Technology: NetFlow Probe

 

NetFlow Probe is a device that monitors network traffic, generates statistics about the traffic in the form of IP flows and exports the statistics for storage and further analysis to NetFlow Collector or other collector application compatible with NetFlow/IPFIX standard.

IP flows created by NetFlow Probes contain information about who communicated with whom, how long, using what protocol, how much data was transferred and a variety of other information from packet headers (TCP flags, ToS, AS). NetFlow Probes support export of data in a fixed format NetFlow version 5 or flexible formats NetFlow Version 9 and IPFIX, which enable direct selection of monitored and exported information.

NetFlow Probes allow monitoring higher layer items (L5 - L7) such as HTTP information (URL, hostname), VoIP statistics (latency, jitter, packet loss) or directly performs application detection (support of NBAR2 standard). This enables the probe to bring not just simple overview about the amount of network traffic, but detailed information about what is happening in the computer network suitable for solving network problems (troubleshooting), analysis of network performance (performance monitoring), management and optimization of the network and to increase network security.

 

product-schema-probes.png

» An example of NetFlow probe is virtual solution Flowmon VA Probe.

 

NetFlow Probes are usually available as a physical or virtual appliances. This makes them suitable for monitoring physical as well as virtual networks within the virtual environment. NetFlow Probes contain a management port used for administration and access to the web interface of the appliance and one to six monitoring ports that are used for connection to the points where monitoring is required. Probes are connected to network completely passively using SPAN/ mirror/monitoring port of active device (router, switch, vSwitch) or TAP (passive hub/splitter). This makes them undetectable and with no influence on the monitored line.