We’re excited to announce that our latest Noction Flow Analyzer v 22.08 has just been released, offering:
L3 IP TTL, L3 IP min TTL, L3 IP max TTL, L3 IP Total Length, L3 IP min Total Length and L3 IP max Total Length information elements can now be collected and used as filters in NFA’s Data Explorer.
The data obtained from the above elements are primarily related to network performance and detecting network attacks. Here are some use cases:
Routing changes observability. The TTL should remain constant between two hosts in the backbone; if it does not, it could mean that the routing has changed. The detection of unauthorized NAT configured on end devices, where the unexpectedly low TTL in flows is a potential sign of the unauthorized NAT presence. The TTL Expiry attacks detection based on many flows with the ipTTL value set to 1, etc.
In turn, monitoring packet length helps network administrators identify performance issues caused by fragmented IP packets or small-size packets.
An SNMP context name, or simply “context”, is a collection of management information accessible by an SNMP entity. If a management information has been defined under a specific context by an SNMPv3 entity, then any management application can access that information by providing that context name. Although not compulsory, there are a lot of cases when one may use SNMP contexts: security, separate logical entities on a physical one, etc.
Unlimited devices, unlimited interfaces, unlimited sites. Endless IP flow analysis capabilities! We’ll warn you when your trial ends, so you can decide whether to move further. Click the button below to get started.