Re: Netflow Analyzer

Your "netflow analyzer" is also known as a "collector". Your devices (cisco,
hp, juniper, h3c) can all export data (netflow, netstream, sflow, jflow) to
a collector, and then you can archive that data and do reports /
investigations later. If the "network is slow" currently, 24 hour retention
is fine.

If you're out of town, taking a CCIE bootcamp, and you get back on Monday,
someone says, Last tuesday after lunch "the internet was slow" you can dig
that up, see who was downloading/ uploading, where to/from, for how long,
etc.

If you find a host with malware installed, communicating with a botnet C&C
point at ip 5.5.5.5, and wonder, hrmm, who else has communicated with
5.5.5.5 you could query that database and see who / when this has happened
in the past (since you began logging). So, retention is cool as you can
see. But if you're OK with a past 24 hour view, it's free.

For instance, using the 24 hour view, I could see that in the past 24 hours,
about 40% of my traffic is IPv6. (on a 35mbps up/don link) Come to find out,
Utorrent negotiates with IPv6 addresses as well, so I've been pushing that
through my tunnel broker (doh!).

Hope that helps,
Ryan

-----Original Message-----
From: Iam Here
Sent: Monday, September 26, 2011 2:09 PM
To: ryan_at_westchasetech.com ; mdshoeb_at_gmail.com
Cc: bhmccie_at_gmail.com ; ccielab_at_groupstudy.com
Subject: RE: Netflow Analyzer

What do you mean by
Free if you're OK with only have 24 hours of data
logged

Thanks for your support

> From: ryan_at_westchasetech.com
> To: mdshoeb_at_gmail.com; go_soon2010_at_hotmail.com
> CC: bhmccie_at_gmail.com; ccielab_at_groupstudy.com
> Subject: Re: Netflow Analyzer
> Date: Mon, 26 Sep 2011 13:49:50 -0400
>
> I'm loving scrutinizer. Free if you're OK with only have 24 hours of data
> logged. If you want more (very useful) you'll have to pay. They are still
> very reasonable.
>
> Lancope is pretty epic as well, give them a look. Bit more intelligence,
> depends what your needs are.
>
>
> -----Original Message-----
> From: Shoeb Ahmed Mohammed
> Sent: Monday, September 26, 2011 1:35 PM
> To: Iam Here
> Cc: bhmccie_at_gmail.com ; ccielab_at_groupstudy.com
> Subject: Re: Netflow Analyzer
>
> Netflow Analyzer of Manage engine.
>
> On Mon, Sep 26, 2011 at 8:02 PM, Iam Here <go_soon2010_at_hotmail.com> wrote:
>
> > What is the best NetFlow Anlayzer in the market ?
> > Is there any open source product ?
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Best Regards,
>
> Mohammed Shoeb Ahmed
>
> Sr. Consultant,
> CCIE 18379
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 26 2011 - 14:53:58 ART