Cisco Systems NetFlow Analyzer s manual Capturing Other NetFlow Packets, Interface Statistics

Page 3

Capturing Other NetFlow Packets

As mentioned earlier, the NetFlow Analyzer can also capture NetFlow packets that are being sent to other devices, analyze the packets and display the NetFlow statistics. To capture and analyze NetFlow packets, create and enabled an Advanced Filter on the NetFlow Capture Analysis Module. This is done by creating a new filter, setting it from "Simple" to "Advanced". Next, select an Advanced Analysis Module node, and pick the NetFlow Analyzer from the list. When the NetFlow Filter is being used, packets captured by the adapter are not displyaed. Instead, packets representing the statistics from the NetFlow packets are displayed. This can be a little confusing at first since the Packets Received value at the top of the Capture Window will show the number of packets captured, while the Packets Filtered value will show the number of packets from the NetFlow statistics. Without any other filters enabled, the NetFlow Analyzer will capture and analyze all of the NetFlow packets on the port specified by the NetFlow port option. To target specific NetFlow packets simply add other filters.

Interface Statistics

Most routers have multiple interfaces, and NetFlow can report on any and/or all of them. The OmniPeek NetFlow Analyzer displays the interface for each packet in the packet list, and the interface statistics in the Summary Statistics. In turn, the Interface Statistics can be triggered on and graphed. Below are some screenshots of each:

NetFlow Versions

This version of the NetFlow Analyzer supports NetFlow versions 5, 9, and templates 256 and 257. If you are using other versions of NetFlow, and would like us to add support, please send us a trace file of the NetFlow packets.

Beta Notice

This version of the NetFlow Analyzer is a beta. We are excited about this innovative new tool and look forward to your feedback.

Limitations

Ah, but yes, there are limitations. The magic used by the NetFlow Analyzer to display NetFlow statistics in OmniPeek, is to collect the NetFlow data and create fake packets that are inserted into and processed by OmniPeek. For the most part, this works great. Features like Nodes, Protocols, Conversations, and Peer Map, and many of the Summary Statistics are accurate and useful. However, if you are so inclined to look at the packets, you will see that they are a facsimile of the real thing. They are real enough to generate useful statistics, but they are not meant to be analyzed. Because the packets are also generated based on the NetFlow data, the exact timestamp of the real packets is not known, and is generated using an algorithm to separate the timestamps of the packets evenly over the interval represented by each NetFlow record.

Image 3
Contents Installation Configuration as a collectorIntroduction Router Configuration Using the NetFlow AnalyzerMultiple NetFlow Capture Windows Beta Notice Capturing Other NetFlow PacketsInterface Statistics NetFlow VersionsSystem Requirements

NetFlow Analyzer s specifications

Cisco Systems NetFlow Analyzer is a powerful network traffic monitoring and analysis tool that provides organizations with deep insights into their network performance and traffic patterns. Built on Cisco's renowned NetFlow technology, the NetFlow Analyzer is designed to capture, analyze, and display real-time network data, enabling IT teams to make informed decisions to optimize their infrastructure.

One of the main features of Cisco's NetFlow Analyzer is its ability to monitor bandwidth utilization. Administrators can track which applications or users are consuming the most bandwidth, allowing for better resource allocation and management. This is crucial in a landscape where network demands are constantly evolving, and understanding bandwidth usage can help prevent bottlenecks and ensure smoother performance.

The tool employs advanced reporting capabilities, generating detailed reports on various network metrics, including traffic volume, peak usage times, and protocol distribution. These reports can be customized and scheduled for automated delivery, providing stakeholders with timely insights into network performance without manual intervention.

Cisco NetFlow Analyzer also benefits from its integration with various Cisco devices, leveraging proprietary technologies to enhance data collection and processing. This seamless integration allows users to gain a holistic view of their network, as it can correlate NetFlow data with other performance metrics from Cisco routers, switches, and firewalls, thus allowing for a comprehensive analysis of network health.

Another characteristic of the NetFlow Analyzer is its user-friendly interface, which presents complex data in an easily digestible format. Through dashboards and visualizations, IT staff can quickly identify trends and anomalies, making troubleshooting more efficient. The tool supports alerts and notifications, enabling proactive responses to potential issues before they escalate into critical problems.

Security is an essential aspect of today’s networks, and the NetFlow Analyzer aids in threat detection and mitigation. By monitoring network traffic patterns, it can help identify unusual activities that may indicate security breaches or malware infections.

In summary, Cisco Systems NetFlow Analyzer stands out as a robust solution for network traffic analysis, equipped with features such as bandwidth monitoring, advanced reporting, seamless integration with Cisco hardware, an intuitive user interface, and enhanced security capabilities. This comprehensive suite of tools empowers organizations to maintain optimal network performance, ensuring that their infrastructure can meet the demands of modern business operations.