Worm Detection Using Cisco NBAR

0

Recently I came across a interesting article about NBAR, that is it can classify Worms on the network. In most of the case, worms spread in to the network through email attachment or infected web browser.

Email attachment can be filtered setting appropriate rules on the SMTP server (Mail Server), But the worms spread also through Web browser. This we can be filtered based on NBAR classification.

What is NBAR?

Network Based Application Recognition, a classification engine in Cisco IOS, has the ability to detect a wide variety of applications via deep packet inspection using PDLMs (Packet Description Language Module – The PDLMs contain the rules used by NBAR to recognize an application.).

NBAR is a more of an …

Policing Live video traffic and monitoring using NetFlow Analyzer

0

I hope everyone who had attended our joint webinar with Cisco about QoS Design and validation, would have got a better idea on how to design a network with effective QoS policing. For those who missed the Webinar, you can find the video presentation here.

In continuation to our Webinar, this blogs helps you in setting up QoS policies for Live Video Traffic and monitor them using NetFlow Analyzer.

On a network the Video traffic spread in three format:

  1. Video Conferencing

  2. Video On Demand

  3. Video Broadcast

Video traffic has very high and extremely variable packets rate with a much higher average maximum transmission unit (MTU) when comparing to Voice.

QoS Treatment:-

For classifying the Video traffic to appropriat…

Understanding IP Precedence, TOS & DSCP

1

People using NetFlow Analyzer wonder, what these reports DSCP, TOS actually means ? Here is the blog which explain more detail about these fields.

The NetFlow packets exported from the device originally contains ToS value on each flow. From the ToS value, the analyzing software derives the DSCP.

Type of Service (TOS):-

The Type of Service field is present in IP Header and it was originally defined in RFC 791.

The Type of Service octet consists of three fields. The last 3 bits ( 7,6,5) are for the first field, labeled “Precedence” , intended to denote the importance or priority of the datagram. The second field, labeled “TOS” , denotes how the network should make tradeoffs between thro…

Better QoS policies: Better Cost savings

0

Cost-effectiveness is the common term that we are hearing or seeing nowadays and this exists in all forms on the globe, In this tough economic situation the motive of Network Administrator should be optimizing the current infrastructure for future accommodation.

Optimization plays a major role when it comes to distributed network architecture or MPLS network. Most of the complaints from users at each location , Application usage is very slow at business hours, Ofcourse the possible reason might be due to other unwanted traffic consuming large amount of bandwidth over the business critical application.

We will have scenario based explanation to elaborate this problem of Network Administrator:

Scenar

ManageEngine NetFlow Analyzer at Cisco LIVE 2012, London

0

Cisco has proved time and again, that it leads the market in both thought and action. Cisco LIVE, that started off as a networkers conference way back in 1989, has come a long way for more than 2 decades, as the biggest networking event in the world. It is one of the most sought after shows in the networking industry.

The 2012 edition of Cisco LIVE, scheduled to start Jan 30, 2012 at London, features some key players in the networking business. With budget cuts & optimization of resources being the buzzwords, businesses are vying to adopt the latest products to boost their network performance & hence boost productivity.


NetFlow Analyzer from ManageEngine, is a product that supports a whole lot of technolo

Effective Voice Traffic Analysis using NetFlow Analyzer

0

Voice traffic has spread its presence everywhere right from SMBs to large enterprises. Communication happens through VoIP at different levels right from customer support to teleconferencing to internal communication etc. VoIP has a major role in ensuring business continuity & it thus becomes a critical application that requires constant monitoring & control.

NetFlow Analyzer makes monitoring VoIP traffic and analyzing VoIP Link capability very easy.

There are two things that we need to analyze while monitoring VoIP traffic on a network:

  • Performance of Link (Traditional IP SLA technology). 
  • Monitoring QoS Policies for VoIP.

Performance of Link (C

NBAR and HTTP Traffic Classification

1

When I was thinking of next blog, I got an idea to do a deeper study on NBAR traffic classification and share some valuables over here. In this blog, I am going to concentrate on some Advanced section of NBAR classifications.

NBAR (Network Based Application Recognization):

NBAR is a Cisco technology, is an intelligent classification engine in Cisco IOS Software that can recognize web based applications and client/server applications by doing a deep packet inspection. Classification of traffic by NBAR is done by doing a deep packet inspection for each packet as defined in the PDLM for the application (PDLMs contain the rules used by NBAR to recognize an application and is defined by Cisco) and not on the port in…

Prioritizing VOIP traffic in your Network

2

When there are no QOS polices applied on a network, there is equal priority for all traffic passing through the network. This is when congestion occur. Configuring QOS helps select a specific traffic to be prioritized, which makes this traffic to be delivered on time and thus improving the performance.

In this blog we can see how we can mark the VOIP traffic with a DSCP value and send this traffic through the network with priority. We have taken two ways of Prioritizing.

1) Prioritizing using ACL:

Create your access list according to your network, based on the VOIP traffic. For eg: If the VOIP traffic will be from a particular Ip address or IP range. Create an Access group with the concerned IP address or the IP range. …

Class Based Weighted Fair Queuing for better Traffic Management

0

Everyone would have seen me writing lot of NetFlow and NetFlow Analyzer related blogs, this time I thought of sharing few concepts about effective traffic shaping and bandwidth management. This topic is about Class Based Weighted Fair Queuing for effective traffic shaping and bandwidth management on a busy network  or congested network.

To understand Class Based Weighted fair queuing , we should have some knowledge on WFQ (Weighted Fair Queuing).

What is WFQ ?

Flow :-

A flow is defined as stream of packet with unique Source IP , Destination IP, Input Interface , Port , Protocol etc .

WFQ is a flow based queuing Algorithm, which is commonly used in Quality of Service for e…

Traffic Prioritizing and Bandwidth Allocation using Custom Protocol in Cisco NBAR

0
We are into the final discussion about traffic prioritizing using Cisco NBAR. Before you start reading, I suggest going through this short blog on how to create custom application and protocols for Cisco NBAR. So, some things which we now know NBAR can do are:

 i. Identifying applications which uses dynamic ports for connectivity.
ii. Identifying rogue or unwanted applications traversing the network using well known port numbers.
iii. Doing Layer 7 analysis for application identification.
iv. Creating custom protocol identification with extensive custom options which includes string search into payloads

A large percentage of us would term the above as a “Good Enough” list. For the