Background

NetCrunch Platform Module

Traffic Flow Analyzer

NetCrunch traffic analyzer processes flow data from various network devices using such popular flow protocols as IPFix, NetFlow, sFlow, jFlow, and others. It supports Cisco NBAR2 and custom application traffic monitoring.

@@img:flows.png

 Download NetCrunch Trial
NetCrunch Modules

NetCrunch Traffic Flow Analyzer is a software-based Flow collector that collects traffic data, correlates it with other network data, and allows monitoring and presentation of the current traffic state.

NetCrunch analyzer supports Cisco protocols such as Netflow, IPFIX, and Cisco NBAR technology for application monitoring.

  • Top Benefits
    1. Monitor network bandwidth & traffic patterns down to the interface level
    2. Identify which users, applications, & protocols are consuming the most bandwidth
    3. Recognize IP addresses of top talkers
    4. Analyzes Cisco® NetFlow, Juniper® J-Flow, IPFIX, sFlow®, Huawei NetStream™ & other flow data
    5. Easy setup in less than an hour

  • Flow Analyzer

    NetCrunch allows you to analyze traffic using various criteria such as

    • Application Groups
    • Applications
    • IP Protocols
    • Servers
    • IP Addresses
    • Atlas Nodes
    • IP Networks
    • Domains

    The traffic can be analyzed for all nodes or any group of nodes defined through Atlas View. NetCrunch can also collect summary performance data for each traffic category.

    @@img:flow-analytics.png NetCrunch Flow Analyzer

  • Node Flow Statistics

    NetCrunch also shows real-time flow statistics for each node. Flows Status shows both summary traffic of the node and trend in the last hour.

    The program allows setting thresholds on various metrics such as the number of packets or bytes being transmitted in the time unit.

    @@img:node-flows.png NetCrunch Node Flow Status

  • Key Features

    1. Flow Server & Analyzer for monitoring traffic, supporting most popular protocols being used (IPFix, NetFlow (v5 & v9), sFlow, JFlow, netStream, cFlow, AppFlow, and rFlow)
    2. Supports Cisco NBAR technology for application monitoring
    3. Allows creating custom application definitions
    4. NetCrunch integrates flow data within its monitoring database (Network Atlas) to measure traffic properly per device instead of per IP address.
    5. NetCrunch can collect and alert on the performance thresholds regarding the specificity of the node's traffic.
    6. Supports multiple flow sources

    @@img:top-talkers.png Top Talkers

  • How it works

    @@img:flow-analyzer.png NetCrunch Flow Analyzer

    1. First, you need to enable the switch or router that supports the flow technology to send data to NetCrunch.

    2. Then, the device sends flow data to the flow collector in specified periods of time (defined in the device settings).

    3. The analyzer processes the data to perform traffic analysis and stores the data for a short time. The user can view traffic data and observe the given traffic metrics.

What is NetFlow?

NetFlow is a protocol developed by Cisco for collecting and recording IP Traffic going to and from a Cisco router or switch equipped with the NetFlow technology.

After Cisco originally developed the protocol, many other manufacturers have implemented their version of the protocol into their products, including

  • Juniper ( “JFlow”),
  • 3Com/HP,
  • Dell and Netgear (SFlow),
  • Citrix (AppFlow),
  • Ericsson (RFlow),
  • Huawei (NetStream),
  • Alcatel-Lucent (which uses CFlow).

What is Cisco NBAR2?

NBAR2 (or Next Generation NBAR) is a re-architecture of NBAR based on the Service Control Engine (SCE) with more advanced classification techniques, accuracy, and many more signatures.

NBAR2 is adopted as a Cisco cross-platform protocol classification mechanism. It supports 1000 + applications and sub-classifications, and Cisco adds/provides new signatures and signatures updates through monthly released protocol packs.

NBAR2 leverages classification techniques from SCE, which allow classification of IPv4, IPv6, and v6 transition techniques. NBAR2 can classify evasive applications like Skype and Tor, as well as business applications like ms-lync, cloud applications such as Office-365, and also mobile applications such as facetime, etc. using advanced classification techniques.
NetCrunch Modules

ADREM SOFTWARE IS A PARTNER OF