4 Replies Latest reply on Apr 3, 2014 1:28 PM by darragh.delaney

    NTA Newbie

    ma_pmchenry

      Hi,

       

      I'm not very experienced with Netflow and not sure of it's capabilities/limits. I know we can see users that are using bandwidth and what app those users are seeing but, what about the details of a large file transfer? Can NTA look into that file transfer and see what is moving? For instance if a user is down loading/uploading a video file, could NTA see that it was a video file?

       

      Thank you.

        • Re: NTA Newbie
          jswan
            • Re: NTA Newbie
              darragh.delaney

              Hi Pat,

              NetFlow data is very much like a phone bill. You see all the calls, how much they cost and a total at the end. However, you see no reference as to what was discussed on the calls and this is like flow data.

               

              To get the level of visibility that you need you need to look inside the packet payloads to extract things like file names and for that you need to deploy deep packet inspection. You can see an example of this in action at this link. You can see the names of files which are moving to and from Windows file shares. Similar reports can be setup for users accessing web resources.

               

              Darragh

              1 of 1 people found this helpful
                • Re: NTA Newbie
                  ma_pmchenry

                  Darragh - I watched the video. The tool looks cool and I think we could use this.

                   

                  First - how is it working? Is it tying into NetFlow or SAM or both?

                   

                  Is this software able to do this kind of packet inspection at chokepoints or just on the server - meaning is LANguardian getting this packet info from the server or the Cisco router interface?

                   

                  Thank you


                    • Re: NTA Newbie
                      darragh.delaney

                      Hi Pat,

                      As you mention it is doing packet inspection at chokepoints. If you have a managed switch then you will have the option of setting up a SPAN or mirror port. Typically people SPAN their Internet gateway, routers, and critical server traffic to a monitor port which the LANGuardian connects to. We are not fans of installing stuff on servers, our philosophy is to leave the servers doing what they are supposed to do and pick up the interesting metadata from network traffic.

                       

                      In the case of our integration the data that is collected remains on the LANGuardian. When you view the data within NPM, SAM or other Orion based products the data is transferred via a REST API call. This makes things efficient, you only display LANGuardian data within Orion when you need it.

                       

                      Darragh