy: Legal Rights
The network acceptable use policy is an issue that has been discussed in just about every HR department. It’s a serious subject that must be dealt with as ignoring the issue can lead to internet abuse.
Being a NetFlow and IPFIX reporting company, we have plenty of customers addressing this issue almost on a daily basis. Some of the network acceptable use policy questions that come up include:
- What should this document contain?
- What warnings should be given out?
- Who should perform the monitoring?
- How will the traffic be monitored?
As many network administrators have learned, blocking sites often doesn’t work due to anonymous proxy sites and certain individuals (i.e. upper management) who request access to blocked sites. This blog will give you some great ideas that you can use to update your existing policy. Read more
DSCP or ToS in Flexible NetFlow Configurations
Filed under: environmental monitoring, General, IPFIX, nBox, NetFlow, NetFlow probes
Do you want to export ToS or DSCP in your Flexible NetFlow export? This is an interesting question and I’ll do my best to answer it. The NetFlow RFC 3954 makes reference to ToS as the 5th field and makes NO reference to DSCP. The IPFIX standard information elements outlined in RFC 5102 lists both ToS (5) and ipDiffServCodePoint (195). Why duplicate efforts, aren’t they the same thing? NO!
Why have Both?
ToS is an 8 bit field that includes DSCP which is a 6 bit field. This being said, I could not find a Flexible NetFlow document that would make reference to both however, I know Cisco sometimes supports both in the same export.
Be aware that Cisco NetFlow v5 and traditional NetFlow v9 only export ToS. I’m sure you are aware that FnF is an extension of NetFlow v9 and supports both ToS and / or DSCP depending on the implementation.
* Cisco NBAR (requires FnF) for example, it will export both ToS = ipClassOfService (5) and DSCP ipDiffServCodePoint (195). See below.
- Cisco nBar Exports ToS & DSCP
Fast Packet Manipulation on Linux Servers
ntop, with the help of Silicom, just released a new version of PF_RING for the nBox NetFlow and IPFIX probe. If you are running a nProbe to generate network traffic you can now support more flows. This means flows at wire-speeds at any size with very little CPU cycle usage with incredible flexibility. Through the help of a 10Gbit ethernet card you can now do much more with your nBox.
Benjamin Moore
Follow me on Twitter
iCloud Traffic Monitoring
Without management, Apple iCloud free storage offering (up to 5GB) could place a significant load on some networks. You can bet that many iPhone competitors will follow suit, resulting in even more Internet traffic. What impact will all of this backup and file syncing have on the local network?
It probably depends on the network. Colleges and universities, for example, will likely be one of the areas where iCloud traffic will show up the most in network traffic monitoring practices. Although I’m not familiar yet with the transport layer port(s) that this technology will use, I’m sure we will be monitoring iCloud traffic with NetFlow or IPFIX by running reports on top domains. With our NetFlow traffic analyzer we can set global thresholds on individual iCloud data streams and trigger events for hosts transmitting excessive traffic to iCloud.com. We can then throttle iCloud traffic.
HTTPS Details with NetFlow
Good news for those of you who use NetFlow or IPFIX to gain insight when performing network traffic monitoring. The nProbe now performs HTTPS decoding on secure connections. Below is an example of an HTTPS exported flow. Read more
Follow me on Twitter
Latency Measuring with nBox and NetFlow
While Cisco’s NetFlow technology can be extremely helpful in identifying top talkers and applications on the network, it can sometimes lack the fine details often found in a standard packet capture. For instance, let’s take a look at application responsiveness. To determine why an application is slow to respond we often look to the amount of traffic on the link, as well as the latency of the transaction itself. Was there congestion in the pipe? Was the end-system slow to respond? Was the application itself responsible for the sluggishness? These are certainly all possibilities.
Luckily for the rest of us, the NetFlow data that gets exported from the nBox is a little bit different. In addition to what NetFlow normally provides in network traffic details, nBox exports include email addresses, HTTP URLs, Latency, VoIP Jitter and more. There is one caveat; at this time, Scrutinizer NetFlow & sFlow Analyzer is the only NetFlow reporting tool that can properly display these extra data fields. So you will want to make sure to look into Plixer’s product offering to take advantage of these advanced features.
VoIP NetFlow Monitoring Software
Are you looking for VoIP monitoring software using NetFlow? Many people wouldn’t consider a Cisco NetFlow analyzer for troubleshooting voice or video traffic; however, this is changing. Cisco, SonicWALL and nProbe are all providing details that allow for VoIP NetFlow Monitoring.
VoIP Details include:
- SSRC
- Codec
- Jitter
- Packet Loss
- Caller ID
- Details on both RTP and SIP
Below are a few screen shots of these new reports, which are based on the nProbe’s IPFIX exports. IPFIX is the proposed standard for NetFlow.
IPFIX specification passed by nProbe software
Just last week, DEMONS, a European project designed for addressing the largest obstacles of “cooperative network monitoring,” held a successful IPFIX Interoperability Event in Prague. It was at this event that the nProbe software, available here at Ravica.com, was certified as compliant with the IPFIX verification testing.
nProbe and nBox IPFIX Reporting
Looking for more resources to help you get the most out of your new nBox NetFlow probe? Watch the video below to see Scrutinizer NetFlow and sFlow Analyzer Product Manager, Mike Patterson, explain how to report on IPFIX data exported from the nProbe and nBox to get application and server latency, URL information and more!
Once you’ve completed the video, make sure to visit our friends at Plixer to learn more about configuring the Windows nProbe to send NetFlow.
Jon Mills
Follow Me on Twitter