NetFort Advertising

Network Traffic Monitoring

In order to be fully effective, network traffic monitoring software should keep a close eye on not only what is happening within your network, but what is happening on the perimeter of your network as well. In order to give network managers complete visibility over this area of activity, network traffic monitoring software must have deep packet inspection to identify the content of network packets originating from public IP addresses and subnets.

Network traffic monitoring software with this depth of visibility has many practical uses within the network as well. It can be used to troubleshoot network issues, conserve bandwidth, identify threats to the security of the network and enforce acceptable use policies. The monitoring can be done in real time of historically when real-time analysis is insufficient to identify trends or time-sensitive issues when certain network events occur.

LANGuardian is a leader in network traffic monitoring software. It is quick to install, easy to maintain and fully effective at monitoring the traffic on and around the perimeter of your network versatile. To find out more about LANGuardian, read our network traffic monitoring blog posts, contact us with any questions you have, or download a trial of LANGuardian today in order to evaluate our network traffic monitoring software free of charge in your own environment for thirty days.

Problems with Internet filters on college networks

College Networks

A in-dept look at the problems with Internet filters on college networks

Internet filters have been around for a while now, and they can form a vital part of the network security infrastructure. Typically they are used for blocking access to inappropriate or non-work related sites, preventing applications such as BitTorrent from operating, blocking malware, and preventing viruses. However, many of the filtering systems used by small-to-medium sized organizations are not so good when it comes to managing sites that consume lots of bandwidth. Last week I worked with a college that was having intermittent problems with its Internet connection. At regular intervals the connection would slow down causing problems for teachers, students and administrative staff.

Read the full article on my ComputerWorld blog

Detecting Spotify traffic on your network

Spotify Traffic

This is an update to a blog article I wrote six months ago that described how to detect Spotify traffic on a network. Since then, Spotify has launched in the US where it has already notched up more than 1.5 million users and 250,000 subscribers to add to its millions of users in Europe. In parallel with this growth, we have seen a corresponding increase in questions and reports from our customers on the impact Spotify traffic is having on their networks.

Spotify is a music streaming service that offers streaming of selected music from major record labels including Sony, EMI, Warner Music Group, and Universal. It is now available in nine European countries and in the United States. Spotify provides free audio streams at 160 kb/sec and high-quality streams to subscribers at 320 kb/sec. This means that a single user listening to the free service for one hour would download over 70 MB of data, while a user listening to the premium service all day would download over 1 GB.

You can easily check for Spotify activity on your network with LANGuardian:

  • Click Bandwidth,, then click IP, and then Traffic distribution.
  • Filter the traffic distribution report to restrict the display to traffic from the Spotify network:In the subnet field, enter 78.31.8.0/22.Click View.

traffic distribution report

Sample traffic distribution report

This will give you an instant report on Spotify activity over the previous 24 hours. You can also save this as a custom report that you can run at scheduled intervals, or create an alert so that you are notified if Spotify traffic exceeds a threshold that you specify.

If you are not already a LANGuardian user you can still try this on your own network by downloading the 30-day free trial version of the software.

Why has my Internet connection slowed down?

Internet connection slowed down

Reasons behind “Internet connection slowed down” user complaints

Slow Internet access can be a right pain, both in the workplace and at home. Nowadays, we demand fast access to websites and cloud services. Gone are the days of the 9600-baud modem. In its place we have high-speed links allowing instant access to information. However, I often come across instances of people complaining that “the Internet is slow”. Today it was my neighbor with one computer on his network, and last week it was a hospital network with thousands of connected systems. This post describes some of the reasons why an Internet connection can slow down.

Read the full article on my ComputerWorld blog

5 Risks of Mobile Devices on Your Network

network monitoring on steroids

Like many of you out there I own a smartphone, and I use it for both business and personal reasons. It seems like only yesterday when smartphones were seen as an expensive upgrade. Now their appeal is spreading worldwide as prices come down and hardware improves. Anyone can now get a cheap and responsive devices, but the latest security flaws found in some Android devices  made me think about the risks these devices bring to computer networks.

