The Telesoft FlowProbe provides detailed un-sampled traffic statistics in the form of flow records from large scale networks up to 2 x 100GbE per high performance 1U appliance.
Un-sampled flow based monitoring gives network analysts detailed and accurate information about each and every communication session, including the end point identities, the session start and end times and the volume of traffic transmitted. TCP session timing information allows detection of anomalies and classification traffic. This gives complete traffic visibility for analysis, Network Performance Monitoring and Diagnostics (NPMD) and compliance.
In addition the Telesoft FlowProbe can identify Layer 7 protocols, and extract key information into flow records:
- HTTP flows are detected on any port, and the host, uri, method and status fields extracted and included in the flow record.
- SSL flows have the server name extracted and included in the flow record.
- SIP calls are detected on any port, and the sip uri added to the flow record.
- DNS flows are detected, and the CNAME and host addresses added to the flow record.
- Telnet, FTP, IRC, SMTP, POP and Torrent protocols are also detected, even if they are on non-standard ports.
- BGP correlation of IP address to AS is added in the flow record.
- Bitcoin protocol detection allows discovery of any unauthorised mining.
Take a guided tour around the FlowProbe's GUI
Flow records are further enriched with automated information such as IP reputation scores and Geo IP, identifying known bad hosts and their potential threat types, eg botnets, enabling real-time identification of potential threats and rapid action. The probe does not affect the monitored traffic and typically connects to monitoring infrastructure such as packet brokers or taps. Flow records are exported for analysis and storage to the scalable Telesoft Data Analytics Capability (TDAC) collection, retention and analysis application or to another IPFIX/NetFlow compatible collector.
Automatic detection of tunnelled traffic (GRE,GTP, MPLS, IPinIP) and de-tunnelling gives visibility of encapsulated traffic found on national ISP and telco carrier networks, making the Telesoft 2x100GbE FlowProbe ideal for large scale national network deployments, peering links or data centre backbone. When de-tunnelling is selected, the FlowProbe will create flow records for the individual flows within a tunnel (including all the layer 7 details), and also identify the outer tunnel that is carrying it giving another layer of visibility and protection.