In order to be fully effective, network traffic monitoring software should keep a close eye on not only what is happening within your network, but what is happening on the perimeter of your network as well. In order to give network managers complete visibility over this area of activity, network traffic monitoring software must have deep packet inspection to identify the content of network packets originating from public IP addresses and subnets.
Network traffic monitoring software with this depth of visibility has many practical uses within the network as well. It can be used to troubleshoot network issues, conserve bandwidth, identify threats to the security of the network and enforce acceptable use policies. The monitoring can be done in real time of historically when real-time analysis is insufficient to identify trends or time-sensitive issues when certain network events occur.
LANGuardian is a leader in network traffic monitoring software. It is quick to install, easy to maintain and fully effective at monitoring the traffic on and around the perimeter of your network versatile. To find out more about LANGuardian, read our network traffic monitoring blog posts, contact us with any questions you have, or download a trial of LANGuardian today in order to evaluate our network traffic monitoring software free of charge in your own environment for thirty days.
This is an update to a blog article I wrote six months ago that described how to detect Spotify traffic on a network. Since then, Spotify has launched in the US where it has already notched up more than 1.5 million users and 250,000 subscribers to add to its millions of users in Europe. In parallel with this growth, we have seen a corresponding increase in questions and reports from our customers on the impact Spotify traffic is having on their networks.
Spotify is a music streaming service that offers streaming of selected music from major record labels including Sony, EMI, Warner Music Group, and Universal. It is now available in nine European countries and in the United States. Spotify provides free audio streams at 160 kb/sec and high-quality streams to subscribers at 320 kb/sec. This means that a single user listening to the free service for one hour would download over 70 MB of data, while a user listening to the premium service all day would download over 1 GB.
You can easily check for Spotify activity on your network with LANGuardian:
- Click Bandwidth,, then click IP, and then Traffic distribution.
- Filter the traffic distribution report to restrict the display to traffic from the Spotify network:In the subnet field, enter 188.8.131.52/22.Click View.
Sample traffic distribution report
This will give you an instant report on Spotify activity over the previous 24 hours. You can also save this as a custom report that you can run at scheduled intervals, or create an alert so that you are notified if Spotify traffic exceeds a threshold that you specify.
If you are not already a LANGuardian user you can still try this on your own network by downloading the 30-day free trial version of the software.
Like many of you out there I own a smartphone, and I use it for both business and personal reasons. It seems like only yesterday when smartphones were seen as an expensive upgrade. Now their appeal is spreading worldwide as prices come down and hardware improves. Anyone can now get a cheap and responsive devices, but the latest security flaws found in some Android devices made me think about the risks these devices bring to computer networks.
Read the full article on my ComputerWorld blog
Why Monitoring Intra-VM Network Traffic is Crucial
With more and more of IT infrastructures moving to virtual platforms what are the implications for network based security systems and how they can get the visibility they require into network traffic to provide the monitoring capabilities that they have been designed for.
Traditional security systems generally can only see traffic between systems over physical networking infrastructure. However, with the number of servers now been hosted in virtual environments increasing, more traffic is passing intra-vm and less of it is appearing on the physical network.
This can potentially lead to attack scenarios whereby a compromised host in a virtual environment can have access, that isn’t monitored, to all other hosts within that environment. This allows malicious software to move undetected between multiple virtual machines. Monitoring in the physical network environment won’t allow you to see this activity until the malicious activity appears on the physical structure. Web server farms, for example, which have been implemented in a virtual environment with public facing web servers and back-end database servers can often have no monitoring in place.
Network-based security systems need to be able to extend their visibility into the virtual environment to protect against potential attacks. It is, however, possible to gain the same levels of network traffic visibility within a virtual infrastructure when the monitoring solution has the appropriate capabilities.
Another interesting aspect to take note of, when monitoring traffic from virtual environments, is that you may often see high levels of traffic over the iSCSI network protocol. If your virtual environment uses external media storage which is connected using the iSCSI protocol then this is simply the disk I/O traffic between the virtual appliances and their storage media hosting servers.
When I started my career in network management many years ago, my primary focus with file sharing and database applications was to make sure that they had enough disk space to grow. This basic level of monitoring is still important today. However, due to the amount and sensitivity of data on today’s networks, this basic monitoring has being extended and is now being referred to as FAM (file activity management) and DAM (database activity management).
Read the full article on my ComputerWorld blog
Guide For Monitoring Network Round Trip Time
Keeping with our philosophy of trying to make maximum use of the information we get from a span port the engineering team have been busy adding the ability the track TCP connection round trip time to the LANGuardian. In the posting below I explain what network round trip time is and how knowing this value can help you manage your network.
The network round trip time (RTT) is a measurement of the time between a packet being sent and an acknowledgement being received for that packet, ie the sum of the path latencies in the forward and reverse directions for the packet. The network RTT can be influenced by some of the following factors
- Number of packets queuing at each router between the source and the destination.
- Network Topology
- Routing Topology, ie distance between routers.
Typically the ping command is used to measure this value on a IP network, however this approach has two disadvantages.
- Modern networks differentiate the type of treatment they give to different protocols using Quality of Service (QoS) techniques. This may mean that a VOIP connection would experience a very different type of service than a ping packet that uses the ICMP protocol.
- Some networks will block ICMP traffic making it impossible to use ping as a measurement of network RTT.
An alternative approach to monitoring the network RTT is to monitor the time taken for a TCP packet to be acknowledged. In using this approach the latency of live production protocols can be monitored. To get an accurate estimate of the network RTT this value must be measured during the TCP connection setup time prior to any application level delays occur.
The LANGuardian measures this time by recording the following two attributes for each TCP connection:
- Timestamp of the servers SYN-ACK Packet
- Timestamp of the clients ACK Packet
The network RTT is derived by subtracting those two values from each other.
For example in the screenshot below a TCP hand shake is shown
When this TCP connection was processed by the LANGuardian it outputted the RTT value at 64 microseconds
The Importance of Network Round Trip Time
- The lower the network RTT the higher the end to end TCP performance.
- For protocols where interactive communication occurs such as VOIP, Virtual Desktopping and gaming understanding where the delay is occurring between the client and server is crucial, ie is it the network or the application.