Read the full article on my ComputerWorld blog

Network Breaches Don’t Always Rely on a Network Vulnerability

Network Switch

Many people assume that network attacks are the result of hackers accessing unpatched systems but most of the recent attacks I have seen can be attributed to other causes, such as:

  • Weak passwords
  • Introduction of malware onto the network
  • Holes in network perimeter
  • Social engineering attacks.

Read the full article on my ComputerWorld blog

Monitoring Intra-VM network traffic is crucial

Hyper-V Installation

Why Monitoring Intra-VM Network Traffic is Crucial

With more and more of IT infrastructures moving to virtual platforms what are the implications for network based security systems and how they can get the visibility they require into network traffic to provide the monitoring capabilities that they have been designed for.

Traditional security systems generally can only see traffic between systems over physical networking infrastructure. However, with the number of servers now been hosted in virtual environments increasing, more traffic is passing intra-vm and less of it is appearing on the physical network.

This can potentially lead to attack scenarios whereby a compromised host in a virtual environment can have access, that isn’t monitored, to all other hosts within that environment. This allows malicious software to move undetected between multiple virtual machines. Monitoring in the physical network environment won’t allow you to see this activity until the malicious activity appears on the physical structure. Web server farms, for example, which have been implemented in a virtual environment with public facing web servers and back-end database servers can often have no monitoring in place.

Network-based security systems need to be able to extend their visibility into the virtual environment to protect against potential attacks. It is, however, possible to gain the same levels of network traffic visibility within a virtual infrastructure when the monitoring solution has the appropriate capabilities.

Another interesting aspect to take note of, when monitoring traffic from virtual environments, is that you may often see high levels of traffic over the iSCSI network protocol. If your virtual environment uses external media storage which is connected using the iSCSI protocol then this is simply the disk I/O traffic between the virtual appliances and their storage media hosting servers.

File and Database Activity Monitoring

Deep Packet Inspection

When I started my career in network management many years ago, my primary focus with file sharing and database applications was to make sure that they had enough disk space to grow. This basic level of monitoring is still important today. However, due to the amount and sensitivity of data on today’s networks, this basic monitoring has being extended and is now being referred to as FAM (file activity management) and DAM (database activity management).

Read the full article on my ComputerWorld blog

Monitoring Network Round Trip Time

Network Switch

Guide For Monitoring Network Round Trip Time

Keeping with our philosophy of trying to make maximum use of the information we get from a span port the engineering team have been busy adding the ability the track TCP connection round trip time to the LANGuardian. In the posting below I explain what network round trip time is and how knowing this value can help you manage your network.

The network round trip time (RTT) is a measurement of the time between a packet being sent and an acknowledgement being received for that packet, ie the sum of the path latencies in the forward and reverse directions for the packet. The network RTT can be influenced by some of the following factors

  • Queueing
    • Number of packets queuing at each router between the source and the destination.
  • Network Topology
    • Routing Topology, ie distance between routers.

Typically the ping command is used to measure this value on a IP network, however this approach has two disadvantages.

  • Modern networks differentiate the type of treatment they give to different protocols using Quality of Service (QoS) techniques. This may mean that a VOIP connection would experience a very different type of service than a ping packet that uses the ICMP protocol.
  • Some networks will block ICMP traffic making it impossible to use ping as a measurement of network RTT.

An alternative approach to monitoring the network RTT is to monitor the time taken for a TCP packet to be acknowledged. In using this approach the latency of live production protocols can be monitored. To get an accurate estimate of the network RTT this value must be measured during the TCP connection setup time prior to any application level delays occur.

The LANGuardian measures this time by recording the following two attributes for each TCP connection:

  • Timestamp of the servers SYN-ACK Packet
  • Timestamp of the clients ACK Packet

The network RTT is derived by subtracting those two values from each other.

For example in the screenshot below a TCP hand shake is shown

net 2

When this TCP connection was processed by the LANGuardian it outputted the RTT value at 64 microseconds

net 3

The Importance of Network Round Trip Time

  • The lower the network RTT the higher the end to end TCP performance.
  • For protocols where interactive communication occurs such as VOIP, Virtual Desktopping and gaming understanding where the delay is occurring between the client and server is crucial, ie is it the network or the application.