Recommendations of NetFlow analyzer

I'm trying to clean up the access lists in an ASA firewall. Due to the amount of traffic that's fine, I had trouble getting a list of traffic that moves in fact however the ASA.

I was watching the new ASA Netflow feature and it seems that it would be a great help.

Does anyone have any experience with with the ASA Netflow analyzers? A perfect solution would allow me to export a summary of all traffic not established.

In no way am I selling a 3rd party product here. I have the experience that the Solarwinds Orion past and Scrutinizer from Plixer worked well for what you want to do for a lot of people.

Here's the wiki that explains it https://supportforums.cisco.com/docs/DOC-6113

I hope it helps.

PK

Tags: Cisco Security

Similar Questions

  • analyze netflow record

    -Because the interfaces of remote sensing on managed devices don't usually have IP addresses,

    the system does not support the direct collection of the NetFlow records. How to make router export o/p-folder in managed device detection interface?

    -When using nmap scanning active and personalized using fingerprints?

    The Netflow feature will be record production that are inspected and analyzed as they pass a sensor - to it. Then the normal installer uses the platform Netflow analyzer as the export destination of streams on the Netflow source device. As long as there is a sensor in the path, that he will analyze the data based on the policy of the discovery of the network as follows below.

    You must add it to your policy of network discovery and then re-apply policy before it takes effect.

  • Enabling NetFlow on Virtual Switch

    I followed the steps of http://www.vmware.com/pdf/vi3_35_25_netflow.pdf, to

    activate the Netlfow on the virtual switches.

    To collect this information, I use the Netflow Analyzer 7 (NFA7).

    The NFA7 began to collect traffic information. But I did not

    know which interface is that, because the names of the interfaces are generic Ifindex1-ifindex6.

    I know not why I see 6 interfaces. I already configure the SNMP protocol

    Community in the NFA7 with these settings NFA7 usually recognize the name of

    for the router and switching devices and interfaces. I have the default MIB

    for SNMP.

    Someone has this installation works?

    Best account.

    Hello

    It is a well known problem with the exporter of Netflow 3.5. The problem lies in the design of ESX vSwitches who do not have true/static virtual port identifiers. The exporter so use the portIDs of the ports concerned, but unfortunately these values cannot be easily mapped to the specific user to the virtual port.

    This is the main reason that the functionality is more experimental - we has not found a way to design it at the level of standards of VMware due to limitations of the Protocol.

    I'd be happy to take any feedback on how to improve it.

  • Phantom Lady: pop photo and then disappear

    Hi all
    A friend's computer is infected with the image (full screen) a woman "ghost". That picture pop up, stay for 2 seconds and then disappear. Quite scary when you work on a document. I did a scan with Kaspersky online, but it didn't find it. If anyone knows what this could be. Thank you.

    Hello

    I'm not 100% sure but I think it has something to do with Internet explorer. It is possible that some dangerous pages is listed as start page and every time happen this pop-up window.

    If you remove options Internet explorer, which will probably help not at all because there are probably some entries in the registry. I recommend you to analyze the HARD disk and the malware research. Also check if you can find any application for scanning of rootkits.

    Delete also all temporary Internet files. You are using another browser, like Firefox?

  • X 1 operation of slow carbon

    My X 1 carbon started running super slow since last week. The C: drive shows that I always 49.2 GB of free space to use. So I think that the problem is not the size of the space. I wonder if there is a way to delete something in my computer and run as fast as before. Thank you very much!

    We recommend first to analyze your system using your security software (if you did not already) to see if it is infected with any kind of malware, virus, Trojan etc. In addition, you can also use Malwarebytes Anti-Malware to detect and remove malware (if any) in your system. To download Malwarebytes, you can consult the following link:
    https://www.Malwarebytes.org/

    If any type of infection is detected on your system, you can remove the infected files using the procedure recommended by your security software removal.

    If your computer responds always slowly, you can do a "Disk Cleanup" on your computer. To know how, you can visit Microsoft support at the following address:
    (Important: before you start with the instructions, select your Windows in the drop-down on the upper right of the page).
    http://Windows.Microsoft.com/en-in/Windows/delete-files-using-disk-cleanup#delete-files-using-disk-c...

