To understand the cause of network performance issues, visibility is key. These four data types, flow, packet, SNMP and API all play a role in enhancing network visibility.
Flow
Flow is a summary of data being sent across a network. Flow types vary and can include NetFlow sFlow jFlow and IPFIX. The different flow types have limitations in vendor flexibility but all flows share the function of providing summaries of the connections in a network. A client request is sent to a server. The server then responds with a flow record.
What can you learn from Flow Analysis?
Flow analysis reveals the volume and traffic type passing through a network device. A flow record contains information on the source and destination IPs and ports, the protocol used, bytes sent and received, and other information. Flow analysis correlates flow records to identify sources of congestion. Using flow analysis, you can tell which applications and users are consuming the most bandwidth resources, see irregular traffic patterns for specific IP addresses or ports, and create baseline network performance metrics.
While you can tell where issues are happening using flow, packets tell you exactly what caused those issues. Packets are vital to getting to the root cause of network events.
Packets
Packets are small data units about 1000 to 15000 bytes that travel across networks. With any action, like sending a file, email, or downloading an image, the data is more efficiently transported by breaking it into many smaller packets. Each packet contains sequencing information to make sure it reassembles correctly at its destination and IP destination information to make sure it arrives at the right place.
Packet capture takes the mirror image of data passing through a network by using one of two techniques., network tapping and port mirroring. Learn more about the pros and cons of these techniques in our white paper Packet vs. Flow.
What can you learn from Packet Capture?
Packet capture or PCAP can help you dig into granular troubleshooting details and determine the root cause of issues. Packets are also helpful in surfacing threat visibility in a network. Packets are often a critical component of threat detection tools. Deep packet dynamics (DPD) uses packet data combined with AI to compare packet metadata against threat traits and characteristics for indicators of suspicious activity encrypted within a packet’s payload.
SNMP
SNMP is a protocol that lets network devices share information. SNMP sends get-requests called PDUs, or protocol data units, to devices within a network that have SNMP enabled. The data received from these requests give visibility into the status of network-connected interfaces, CPUs, and devices like routers, switches, servers, and firewalls.
What you can learn from SNMP?
SNMP data includes errors sent and received on a device, like a router, volume of packets, byte numbers, the connection speed between two devices, or how many requests a web server receives in a given period. SNMP is critical for understanding device saturation and health.
API
An API is a software layer that acts as a bridge between different applications to centralize the data and allow knowledge sharing. For example, an API between Jira and Salesforce allows users in salesforce to see open tickets or issues associated with a specific customer account. This allows new data to become available to different audiences.
What can you learn from API data?
APIs provides access to new data and enhance network visibility by pulling data together from disparate applications and systems for more accurate reporting.
APM Digest found 35 percent of IT Teams report having poor visibility into performance across the entire network
More Data Equals Better Network Visibility
Network visibility is essential to get through the day. It allows NetOps engineers to continuously address any congestion or device failure that becomes apparent.
But comprehensive network visibility is also essential for the future. With better data about network trends, baselines, and peak periods teams can predict and plan what capacity needs will be required for new initiatives.
With increasingly saavy cybersecurity threats, and threat actors gaining access through legitimate credentials and using fileless malware, behavioral heuristics from network activities may be one of the only ways to detect these exploits. These threat detection techniques require maximum visibiltiy into network traffic activity.
About LiveAction
LiveAction ingests diverse data type, correlating and analyzing these findings in a global dashboard. Don’t settle for data visibility limitation. LiveAction provides the broadest telemetry available on the market, empowering NetOps and SecOps teams in their critical decisions for performance and threat response.
