Packet + Flow… Get it All (with LiveAction)
In today’s world, an organization’s survival hangs on their ability to work and produce digitally. Because of this, the need for visibility into applications and network performance is a must-have requirement for network monitoring solutions.
Traditionally, APM and NPM services have an “either-or” approach, focusing on either Packet Capture or NetFlow. This means weighing the benefits of each, selecting one, and missing out on the advantages of the other. There are limitations and blind spots in an “either-or” approach.
Alternately, some organizations taking a “both-and” approach to network monitoring acquire multiple tools in their stack for better network coverage, but this leaves it up to individuals to draw conclusions between the different tools and find the relationships between the results.
That’s a lot of work.
…And your time can be better spent than playing Network Incident Connect-The-Dots.
So we created a unified Network and Application Monitoring Platform that pulls Packet Capture and NetFlow together in one view.
We could go on about the benefits of correlating these data types (and we will), but first, let’s look at the unique traits and benefits of using Packet Capture and NetFlow for network analysis.
NetFlow or Flow Analysis
Flow analysis is a higher-level, lightweight summary of network health. It looks at OSI layer three traffic-based data produced by network devices like switches and routers to identify patterns and anomalies in network traffic.
Flow analysis reports on IP addresses and answers the question “Where” with IP addresses and metrics on how bandwidth is used and by what applications in which geographic locations.
Creating flow is a secondary priority for devices, so when they become oversubscribed, the flow generation stops. LiveWire solves this problem by generating IPFIX-based flow from packets.
Packet Capture or PCAP
PCAP collects network packet data in transit from Layers 2-7 of the OSI model. It takes an exact image of raw data packets traveling the network. It does this through a SPAN port/ mirror port or a probe. Packet capture analysis answers the “Who and What” questions with web domain reports and access to usernames. PCAP captures precisely what happens, drilling into the root cause of an incident through traffic source data, error detection codes, sequencing information etc. Some packet capture tools like LiveWire also allow for targeted packet capture storage for post-mortum look-back forensics.
If a concerning flow path is identified, you can use Packet Capture to hone into a specific time range or port number. Combined, you can quickly see how your resources are being used, i.e. where the bandwidth hogs are, and get more information if needed.
Check out this diagram of an OSI Model for reference if this categorization is new to you.
Packet + Flow
Using LiveNX flow analysis and LiveWire packet capture together have the following benefits:
- Faster incident identification and resolution
- Improved accuracy in troubleshooting from improved visibility
- Forensic investigation and historical data storage to give context to how network events unfold
- Cloud-based remote device management
- Custom search parameters for rapid incident investigation
How LiveAction Does it Differently
LiveAction’s vendor agnostic network monitoring tool unifies packet and flow with a twist. Our technology allows us to extend visibility where flow and IPFIX are not available through AI and Advanced Analysis, creating LiveFlow.
Because LiveAction can generate flow data directly from packets, the flow data is richer than what is typically available via flow from network infrastructure devices.
This enhanced flow data includes TCP metrics, packet retransmission details, and VoIP metrics like jitter and phone numbers, provides advanced data to streamline network and application alerting and troubleshooting to reduce mean time to resolution (MTTR) significantly.
Our integration between LiveWire and LiveNX provides a direct link to the raw packet data through LiveWire for detailed root-cause analysis, all within the same platform, significantly decreasing the meantime to resolution (MTTR).
LiveAction provides a network monitoring solution that unites packet data, flow and SNMP for correlation and real-time or historical reporting in topographical graphs.
When You Need To See It All… There’s LiveAction
Use LiveAction’s platform anywhere you need hypervisibility into critical network operations or changes. For example:
- SD-WAN deployments
- VoIP troubleshooting
- Remote Location Management
- Campus & Branch Monitoring
- Data Center Observability
- Cloud Architecture Visibility
- hybrid cloud
- public cloud
- multi-cloud configurations
Are you hedging your bets against network blindspots? Give your organization a risk-free future with LiveAction’s next generation Network Monitoring Tool. Schedule your 1:1 demo of the LiveNx + LiveWire solution today.