    If perform disk cleanup too does not solve your problem, you can perform a "Check Disk". Sometimes, errors in the hard drive can also lead to reduce the performance of a computer. To find out how the disk check, see the following Microsoft support pages:
    For Windows Vista:
    http://Windows.Microsoft.com/en-in/Windows-Vista/check-your-hard-disk-for-errors
    For Windows 7:
    http://support.Microsoft.com/kb/2641432
    For Windows 8:
    Refer to "to repair a disc' section on the support page of Microsoft at the following address:
    http://Windows.Microsoft.com/en-in/Windows-8/improve-performance-optimizing-hard-drive

    If none of the steps above don't solve your problem, you can try to roll back the recently installed Windows updates (if any) in your system. That your computer has begun to slowly meet for a week, we recommend that you restore all the updates which you can have just as the computer slowed around a week back. To know how, you can consult the following links:
    For Windows Vista and Windows 7:
    (Important: before you start with the instructions, select your Windows in the drop-down on the upper right of the page).
    http://Windows.Microsoft.com/en-in/Windows/remove-update#1TC=Windows-7

    For Windows 8:
    (Important: here are third-party websites.) We recommend that you update your security software carefully before clicking on these links. Also, avoid open links if your security software or windows pop up a warning in what concerns these links).
    http://Windows.mercenie.com/Windows-8/How-to-install-and-uninstall-updates-in-Windows-8/
    http://News.Softpedia.com/news/how-to-uninstall-Windows-8-1-update-436761.shtml

    Hope this will solve your problem.

  • Windows (xp) can't find csrss.exe,

    When I start my computer I find a message that windows (xp) cannot find csrss.exe, what can I do to fix this?

    Although the csrss process is a legitimate windows file, malware can often assume the name of legitimate files in an attempt to deceive the user. I recommend that you analyze firstly your computer with Malwarebytes which can be downloaded from the link below. Make sure that update you it before analysis. You can choose to run a quick scan.

    Malwarebytes.org

  • GETVPN and nbar

    Hello community,

    We run GETVPN on our branches and the need arose to find out how traffic works from branch to main site. So, I thought activation nbar and use manage engine Netflow Analyzer to graphically represent the traffic. My problem is that the router receives never managed by netflow analyzer and on the main site, I get a message:

    % CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd package not an IPSEC packet. (ip) vrf/adr_dest = 10.130.21.62, src_addr = 192.168.1.250, prot = 17

    (where 10.130.21.62 my netflow analyzer and 192.168.1.250 looping of routers).

    I use "ip source stream import Loopback0" export traffic to.

    So my question is:

    Traffic is from the router itself not encrypted? -What is causing my problem?

    I'll also try to see what happens if I change the source of import-export flows to a physical interface...

    No indication of how to solve this problem will be highly appreciated.

    Thanks in advance,

    Katerina

    Hello

    Yes, you must have a CCO login in order to use the bug toolkit, but here is the description of bug:

    CSCsk25481 Details of bug
    Flexible Netflow export unencrypted packets

    None
    Symptoms:

    IOS does not encrypt the NetFlow export packages coming from the router itself. This is day 0
    features like features are not applied to the NetFlow export packages, and has never been.

    The solution to this does not solve the above to the old code of netflow-Cisco switch, but rather
    offers the possibility to encrypt outgoing packets to the new flexible netflow NetFlow export
    product.

    Conditions:

    NetFlow or Flexible NetFlow must be configured to export the data for the problem to be seen.

    Workaround:

    There is no work around

    You don't need really 15.0 code to make this work, do anything later than 12.4 (20) T. What you need is the command 'exit-functions' under the configuration of the flow of exporter. Could you give it a try and let us know if that helps?

    Thank you

    Wen

  • What scanning Security Audit software do you use?

    I am researching APEX security audit tools. I knew Enkitec eSert but looks like it is not available any longer. I also found ApexSec but few things. I searched here as well but see no real list of recommended tools to analyze your application / security vulnerabilities, so I ask myself the question in the case: that you use to perform security /vulnerability audits of your APEX Applications? Looking for idea is looking more far. Any input would be appreciated.

    Hello

    There are several tools that can help you (sorry if I missed it)

    ApexSec online is free - ApexSec Online

    The Adviser of the APEX - contains a few security checks

    The QA - QA - region-Plugin plugin

    The packaged integrated application "Application standards Tracker.

    eSERT - as you say, this seems to have been abandoned, links to the cloud version no longer works.

    Also advise and the ApexSec, the other two are a framework where you can insert your own SQL to query the metadata of the APEX for security issues. But you will need to provide the queries. Some controls are not difficult, such as the verification of all pages have session state protection, other controls are extremely difficult.

    I could tell several great things on ApexSec but I'm extremely biased so you should just try and draw your own conclusions.

    Hope this helps

  • CS4 - installation error

    I tried to download CS4 on my laptop and get:

    "Setup error - Setup has encountered an error and cannot continue." Contact Adobe customer support for assistance. »

    I found only that the forums are available for assistance, but could not find something that helps. I was wondering if anyone has any advice.

    Processor: 2.6 GHz

    RAM: 4.00 GB

    System type: 64-bit

    Thank you!

