NetFlow, sFlow & IPFIX Sensor for WANGUARD and WANSIGHT

OVERVIEW: The Flow Sensor included in WANGUARD and WANSIGHT is a fully featured flow-based traffic analyzer and collector that support NetFlow v5, v7 and v9, sFlow v4 and v5, and IPFix. Many entry-level and most enterprise-level routers and switches are able to export IP traffic information as flow records using one of the supported flow technologies.
At its core, the Flow Sensor contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.
  • The Flow Sensor contains a scalable IP traffic monitoring engine able to monitor tens of thousands of IPv4 and IPv6 addresses and IP blocks.
  • Provides traffic accounting reports and per-IP, per-subnet and per-IP group graphs (histograms) for each of the following traffic types: TCP, TCP+SYN, UDP, ICMP, BAD, FLOWS, HTTP, SSL, MAIL, DNS, NTP, RDP, SNMP, SSH, IPSEC, FACEBOOK, YOUTUBE, NETFLIX, HULU
  • Generates tops and graphs for Talkers, External IPs, Autonomous Systems, Countries, TCP ports, UDP ports, IP protocols and IP Groups.
  • Can save individual flows to help the troubleshooting of networks. Flows can easily be searched, filtered, sorted and exported
  • Any number of instances can be deployed across the network. Management and reporting is done from a single, centralized, fully-featured web interface
  • Detects all bandwidth-related traffic anomalies:
    • Distributed Denial of Service ( DDoS ) attacks
    • DNS attacks, NTP attacks, RDP attacks, UDP floods, ICMP floods, SMURF attacks
    • SYN floods, TCP port 0, UDP port 0, LOIC, peer-to-peer attacks
    • Scans and worms sending traffic to illegal or unallocated addresses
    • Unknown volumetric DoS attacks
  • Per endpoint flexible threat reaction options:
    • activate the WANGUARD Filter for DDoS attack mitigation
    • send RTBH / BGP black-holing / null-routing announcements
    • alert the NOC staff by email using user-defined email templates
    • send custom syslog messages to remote log servers
    • capture attack traffic for forensic investigation
    • extend the built-in capabilities with custom scripts accessing the API
  • Easy and non-disruptive installation on commodity hardware
  • The most cost-effective NetFlow ®, sFlow ® and IPFIX monitoring solution on the market


Supported Flow Technology
  • NetFlow v5, v7, v9 - including jFlow, NetStream, cflowd, RFlow
  • sFlow v4, v5
Maximum Traffic Capacity multiples of 10 Gbps, >150,000 endpoints*
DDoS Detection Time < flow export time + 5 seconds
IP Graphs Accuracy > 60 seconds
Traffic Validation Options IP classes, Interfaces, AS Numbers, Ingress / Egress
* An endpoint is an IP address that belongs to your network. The software is not limited by the number of connections between IPs.


Capacity Example 10 monitored interfaces, 10k active endpoints
Architecture x86 ( 32 or 64 bit )
Core x CPU 1 x Xeon 2.0 GHz
Network Cards 1 x Fast Ethernet
Operating System* RHEL / CentOS 5 , RHEL / CentOS 6, Debian 6, Ubuntu Server 12, OpenSuSE 12
Disk Space 15 GB ( including OS )
 * Other Linux distributions should work but haven't been tested yet.


You can download and try the Flow Sensor for 30 days by requesting an evaluation license.
Sensor licenses can be purchased directly from our on-line store.
The answers for several frequently asked questions are listed in the Knowledge Base.
If you have any questions or requests, please don't hesitate to contact us.