Andrisoft WANGuard Sensor is what businesses all over the world rely on when it comes to monitoring their network traffic. WANGuard Sensor provides an unmatched visibility into your network's IP traffic in real-time and insights into how your traffic impacts your overall network health.
WANGuard Sensor relies on Cisco NetFlow® / Huawei NetStream® or Port Mirroring / Catalyst Switched Port Analyzer (SPAN) / Ethernet TAP to provide in-depth traffic analysis and bandwidth monitoring. This information enables you to generate per IP, per subnet or per IP Zone traffic reports, instantly pin down the cause of network incidents, understand patterns in application performance and make the right capacity planning decisions. Graphs can have user defined accuracy ranging from 5 seconds to 5 minutes and user defined time-frames (screenshot).
IP Traffic Graphing and Accounting Screenshots
Per IP / subnet Traffic Graphing and Accounting
|
IP Traffic Graphs can be generated for any IP or subnet, for any time-frame and for any monitored network links by using a form like the one in the screenshot. Traffic parameters available are bits/second, bytes/second and packets/second. It is possible to generate a single graph for multiple network links. Separate graphs can be generated for every IP in the selected subnet. |
|
Sample IP traffic graph report for a /27 subnet for four days, on four WAN links. Three WAN router interfaces were monitored using NetFlow and one switch port was monitored using SPAN. |
|
Sample IP traffic graph report for a /27 subnet for four days, on three network links monitored using SPAN and NetFlow. The data from all network links were aggregated into a single graph because the "Sum Multiple Sensors" checkbox was checked. |
|
Sample IP traffic graph report for a /24 subnet for 24 hours. The "Single IPs" options was checked. The report contains 255 graphs, one for every IP address in the C class. |
|
Sample IP traffic accounting report for a /27 subnet for four days. The accounting data was collected from two mirrored switch ports and from one router interface. The accounting report contains accurate packets, bits, average packets/second and average bits/second parameters for inbound and outbound traffic. |
Per IP Zone Traffic Graphing and Accounting
|
IP Zone Traffic Graphs can be generated for any IP Zone, for any time-frame and for any monitored network links by using a form like the one in the screenshot. IP Zones offer a segmented view of the network by departments, clients, server farms etc. Traffic parameters available are bits/second, bytes/second and packets/second. It is possible to generate a single graph for multiple network links. |
|
Sample IP Zone traffic graph report for four days, on three WAN links for a client having multiple subnets. Two WAN router interfaces were monitored using NetFlow and one switch port was monitored using SPAN. |
|
Sample IP Zone traffic accounting report for three days for a client having multiple subnets. The accounting data was collected from two mirrored switch ports and from one router interface. The accounting report contains accurate packets, bits, average packets/second and average bits/second parameters for inbound and outbound traffic. |
Live Top Hosts and Protocols Screenshots
|
Top hosts making traffic through a router interface, sorted after inbound and outbound packets/second, bits/second and percent of total network traffic. Top hosts statistics are also generated for TCP, TCP + SYN flag set, UDP, ICMP and unknown protocols. The statistics are updated flicker-free every 5 seconds. |
|
Top TCP ports used by the TCP traffic passing through a switch port, sorted after inbound and outbound packets/second, bits/second and percent of total network traffic. Top ports is also available for UDP ports. The statistics are updated flicker-free every 5 seconds. |
|
Top IP protocols used by the IP traffic passing through a router interface, sorted after inbound and outbound packets/second, bits/second and percent of total network traffic. The statistics are updated flicker-free every 5 seconds. |
Network Links Traffic Monitoring Screenshots
|
Traffic parameters graphs can be generated for all monitored network links and for any time-frame using a form like the one in the screenshot. Available traffic parameters are packets/second, bits/second, bytes/second, IPs/second, received packets/second or flows/second and dropped packets/second or flows/second. |
|
Sample packets/second graphs generated for two switch ports and two router interfaces for a 24 hours period. The "Sum Multiple Sensors" option was not checked. |
|
Sample packets/second graph generated for two switch ports and two router interfaces for a 24 hours period. The "Sum Multiple Sensors" option was checked. |
|
Sample protocols distribution graph for traffic passing through a switch port over 24 hours. Recognized protocols: SNMP, FTP, SSH, TELNET, SMTP, HTTP, POP3, IMAP, SQL, NETBIOS, IRC, DIRECTCONNECT (DC++), TORRENT, DNS and ICMP (PING). |
|
Sample live bits/second and bytes/second graphs generated for three switch ports and three router interfaces. Live traffic graphs are generated and animated using SVG. Live traffic graphs can be generated for packets/second, bits/second and bytes/second. |
|
Sample Systems Status View offering centralized live traffic and operational parameters in form of tables. Tables are refreshed flicker-free every 5 seconds and offer the latest parameters collected from every WANGuard Sensor and WANGuard Filter deployed within the network. |
Depending on your network infrastructure, WANGuard Sensor can analyze the traffic of your network using two different methods:
NetFlow® / NetStream® Monitoring
NetFlow Monitoring is the domain of networks that usually use Cisco or Huawei switches and routers flows. These can be configured to send data streams with the network's usage data to a running WANGuard Sensor system which will do traffic monitoring and analysis.
How NetFlow® / NetStream® Monitoring works
One option to measure bandwidth usage “by IP Address” is to use the NetFlow protocol which is especially suited for high traffic or remote networks. Many routers and switches from Cisco support this protocol as well as vendors like Huawei, Juniper, Extreme Networks, 3COM and others.
Network devices with NetFlow / NetStream support, track the bandwidth usage of the network internally, and then send pre-aggregated data to a WANGuard Sensor system for accounting and traffic analysis purposes. The downside of the NetFlow monitoring is that computing the traffic parameters require large amounts of RAM.
Reasons To Choose NetFlow® / NetStream® Monitoring
Because the switch or router already performs a pre-aggregation of traffic data, the flow of data to WANGuard Sensor is much smaller than the monitored traffic. This way the computing load for WANGuard Sensor is lower. This makes NetFlow / NetStream the ideal option for very high traffic networks that don't need the anomaly detection speed and accuracy of Port Mirroring / SPAN / TAP.
Port Mirroring / SPAN / TAP
In order to do traffic monitoring and analysis, WANGuard Sensor can inspect all network data packets either passing the host server's network card, or the data packets sent by a monitoring port of a switch/router.
How Port Mirroring / SPAN / TAP works
It is very important to understand that WANGuard Sensor can only inspect data packets that actually flow through the network interface(s) of the server running the WANGuard Sensor software. In switched networks, only the traffic for a specific device is sent to the device's network card, so WANGuard Sensor could not see all the traffic of the other network components.
So, for WANGuard Sensor to analyze the traffic of other devices in your network you must use a network TAP, or a switch/router that offers a “monitoring port” or “port mirroring” configuration (Cisco calls it “SPAN”). In this case the switch sends a copy of all data packets traveling through the switch (or passing a specific VLAN) to the monitoring port. As soon as you connect the server that runs WANGuard Sensor to the monitoring port, WANGuard Sensor will be able to analyze the whole traffic that passes through the switch. WANGuard Sensor can also analyze multiple VLANs.
Reasons To Choose Port Mirroring / SPAN / TAP
Packet sniffing comes into consideration if you want the quickest reaction to traffic anomalies (under 5 seconds), and you can provide the higher computing power needed by WANGuard Sensor. Packet sniffing provides very accurate traffic accounting and analysis results.