    Hi Kimh92165871,

    Kindly try to download and install CS 4 products from the link below and see if that solves the problem: Download Adobe Creative Suite 4 products

    Follow this procedure if it fails again below:

    Solution 1:

    1 use the cleanup tool to remove all associated with your machine CS 4: use of the Adobe Creative Cloud cleaning tool to solve installation problems

    2 remove the "Caps" folder to the location:

    WIN 64 Bit: program files x86\Common Files\Adobe\caps\caps.db

    WIN 32 bit: Program Files Files\Adobe\caps\caps.db

    3. after that, install the downloaded file.

    Solution 2:

    1. create new admin account.

    2 - install from this account.

    3 - Once installed, you are free to delete the account and all the files in the new account.

    If it still gives you an error, I recommend you to analyze the installation log file to know the root cause of the error, see:

    Troubleshoot installation with log files in Adobe Creative Suite (CS5, CS5.5 CS6), PS Elements and Premiere Elements

    How to examine the Installation log files?

    Let us know if this helps solve the problem, waiting for your response.

  • ESXi 5.5: Enhanced Capture packets at the host level

    Can someone explain how to use this new feature?

    Capture packets of improved host-level

    Network troubleshooting requires various sets of tools. In the environment vSphere VDS

    offers standard of monitoring and troubleshooting tools, including NetFlow, Analyzer SPAN (Switched Port).

    Remote Switched Port Analyzer (RSPAN) and encapsulated remote Switched Port Analyzer (ERSPAN). In the present

    release, an improved host-level packet capture tool is introduced. Packet capture tool is equivalent to the

    tcpdump command line tool available on the Linux platform.

    Here are some of the key features of the packet capture tool:

    • Available as part of the vSphere platform and can be accessed through the vSphere host command prompt

    • Can capture traffic on VSS and VDS

    • Captures packets at the following levels

    -Uplink

    -Virtual switch port

    -- vNIC

    • Can capture packets ignored

    • Can follow the path of a packet with details of time stamp

    Cannot find documentation for this tool and tcpdump-uw is exactly the same as in 5.1.

    The new command is run on the host computer and is called pktcap-uw, I just finished writing a blog post about it here

  • Collect statistics on the table with indexes of text only?

    I gathered statistics for a table that contains a text index
    EXEC DBMS_STATS. GATHER_TABLE_STATS (USER, 'CONADDR', estimate_percent = > 10, block_sample = > TRUE, cascade = > TRUE);

    There are a lot of tables/indexes not monitored (e.g. DR$ TI_CONADDR$ I). Do I have to analyse the tables there, too? The Guide Tuning Oracle text mentions just to analyze the table of "base".

    Oracle DB version is 10.2.0.4.
    select table_name, last_analyzed, num_rows from dba_tables where table_name like '%CONADDR%';
CONADDR     11.08.2010 10:29:37     17944660
DR$TI_CONADDR$I          
DR$TI_CONADDR$R          
DR$TI_CONADDR$K          
DR$TI_CONADDR$N          

select index_name, table_name, last_analyzed, num_rows from dba_indexes where table_name like '%CONADDR%';
SYS_IL0003730268C00004$$     CONADDR          
IDX_CONADDR                     CONADDR     11.08.2010 10:29:46     17106050
SYS_IL0003731165C00006$$     DR$TI_CONADDR$I          
SYS_IOT_TOP_3731168             DR$TI_CONADDR$K          
SYS_IL0003731170C00002$$     DR$TI_CONADDR$R          
SYS_IOT_TOP_3731173             DR$TI_CONADDR$N          
DR$TI_CONADDR$X                     DR$TI_CONADDR$I     11.08.2010 10:05:05     67585029
TI_CONADDR                     CONADDR     11.08.2010 10:29:46     

    DR$ table do NOT need to be analysed - and should not be.

    As "secondary objects", they will not be analyzed by orders based on patterns, and it is strongly recommended to not analyze manually. All commands that access these tables are set correctly without the input of the optimizer.

  • Recommendation for size VMDK for IO Analyzer test vsan

    Hello

    Is there a size Analyzer IO Vmware VMDK recommendation? When deploy you from the model of the test is performed on the second disc of 100 MB. I saw a few recommendations to remove this second disc and add a great new.

    Analyzer 01-100MB on disk, I get 12000 IOPS / s, 45 Mbit/s on a random test of 4k_70% read_80%.

    Analyzer 02-100 GB drive, I have 1300 iops, 5 Mbps on a random test of 4k_70% read_80%.

    Caching is disabled on all drives and controllers (HP P420i). 3 x HP DL380 (200SSD, 5 x 900 10kSAS).

    I'm surprised the difference that both drives should reach the 200 GB ssd. Or analyzers from writing to disks are formatted with any FS. Obviously, the second machine with the largest disk not reading so that lower iops cache hits is but I don't know why, as are big enough SSDS.

