NetCrunch NetFlow Traffic Analyzer (NTA) is software-based NetFlow collector that collects traffic data, correlates it with other network data, and then allows monitoring and presentation of the current traffic state.
NetCrunch analyzer supports Cisco protocols such as Netflow, IPFIX and Cisco NBAR technology for application monitoring.
NetCrunch allows you to analyze traffic using various criteria such as
The traffic can be analyzed for all nodes or for any group of nodes defined through Atlas View. NetCrunch can also collect summary performance data for each traffic category.
@@img:flow-analytics.png NetCrunch Flow Analyzer
NetCrunch also shows real-time flow statistics for each node. Flows Status shows both summary traffic of the node and trend in the last hour.
The program also allows setting thresholds on various metrics such as a number of packets or bytes being transmitted in the time unit.
@@img:node-flows.png NetCrunch Node Flow Status
@@img:top-talkers.png Top Talkers
@@img:flow-analyzer.png NetCrunch Flow Analyzer
First, you need to enable the feature on the switch or router that supports the flow technology and then set NetCrunch as the destination for flows.
Then the device sends flow data to the flow collector in specified periods of time (defined in device settings).
The analyzer processes the data to perform traffic analysis and stores the data for a short time. The user can view traffic data and observe given traffic metrics.
Netflow, a protocol developed by Cisco, for collecting and recording IP Traffic going to and from a Cisco router or switch equipped with the technology.
After Cisco originally developed the protocol, many other manufacturers have implemented their version of the protocol into their products, including
NBAR2 (or Next Generation NBAR) is a re-architecture of NBAR based on the Service Control Engine (SCE) with more advanced classification techniques, accuracy, and many more signatures.
NBAR2 is adopted as a Cisco cross-platform protocol classification mechanism. It supports 1000 + applications and sub-classifications, and Cisco adds/provides new signatures and signatures updates through monthly released protocol packs.
NBAR2 leverages classification techniques from SCE, which allow classification of IPv4, IPv6, and v6 transition techniques. NBAR2 can classify evasive applications like Skype and Tor, as well as business applications like ms-lync, cloud applications such as Office-365, and also mobile applications such as facetime, etc. using advanced classification techniques.