IP Traffic Analysis, Monitoring and Accounting Software

OVERVIEW
WANGuard Lite 4.0 User Guide
WANGuard
Lite User
Guide


Andrisoft WANGuard Lite is what businesses all over the world rely on when it comes to monitoring their network traffic. WANGuard Lite includes a traffic analyzer called WANGuard Sensor and a web console ( portal ) called WANGuard Console. WANGuard Sensor provides an unmatched visibility into your network's IP traffic in real-time and insights into how your traffic impacts your overall network health.

WANGuard Sensor relies on Cisco NetFlow® / Huawei NetStream® / sFlow® or on Packet Sniffing to provide in-depth traffic analysis and bandwidth monitoring. This information enables you to generate per IP, per network ( subnet ) or per IP Description traffic reports, instantly pin down the cause of network incidents, understand patterns in application performance and make the right capacity planning decisions. Graphs can have user defined accuracy ranging from 5 seconds to 5 minutes and user defined time-frames.
SAMPLE REPORTS (CLICK TO ENLARGE)
Screenshots of Network Interface Monitoring Reports
Dashboard showing Top 10 Takers, Last Hour and Last Week Bits/s Graphs, Inbound Bits/s Tops, Protocol Distributions and Top 5 IP Protocols and Ports. Sample traffic parameters (pkts/s, bits/s, IPs/s etc.) graphs generated for a router with two monitored interfaces.
Sample traffic parameters (pkts/s, bits/s, IPs/s etc.) graphs generated for a VLAN switch port. All Components Tab provides centralized live traffic and operational parameters collected from all WANGuard systems deployed within the network.
Screenshots of IP Traffic Graphs and Accounting Reports
Sample IP graphs report showing 1 day of throughput data for a /24 IP class, over two router interfaces and one switch port VLAN. Sample traffic accounting report showing a report with traffic accounting data for all IPs that made traffic in a /24 class.
Screenshots of Top Talkers, Protocols and AS Reports
The Autonomous Systems (AS) top, through two router interfaces, sorted after inbound packets/second, bits/second and percent of total network traffic. Top hosts making traffic through a VLAN switch port, sorted after inbound IP packets/second, bits/second and percent of total network traffic.
Top ports used in TCP traffic passing a switch port, sorted after packets/second, bits/second and percent of total network traffic. Sample protocols distribution graphs generated for the traffic passing two routers interfaces.

BENEFITS
Traffic Analysis - Quickly see detailed live and historical traffic parameters (per IP, per subnet, per protocol, per ASN, per router interface or per switch port / VLAN) through an intuitive web interface.
Traffic Graphs & Accounting - Extensive MRTG-style traffic graphs and traffic accounting reports for IP addresses and IP classes in your network for any time-frame, including 95th Percentile for burstable billing.
Small Footprint - WANGuard Lite is scalable and can support tens of Gbps of IP traffic.
Simple and Flexible Installation - WANGuard components are distributed as Linux packages that can be installed on your existing servers.
Lowest Total Cost of Ownership - The scalability, accuracy and non-intrusive nature of the software enables large enterprises to manage tens of thousands of endpoints without the need to purchase additional hardware as the traffic grows.
SUPPORTED TRAFFIC CAPTURING METHODS Depending on your network infrastructure, WANGuard Sensor can analyze the traffic of your network using two different methods:


NetFlow® or sFlow® Monitoring


NetFlow or sFlow Monitoring is the domain of networks that usually use layer 3 switch or router flows. These can be configured to send data streams with the network's usage data to a Linux server running WANGuard Sensor.

How NetFlow or sFlow Monitoring works
One option to measure bandwidth usage “by IP Address” is to use the NetFlow / sFlow protocol which is especially suited for high traffic, remote routers. Many routers and Layer 3 switches from Cisco support this protocol, as well as vendors like Huawei ( NetStream ), Juniper, Extreme Networks, 3COM, HP and others.
Network devices with NetFlow & sFlow support track the bandwidth usage of the network internally, and can be configured to send pre-aggregated data to a Linux server running WANGuard Sensor for traffic analysis and accounting purposes.

Reasons to choose NetFlow or sFlow Monitoring
Because the NetFlow and sFlow protocols already perform a pre-aggregation of traffic data, the flows of data sent to the monitoring server running WANGuard Sensor is much smaller than the monitored traffic. This makes NetFlow or sFlow the ideal option for monitoring remote, high-traffic networks.The downside of the NetFlow and sFlow monitoring is that computing the pre-aggregation of traffic data requires large amounts of RAM, it has significant delays, and the accuracy of traffic parameters is lower than when directly inspecting network packets, especially when packet sampling is used.


Port Mirroring, Network TAP, In-line deployment


In order to do traffic monitoring and analysis, WANGuard Sensor "sniffs" all network data packets passing the host server's network card, including the network data packets sent by a monitoring port of a switch or router.

How Packet Sniffing works
It is very important to understand that WANGuard Sensor can only inspect data packets that actually flow through the network interface(s) of the host server. In switched networks, only the traffic for a specific device is sent to the device's network card. If the server running WANGuard Server is not deployed in-line, it can't capture the traffic of other network components. For WANGuard Sensor to analyze the traffic of other hosts in your network you must use a network TAP, or a switch or router that offers a “monitoring port” or “port mirroring” configuration ( Switched Port Analyzer - “SPAN” for Cisco devices, Roving Analysis Port for 3Com devices ). If you don't have network devices that can do port mirroring, you can deploy a Linux server on the main data-path and WANGuard Sensor will be able to analyze the traffic flows that are routed through the server.

Reasons To Choose Packet Sniffing
Packet sniffing comes into consideration if you want the quickest reaction to traffic anomalies (under 5 seconds) and you can provide the higher CPU power needed by WANGuard Sensor. Packet sniffing provides extremely fast and accurate traffic accounting and analysis results.

DETAILS You can find complete specifications about our IP traffic analysis, monitoring and accounting solution by visiting WANGuard Sensor and WANGuard Console modules pages. You may download WANGuard Lite - TRIAL Version. You can switch to a registered version by applying a purchased license.

Feel free to contact us if you have any question.