Flow analysis is very important in IT operation; however, traffic collection and analyzing can make CPU utilization of routers and switches too high.
Packet sampling misses some traffic and thus may cause the analysis result different from the reality.
If you worry about these problems, N-Probe is the best solution for Flow analysis!
Advantages of N-Probe
Provides 1Gbps, 10Gbps, and 40Gbps mirror traffic interface; transfers traffic into 1:1 NetFlow and then outputs.
Can be deployed with simple steps and will barely impact on the devices it connects with.
Hardware and software version for users’ different needs.
Easier Flow analysis.
Common traffic collection
Traffic collection by N-Probe
Flow collection method
Routers or switches send NetFlow or sFlow.
Does packet sampling.
Uses mirror port supported by switches to send mirrored traffic to N-Probe.
Pros and cons
Some switches cannot send NetFlow nor sFlow.
Routers and switches have high CPU utilization because of it.
Some traffic is not recorded; the analysis result may be different from the reality.
Most switches support mirror port.
N-Probe transfers traffic data into 1:1 NetFlow with mirror port and sends it to Flow analysis system for analyzing, making management easier.
Added-value Function-- Built-in DNS Layer 7 Exploring
N-Probe’s added value function includes built-in DNS layer 7 exploring function, which can send NX Domain message from DNS server to N-Cloud/N-Reporter as Syslog data, and N-Cloud/N-Reporter will make NX Domain list dynamically. N-Cloud/N-Reporter can automatically write the list in security devices of some brands for collaborative defense (the brands and models that can do collaborative defense are keeping upgrading; please contact N-Partner for more details). The devices will filter NX Domain query, so the DNS server will not be influenced by enormous NX Domain query attack.