Main menu


What is a NetFlow Analyzer?

as you know every firewall router switch and most servers can export flow data. every new connection by a host generates a flow which is eventually exported to the flow collector or netflow analyzer in fact once you turn on netflow or IP fix there is a steady stream of flows sent back to the netflow analyzer, the netflow analyzer does two things with this data first it archives the data for future reporting and analysis and secondly depending on the solution you invest in it analyzes the flows for anomalies in an attempt to uncover DOS attacks data exfiltration in other forms of malware.

collecting flow data turns every flow sending device into a type of camera system that streams what is happening in its area of the network back to the DVR or netflow analyzer.

imagine hundreds of thousands of flows being archived every second how would you ever find what you need, most netflow analyzers allow you to quickly find the interface you want to report on simply click on an interface and up pops the desired report.

exceptional netflow analyzers provide rich feature sets in two key areas the first is filtering where you can include and exclude down to exactly what you want to look at the second area is reporting you need lots of reporting options and keep in mind that different vendors provide unique flow exports which require unique reports.

more advanced netflow analysis solutions can provide reports on layer 7 applications that could be running on the same port, they can report on things like transaction, duration around trip times packet loss, retransmitted packets and much more of course all of this depends on whether or not your hardware can include these details in the flow exports which most vendors like Cisco can.

if you would like to learn more about net flow analyzers and how to filter in report your way down to exactly what you want to look at you can take one of our advanced net flow training classes that are offered in most major cities.