|
|
|
| Traffic Analysis &
Visualization |
|
|
Network Traffic Visualization |
|
nLive has several types of GUI features such as a connected
graph, several types of charts and a unique multi-view
table. The connected graph allows one to see traffic
visually as conversations. It is possible to view traffic
conversations between hosts, subnets, business-groups, MAC
addresses, etc. Searching and filtering is also possible
prior to visualizing the traffic in the form of the graph.
The charts and graphs allow drill down type of filtering to
drill down into important data that one is trying to narrow
down. |
|
|
|
Real Time Traffic Analysis |
nLive provides near real time analysis of netflow and/or
packet traffic across the enterprise and shows dashboards
and graphs that update constantly. Abnormal traffic and
problems are also detected in near real time so as to show
any problems as they develop. This is a proactive way to
prevent problems from escalating into catastrophes.
One can see what is going on at any given time by playing a
dashboard on a second monitor or an overhead large screen
monitor.
All searches, reports, tables and graphs can be made to 5
minute granularity even in time frames that are in the
distant past. This provides good flexibility in observing
trends in network activities and usage. |
|
|
|
Locating Network and Department
Top Talkers |
|
nLive provides charts within reports depicting top talkers
(clients) and top listeners (servers). Besides, one can also
see not just hosts that are top clients and servers, but
business groups, subnets, etc. that are responsible for most
traffic. Charts within reports and dashboards provide top
ten of these, while the traffic tables provide top 100. One
can also find the top clients and servers for specific
applications such as email, secure shell, etc., or for
specific regions. |
|
|
|
Network Applications and Ports |
|
nLive allows the user to see applications, destination ports
and application categories (such as web applications,
communication applications, etc.) in various charts, graphs
and tables. It is also possible to search and filter down by
application names, categories and port numbers. |
|
|
|
Network bandwidth Congestion |
Network congestion can occur in many ways. Most often, it is
caused by high bandwidth usage in specific segments or over
a thin connection such as a remote office. Bandwidth
congestion can happen by the presence of peer-to-peer file
sharing programs, huge data transfers, unscheduled backups,
poorly configured data routing (such as email), large email
attachments, poor broadcasts and multicasts, etc.
Another form of congestion can occur due to the spraying of
small but numerous packets. This can occur from ARP storms,
worm propagation, scanning activities, etc.
All of the reporting in nLive brings our both types of
traffic-metrics — traffic volume as well as event count.
Therefore, congestion can be immediately spotted from charts
and graphs. In additions, there are several 'problem
detectors' that will be triggered when congestion causing
activities occur. So one can see them in the problems tables
and reports. As a third source of this information, one can
see high 'scores' for machines that are involved in this
sort of activities. Drilling down using the mouse on any of
these user interface elements can help you quickly get to
the bottom of it. |
|
| |
|
|
|
Enterprise wide deployment |
|
Decentralized database and analysis for large networks |
|
|
Click to enlarge |
|
|
|
|
|
|
|
