• 

  Common traffic collection

• 

  Traffic collection by N-Probe

Flow collection method

• Routers or switches send NetFlow or sFlow.

  Does packet sampling.

• Uses mirror port supported by switches to send mirrored traffic to N-Probe.

Pros and cons

• Some switches cannot send NetFlow nor sFlow.

  Routers and switches have high CPU utilization because of it.

  Some traffic is not recorded; the analysis result may be different from the reality.

• Most switches support mirror port.

  N-Probe transfers traffic data into 1:1 NetFlow with mirror port and sends it to Flow analysis system for analyzing, making management easier.

Added-value Function-- Built-in DNS Layer 7 Exploring

N-Probe’s added value function includes built-in DNS layer 7 exploring function, which can send NX Domain message from DNS server to N-Cloud/N-Reporter as Syslog data, and N-Cloud/N-Reporter will make NX Domain list dynamically. N-Cloud/N-Reporter can automatically write the list in security devices of some brands for collaborative defense (the brands and models that can do collaborative defense are keeping upgrading; please contact N-Partner for more details). The devices will filter NX Domain query, so the DNS server will not be influenced by enormous NX Domain query attack.