IP Traffic Analysis, Monitoring and Accounting Solution

OVERVIEW
WANGuard Lite 3.1 User Guide
WANGuard
Lite User
Guide


Andrisoft WANGuard Lite is what businesses all over the world rely on when it comes to monitoring their network traffic. WANGuard Lite includes a traffic analyzer called WANGuard Sensor and a web console ( portal ) called WANGuard Console. WANGuard Sensor provides an unmatched visibility into your network's IP traffic in real-time and insights into how your traffic impacts your overall network health.

WANGuard Sensor relies on Cisco NetFlow® / Huawei NetStream® or on Packet Sniffing to provide in-depth traffic analysis and bandwidth monitoring. This information enables you to generate per IP, per network ( subnet ) or per IP Description traffic reports, instantly pin down the cause of network incidents, understand patterns in application performance and make the right capacity planning decisions. Graphs can have user defined accuracy ranging from 5 seconds to 5 minutes and user defined time-frames.
SAMPLE REPORTS (CLICK TO ENLARGE)
Screenshots of IP Traffic Graphing and Accounting Reports
By IP / Subnet
Sample report showing 7 days of throughput data for an IP address, over one router interface, one switch port and one VLAN. Sample report showing a traffic graph for every IP address contained in a /20 network monitored using Port Mirroring.
Sample report showing traffic accounting data collected for an IP address ( /32 CIDR ) through one switc port, one VLAN and two router interfaces, over 3 days. Sample IP traffic accounting report for a /26 subnet for 7 days. The accounting data was collected from one mirrored switch port and from one router interface.
By IP Description
Sample report showing 48h of throughput data for a client with many subnets, over one router interface, one switch port and one VLAN. Sample traffic graph report for a custom time-frame. The graphs represent the bandwidth of a client over 2 router interfaces, 2 switch ports and one VLAN.
Sample traffic accounting report for a client with multiple allocated subnets. The data was collected from one switch port and two router interfaces.
Screenshots of Live Top Host, Protocols and AS Reports
Top hosts making traffic through a switch port, sorted after inbound IP packets/second, bits/second and percent of total network traffic. Top ports used in TCP traffic passing a switch port, sorted after packets/second, bits/second and percent of total network traffic.
The protocols used by the IP traffic passing a switch port, sorted after outbound packets/second, bits/second and percent of total network traffic. The Autonomous Systems (AS) top, through a router interface, sorted after outbound packets/second, bits/second and percent of total network traffic.
Screenshots of Network Interface Monitoring Reports
Sample traffic parameters (pkts/s, bits/s, IPs/s etc.) graphs generated for a switch port monitored through Port Mirroring. Sample packets/second graphs generated for two switch ports and two router interfaces during 7 days.
Sample protocols distribution graphs generated for the traffic passing two switch ports and one VLAN. Systems View provides centralized live traffic and operational parameters collected from all WANGuard Sensor systems deployed within the network.


SUPPORTED TRAFFIC CAPTURING METHODS Depending on your network infrastructure, WANGuard Sensor can analyze the traffic of your network using two different methods:


NetFlow® Monitoring


NetFlow Monitoring is the domain of networks that usually use Cisco or Huawei L3 switch or router flows. These can be configured to send data streams with the network's usage data to a Linux server running WANGuard Sensor.

How NetFlow® Monitoring works
One option to measure bandwidth usage “by IP Address” is to use the NetFlow protocol which is especially suited for high traffic, remote networks. Many routers and Layer 3 switches from Cisco support this protocol, as
well as vendors like Huawei ( NetStream ), Juniper, Extreme Networks, 3COM and others.
Network devices with NetFlow support, track the bandwidth usage of the network internally, and can be configured to send pre-aggregated data to a Linux server running WANGuard Sensor for traffic analysis and accounting purposes.

Reasons To Choose NetFlow® Monitoring
Because the NetFlow protocol already performs a pre-aggregation of traffic data, the flows of data sent to the monitoring server running WANGuard Sensor is much smaller than the monitored traffic. This makes NetFlow the ideal option for monitoring remote, high-traffic networks. The downside of the NetFlow monitoring is that computing the pre-aggregation of traffic data requires large amounts of RAM, it has significant delays, and the accuracy of traffic parameters is lower than when directly inspecting network packets.


Port Mirroring, Network TAP, In-line deployment


In order to do traffic monitoring and analysis, WANGuard Sensor "sniffs" all network data packets passing the host server's network card, including the network data packets sent by a monitoring port of a switch or router.

How Packet Sniffing works
It is very important to understand that WANGuard Sensor can only inspect data packets that actually flow through the network interface(s) of the host server. In switched networks, only the traffic for a specific device is sent to the device's network card. If the server running WANGuard Server is not deployed in-line, it can't capture the traffic of other network components.
For WANGuard Sensor to analyze the traffic of other hosts in your network you must use a network TAP, or a switch or router that offers a “monitoring port” or “port mirroring” configuration ( Switched Port Analyzer - “SPAN” for Cisco devices, Roving Analysis Port for 3Com devices ).
If you don't have network devices that can do port mirroring, you can deploy a Linux server on the main data-path and WANGuard Sensor will be able to analyze the traffic flows that are routed through the server.

Reasons To Choose Packet Sniffing
Packet sniffing comes into consideration if you want the quickest reaction to traffic anomalies (under 5 seconds) and you can provide the higher CPU power needed by WANGuard Sensor. Packet sniffing provides extremely fast and accurate traffic accounting and analysis results.

DETAILS You can find complete specifications about our IP traffic analysis, monitoring and accounting solution by visiting WANGuard Sensor and WANGuard Console modules pages. You may download WANGuard Lite - TRIAL Version. You can switch to a registered version by applying a purchased license.
Feel free to contact us if you have any question.