Finding session-related problems using EndaceVision

Original Entry by : Endace

Network monitoring tends to focus heavily on bandwidth, addressing the question, “Do I have the capacity to carry the traffic that my business requires?” Capacity, however, must include session count and lifecycle, which are often overlooked until they become a problem. That’s why EndaceVisionTM 6.0 Network Visibility Software has added two new tools to deal with sessions: TCP Flags view and client/server breakdown.

Continue reading “Finding session-related problems using EndaceVision”

User and device attribution comes to EndaceVision: Empowering network and security incident analysis

Original Entry by : Barry Shaw

We’ve all heard that the application is now the network. This paradigm shift moved us from the simple port-based definition of applications that was prevalent up until the end of the last decade, to the more awkward reality that applications are much more complex and no longer conformed to such a simple scheme. For network operators, understanding the applications on the networks was paramount and Endace responded to this by incorporating deep packet inspection (DPI) technology into its EndaceProbeTM Network Recorders in 2012.

Continue reading “User and device attribution comes to EndaceVision: Empowering network and security incident analysis”

DDoS Attacks on Port 0 – Does it mean what you think it does?

Original Entry by : Tom Jones

Network monitoring best practice includes watching the latest trends not only in your own network, but also in other networks across the Internet. Fortunately, there are some great companies out there tracking what’s happening and issuing periodic reports to keep the rest of us up to speed.

I was very interested to read the recent report from Arbor Networks with the Q2 DDoS (distributed denial of service) attack data collated through their ATLAS Internet monitoring system. The report highlights a 43% increase in attacks from the same period in 2012.

Continue reading “DDoS Attacks on Port 0 – Does it mean what you think it does?”

Endace Packets – Laser Surgery for the Data Center!

Original Entry by : Mike Heumann

Medical procedures today are characterized by precision.  Thirty years ago, most cancer surgeries involved general anesthetic, “opening up” the patient, invasive and radical procedures, extended hospital stays for recovery, and in many cases. significant side effects.  Today, a surgeon can make a small incision, insert a laser probe, and “zap” the tumor, in many cases under no more than a local anesthetic.  The benefits are faster recoveries and little to no side effects.

Today marks the launch of Endace Packets, a protocol analyzer for EndaceProbes, which brings the same level of “laser precision” to the Network Operations (NetOps) and Security Operations (SecOps) process.  Many of you are familiar with Wireshark, the open source network analysis tool.  Wireshark has been the de facto standard for packet analysis in the Ethernet world for nearly a decade, and is used extensively by both NetOps and SecOps personnel.  However, the file sizes of traces produced from 10Gb Ethernet (10GbE) networks is a challenge for Wireshark, as anyone who has used Wireshark on such a trace can attest.  Like surgeries of old, you need to “open up” the patient to find the particular data of interest, which slows issue resolution

Continue reading “Endace Packets – Laser Surgery for the Data Center!”