posted by Alex at 6:00 pm
We’re pleased to announce the release of Flow Exporter 1.0, the first non-beta version of our software-based Flow Exporter!
All the changes since the last release are under-the-hood, but we’re sure users will find the new version to be significantly improved. The biggest across-the-board change is an modification to the flow export policy (the algorithm that determines when to export NetFlow datagrams) that will result in better data availability. A handful of bugfixes, optimizations, and other improvements are included, too, and the upgrade is recommended for all current users of Flow Exporter.
As it has always been, Flow Exporter is available free of charge. We hope it becomes even more useful to the monitoring, security, and forensics community. Click here to read more.
posted by Alex at 10:40 am
We’ve received some inquiries about what exactly Flow Exporter does, and I thought I’d write a quick blog post explaining both the what and the how in a bit more depth.
A flow exporter (note the lower case letters!) is a software or hardware engine that keeps track of all the current sessions that it “sees”; in hardware-land, this might mean all the packets that a switch switches, in software-land, it’s what can be seen on an interface or set of interfaces. It does so by maintaining a table of current sessions called a “conntrack table,” as in, “connection tracking.” Typically, this table is scanned for updates at regular intervals, which are subsequently added to NetFlow packets which are exported to a flow collector. Our Flow Exporter used to work in exactly this way.
On very busy networks, sometimes an enormous number of sessions receive updates during the scan interval, thus resulting in surge of NetFlow packets to export. This sudden burst of output can overwhelm the UDP input buffers of the operating system on the collector, especially if the collector machine is heavily loaded, or simply underpowered. This can lead to dropped NetFlow packets and inaccurate, incomplete data.
To combat this problem, we recently updated Flow Exporter to spread all the export packets over time, rather than send them in bursts. This smooths out these surges considerably, resulting in a steady stream of NetFlow packets even on very busy networks, and minimizing the chances of overloading a collector.
If you want to see flow information on your network, but your hardware doesn’t support NetFlow/sFlow export, or you just want an in-depth look at a segment of your network, you need Flow Exporter, which free as always. Connect your machine to a SPAN port on your non-NetFlow/sFlow switch, install Flow Exporter, and you’ll be seeing NetFlow packets of that traffic just as if you had hardware support.
posted by John Murphy at 11:39 am
We just put the finishing touches on the most recent beta of the next version of InterMapper Flows, soon to be made available to interested users. The big announcement for this one: support for 64-bit Windows platforms. Those of you running on such a machine will now have the option to use greatly-increased amounts of RAM for faster response times, better ability to handle larger numbers of incoming flows, and just generally snappier performance. It’s a big improvement for our Windows users, and we know you’ll be happier with it.
posted by Alex at 10:29 am
ProQueSys is joining Dartware to show off InterMapper Flows at NANOG 48 in Austin, TX.
Come join us at 6pm Monday at the Beer ‘n Gear. Stop by for a chat or to get a look at our software. (And if you like what you see, you can start a free trial of InterMapper with Flows here.) See you there!
posted by John Murphy at 4:37 pm
Hi, I just wanted to take a minute and mention a recent change to our Flow Exporter, our free software-based network sensor. A number of people have had problems using the Windows version of the exporter built around Microsoft NetMonitor. We looked around for an alternative and found the WinPcap project. They’ve done a great job making some pretty powerful packet capture functionality available to Windows developers and users, together with good documentation, all for free. The result of the switch, we feel, is a more stable and reliable NetFlow exporter — I encourage you to go give it a try!
ProQueSys Flow Exporter
(more…)
posted by John Murphy at 1:18 pm
This last week, we released to Dartware the final build for InterMapper Flows 1.2, the main commercial version of our NetSAW engine. Let’s take a quick look at what’s been updated with this release.
Under the hood, we’ve taught the Flows collector a few tricks: there have been lots of minor improvements to keep things humming along, and it now speaks NetFlow v7. Those of you using JFlow or cFlow can also export to InterMapper Flows, by the way, though it will appear in the software as NetFlow 5 (being impossible on our end to tell them apart!) If you’d like to learn a bit more about these different formats, we’ve got a white paper on that, and we offer a great free software NetFlow exporter.
In the client you’ll see a number of helpful changes. The first thing that will stand out is a column of country flags in the host table: based on data provided by the IANA, we show the registered country of origin for each IP address whose traffic crosses your network. I mean, wouldn’t you like to know that the top host attempting to connect to your server on port 22 is from North Korea? Yeah, we thought so too. And if you want more information about who that IP address is, right-click it and run a whois request on it. Note that we use the IP addresses in all cases here, so that you actually get the one you’re looking for. Otherwise you get into the situation where you reverse-resolve an address to a domain name, then that domain name resolves to a different address. Usually not an issue, but in those cases where it is, it really is.
We’ve spent some time tweaking the user interface in response to user suggestions, too: we added calendar widgets to pick dates that way (very helpful for when you want to look at traffic for two Mondays ago but can’t remember whether that was the fourth or the fifth off the top of your head), and redid the auto-refresh timer with more options and a count-down display.
That, plus a handful of bug fixes — some stuff that you our users reported, some stuff we discovered ourselves.
All in all, we’re pretty happy with InterMapper Flows 1.2, and we think that you will be too. Go give it a try!
posted by Alex at 6:35 pm
NS2Flows/InterMapper Flows Update coming soon
Our offices have been quiet with eerie pre-release calm; everyone’s their head down, hard at work on the new NS2Flows 1.2 release. The new version is now in the last of many rounds of testing with our beta testers and should be publicly available later this week
Watch this space for more info, and expect an official announcement from Dartware soon.
posted by Alex at 3:17 pm
We are pleased to announce that we’ve released a new version of our free Flow Exporter software.
What Does Flow Exporter Do?
There’s lots of software out there for storing, analyzing, and visualizing network flows; our own NetSAW is just one choice among many. And there are lots of ways to apply that software for your organization’s benefit: strengthening network security and privacy by gaining awareness of who’s talking to whom, knowing how and when your users interact with your in-house network apps, and of course, answering the age-old question, “Who’s hogging all the bandwidth?”
But switching and routing hardware capable of exporting flows in the formats flow analysis products expect can be expensive. And sometimes you just want to drop a probe in and see what’s up with a small segment of your network. This is where Flow Exporter comes in.
Just plug your computer’s network interface into a hub or the TAP or SPAN port on your switch, fire up Flow Exporter, and it’ll start exporting flows to the NetFlow collectors of choice, using your choice of NetFlow v5 or v9.
What’s New
In addition to a number of under-the-hood reliability and performance enhancements, the new version adds support for wireless networks. This is especially useful for quickly getting a sense for the traffic coming to and from your own computer, or for troubleshooting public wireless networks.
As always, Flow Exporter is available free of charge.
Get the bits
Click here to go to our downloads page, which will always host the latest version of Flow Exporter.
We love hearing from our customers, so please feel free to let us know about any problems you encounter, or if you want to boast about something interesting you’ve done with Flow Exporter.