    Thank you

    Remember, VSAN is all about having your work in cache, so that most of the readings reached the level of flash cache.

    It seems that monitor 1 with 100MB is mainly in the cache, while 2 parser is not.

    We are working on a guideline that the working set of an application is usually 10% of its capacity. It is sometimes more, sometimes less is, but 10% is a generally accepted rule.

    I don't know how the Analyzer has been configured, but it is the workload it contains repeated data profiles, while some cached data can be read?

    If this is not the case, this may mean that you are simply fill the SSD write buffer, it disabling the disk rotation when it reaches a particular threshold, then fill again. This means that you are bound by disk magnetic performance and get very little by way of benefit from caching layer of VSAN.

    Things to look at:

    1. is Analyzer using 100 GB just like its working set, and cela will reflect your production workloads? If this isn't the case, reduced to a size that is the reflection of a real production working together? If most of your VMS use 100 GB VMDK, consider a set of 10 GB size work.

    2 Analyzer uses patterns to repeat? If not, configure it to do this, or use another tool of reference that makes.

    HTH

    Cormac

  • Zone alarm signals the new version (7.0.1) of Firefox as malicious and recommend that I do not run it

    When I download the version 7.0.1 my firewall software reports as "Malicious" and recommend that I have not install it. What gives?

    • Make sure you download firefox from www.mozilla.org (there is a fake site floating around)
    • If the Zone Alarm still complains, he is very probably protect you from a 'new' file. Security systems for this often for you to protect against "Zero-day vulnerabilities", or programs that have not yet been analyzed by the security company.

  • HP ENVY 700-330qe CTO desktop: HP has encountered an error when trying to analyze your product

    When I connect to HP support, correctly identifies my PC (HP Envy 700-330qe CTO Desktop), but trying to find the recommendations of the exceptional software, I get a message "HP has encountered an error when trying to analyze your product".

    It was working before and I used it to identify and install a number of revisions of software in circulation.

    Subsequently, he developed the above error. Is this just an artifact because I have all of the pending software elements recommended to install?

    Hi there @Scotsman101,

    Welcome to the Forums of HP Support! It's a good place to find the help you need, other users, the HP experts and other members of the support staff. I understand that you are having problems with a sweep to get recommendations for the software HP Support site. I'm happy to help you with this.

    It is possible that it was a small problem because there are updates on the forums and other parts of the website last week. It still happens?

    An alternative to this method is the HP Support Assistant, which includes several other tools. Please see the following pages where you can find the software and instructions on how to use it.

    HP Support Assistant
    HP computers - using HP Support Assistant (Windows 10, 8, 7)
    HP PC - troubleshooting HP Support Assistant (Windows, 10, 8)

    Please let me know how it works for you and if it does not solve your problem, please mark this message as a solution. Bravo would be appreciated as well.

  • Local property node on the VI Analyzer VS variable

    Hi I'm preparing my review of CLD. I had this problem...

    I learned that there are two methods to update the icon on front panel using the value of the variable local node and property

    It is not a good method to update an indicator using these, but if we want to update a control, then there is no choice...

    CLD NOR recommend using the property instead of the local variable node, but when I run my code on the VI Analyzer he created an event

    believing that it is better to use a local variable for good performance...

    ???????

    Yes, the text is correct. Property nodes are useful to access things like visibility and string [] in the control of the ring, but for the value, it is much slower than a local variable.

    One of the advantages is that there wired error so you can force the data stream, and given that the nodes property are executed in order, you can use a property expanded node to find out what order things occur, especially compared to a free local and free property node, in which case you would be forced to use a sequence structure where ofc is a bad solution.

    /Y

Maybe you are looking for

  • Portege R100: Problems with CD/DVD Lacie USB 2.0 drive

    Hello everyone, this is my first post here.I'll most likely be a regular here I come to buy a R100. I am having trouble with an external hard drive that I bought especially for the R100,It's a Lacie CD / DVD burner, model number: 300819EK. This unit

  • do not display menu when the program is not running

    Hi, I did with an XControl I can start the program with a start button.I deselected the toolbar, Run and Abort button when runnning and the program runs with only a custom Menu, just like I want.When the program stops the menu and the toolbar is visi

  • ThinkVantage System Update

  • What is "USRpbdA.exe" and what is it for?

    On another machine of my friends, I get a message that failed. I get this message when I shut down the computer in question.

  • (Redirected) Laptop hard drives

    The hard drive from a Studio to sell will work in a Dell Latitude?  I have both, but the Studio is broken.  I don't want to lose what's on my hard drive and would like to know if it will work in my Latitude.  Studio hard drive has Windows 7 and Offic