Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

NetFlow

Owned by Customer Success & Engineering
Last updated: Mar 20, 2023
3 min read

What is NetFlow?

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. By analyzing NetFlow data, you can get a picture of network traffic flow and volume.

NetFlow is a one-way technology, so when the server responds to the initial client request, the process works in reverse and creates a new flow record. Using a NetFlow monitoring solution can allow you to monitor and analyze these flow records more efficiently and effectively for traffic within the network.

The Seceon OTM NetFlow Traffic Analyzer (NTA) is a powerful and affordable NetFlow management solution with comprehensive monitoring tools designed to translate granular detail into easy-to-understand graphs and reports—helping you more clearly identify the largest resource that drains your bandwidth.

Why Use NetFlow? 

NetFlow statistics are useful for several applications. Among the top advantages of using NetFlow are:

  • Network Monitoring: Businesses and users can utilize flow-based analysis techniques with NetFlow to visualize traffic patterns throughout the entire network. With this overarching view of traffic flow, network operations (NetOps) and security operations (SecOps) teams can monitor when and how frequently users access an application in the network. Also, teams can use NetFlow data to monitor and profile a user’s utilization of network and application resources to detect any potential security or policy violations.

  • Network Planning: Team can use NetFlow to track and anticipate network growth. For example, with NetFlow, they can plan upgrades to increase the number of ports, routing devices or higher-bandwidth interfaces needed to meet growing demand.

  • Security Analysis: With NetFlow, security teams can detect changes in network behaviour to identify anomalies indicative of a security breach. The data is also a valuable forensic tool to understand and replay the history of security incidents so security teams can learn from them.

Monitor NetFlow data more efficiently

NetFlow data can provide valuable data about network traffic and utilization. For effective NetFlow monitoring, a device operating as a flow exporter collates data packets into flows and sends flow records to one or more NetFlow collection servers. Then, the collectors store and prepare the data records for analysis, which can reveal the source and destination of a given flow record, congestion sources, and more.

Seceon OTM NTA is built to combine these necessary components of a comprehensive NetFlow monitoring system into a single, easy-to-use tool.

Collect data from NetFlow v5, v9, and IPFIX

There are several data sources NTA can collect network traffic metrics from, including Cisco NetFlow v5 and v9—two of the most commonly used network protocol systems—and NetFlow v10, more commonly known as IPFIX. The fields that can be matched and exported are preset in the NetFlow v5 protocol, and the template-based v9 offers more flexibility in terms of the format. IPFIX provides a standard for how IP network flow data is formatted and transferred when exported to a collector device. With NTA, you can monitor this kind of data—and more—with ease.

Use a deep understanding of network traffic to speed problem resolution

Collecting and analyzing NetFlow data can help you understand which users, applications, and protocols may be consuming the most network bandwidth by tracking processes, protocols, times of day, and traffic routing.

NTA is designed to provide a holistic view of your network traffic, so you can more easily examine traffic patterns and monitor traffic from specific IP addresses, ports, and users to more quickly identify the cause of bottlenecks.

Monitor flow alternatives

In addition to automatically collecting NetFlow data from Cisco vendors, NTA can also monitor alternative flow technologies, including:

  • Juniper (Jflow)

  • 3Com/HP, Dell, and Netgear (s-flow)

  • Huawei (NetStream)

  • Alcatel-Lucent (Cflow)

  • Ericsson (Rflow)

Regardless of the source of the flow data, NTA helps highlight the applications, IP addresses, processes, protocols, and end-users consuming the most bandwidth, giving administrators valuable insights into the behaviour and performance of their networks.

Seceon Inc. All rights reserved. https://www.seceon.com