You may have seen that NetFlow Analyzer generates various kinds of report which can be used for Network troubleshooting , more visibility on traffic patterns, trend analysis, etc. In continuation with Data storage pattern blog , we are going to discuss on sub minute visibility available on the NetFlow Analyzer.
These days bandwidth utilization is being monitored very closely by the network admin to make sure that the network resources is properly utilized. This sub minute visibility in NetFlow Analyzer helps network admin to identify the hosts ,application, etc consuming bandwidth for each and every minute thus helping in identifying the cause of even short duration spikes.
NetFlow Analyzer shows the IN and OUT traffic passing through an interface for each minute and each and every transaction will be accounted. As a networker, you may have seen bandwidth choke occurring very randomly and for short time periods. It is to help with such short term troubleshooting that the product has sub minute visibility feature. If you are using NetFlow and NetFlow Analyzer, login to product and check the interface where the traffic passes through. If you see some short term spikes in the graphs occurring very randomly, click on ‘Show Data Points’ to see the traffic details for each and every minute for the selected time period and look out for the minute where the traffic pattern has suddenly changed.
Click on the minute for which you see a change in pattern and there you are ! A conversation report with the list of conversations that happened during that minute showing you the top talker. Check out some of the spikes that has so occurred and you can find out the common culprit.. maybe a host downloading some large file, a FTP by someone to his home PC, or maybe a possible large scale DNS scan (which could possible by a bot).
Based on the report, you can find out which application or host is utilizing the bandwidth and can introduce ACLs or QoS policies to stop or limit access through the interface.
The sub minute visibility report, which is generated when clicking on the data point, is generated from the raw data, As explained in the Data storage pattern blog, raw data consists of each and every flow from the interface, giving port level information and helping in better network troubleshooting.
Interactive Demo | Product overview video | Twitter | Customers
Regards
Praveen Kumar
Pingback: Sub Minute Visibility | netflowanalyzer | Enterprise IT Management …