Recent disruptions to two undersea internet cables in the Baltic Sea have yet again...
Introducing NFA v 22.08 – featuring packet TTL and length-related information elements, SNMPv3 contexts in requests and more.
New packet TTL and length-related information elements
L3 IP TTL, L3 IP min TTL, L3 IP max TTL, L3 IP Total Length, L3 IP min Total Length and L3 IP max Total Length information elements can now be collected and used as filters in NFA’s Data Explorer.
The data obtained from the above elements are primarily related to network performance and detecting network attacks. Here are some use cases:
Routing changes observability. The TTL should remain constant between two hosts in the backbone; if it does not, it could mean that the routing has changed. The detection of unauthorized NAT configured on end devices, where the unexpectedly low TTL in flows is a potential sign of the unauthorized NAT presence. The TTL Expiry attacks detection based on many flows with the ipTTL value set to 1, etc.
In turn, monitoring packet length helps network administrators identify performance issues caused by fragmented IP packets or small-size packets.
The use of SNMPv3 contexts in requests
An SNMP context name, or simply “context”, is a collection of management information accessible by an SNMP entity. If a management information has been defined under a specific context by an SNMPv3 entity, then any management application can access that information by providing that context name. Although not compulsory, there are a lot of cases when one may use SNMP contexts: security, separate logical entities on a physical one, etc.
Other notable features and improvements include:
- The status of the device’s last SNMP request is now displayed in the Inventory;
- Interface descriptions added to the Data Explorer’s Narrow by section;
- Added option to display interface names in charts and the Data Explorer table;
- Updated Clickhouse dependency to the latest LTS 22.3.x version.
Try NFA free for 30 days. Cancel anytime.
Unlimited devices, unlimited interfaces, unlimited sites. Endless IP flow analysis capabilities! We’ll warn you when your trial ends, so you can decide whether to move further. Click the button below to get started.
SUBSCRIBE TO NEWSLETTER
You May Also Like
Meet NFA v 24.08: L2 Ethernet-type filtering, Enhanced Security & Authentication, User Interface Improvements and more
We are excited to introduce Noction Flow Analyzer version 24.08, which features essential enhancements in security,...
Meet Noction IRP v4.2.5: Threat Mitigation Enhancements, API Documentation, improved UI/Reporting and more
Noction has just released the Intelligent Routing Platform version 4.2.5. This update offers new features and...
Introducing NFA 24.05: SNMP Explorer Parameter Sets, TACACS+, Microsoft Teams support and more
NFA version 24.05 has just been released, introducing new features and significant product improvements. This update...