Opmantek Virtual Appliance is now even easier to use

Opmantek Virtual Appliance is now even easier to use

Opmantek’s Virtual Appliance has always been a feature-rich virtual machine. The appliance now supports Single Sign-On (SSO) across the Opmantek suite, this can increase your functionality and lower your stress. The release also has a new landing page that displays all the installed applications, it even notifies you when new application versions are released.

Setting up a Virtual Appliance for your network monitoring and auditing has never been simpler. Server Virtualisation has been known to increase productivity while reducing hardware and energy costs. Using a virtual appliance to discover, audit, manage, analyze and visualize your IT environment can save your business money while giving you more control and flexibility.

VM Any User - 700
Opmantek’s Virtual Appliance landing page, showing the applications installed and their versions.

 

The latest release is now a single .OVA file, this will benefit new users to the appliance by making the installation even simpler. The installation process is detailed here;

Getting Started Guide

 

And as always, we are constantly improving and fulfilling customer requests.

opFlow 3.0.11 makes network insights even easier.

opFlow 3.0.11 makes network insights even easier.

opFlow easily identifies the root cause of poor network performance, the latest release has allowed this identification to become even easier.

The added visibility inside the opFlow Charts section can help quickly identify any bottlenecks. Utilizing dual axis graphing the chart will show you the information flow in bits per second, flows per second, or packets per second on the left axis and the network utilization percentage on the right axis.

opFlow Dashboard - 700
A full guide on the added functionality is available below;

Understanding opFlow Charts

 

And as always, we are constantly improving and fulfilling customer requests.

Are there features that you would like to add, if so contact us.

Network Security – Determine Attack Vector With opFlow

Network Security – Determine Attack Vector With opFlow

By Chris Gatlin, Senior Support Engineer, Opmantek

DDoS (Distributed Denial of Service) attacks have become common, appearing to be coming from everywhere and targeting popular public infrastructure.  There is usually something unique or common to each DDoS attack.  This commonality can be used to classify the traffic and drop it.  Depending on the topology and the attack vector the target organization may be able to effectively block the traffic.  In some cases the upstream provider may need to be contacted to drop it.  If the target organization can effectively communicate the attack vector the upstream providers will be more responsive.

opFlow is well suited to determine the attack vector.

The default landing page for opFlow displays the top 10 sources.  If the suspected attack is of the DDoS type change the page to display the top 10 applications.  This is done by clicking on the word ‘Advanced’ found in the top menu bar.

advanced - 700

Figure #1 – Advanced Window

The Advanced window will render. Change the summary type to ‘App Sources’. Also, change the ‘Specific Time’ section to match the time period that is relevant. Click ‘Apply Selection’ and the landing page will update appropriately.

 

top10App - 650

Figure #2 – Top 10 Applications

 

In the example above we see UDP:32760 in the second row, this is normal traffic for this particular netowrk. The domain traffic in the first row is very unusual. Now we have an idea that the attack traffic is related to UDP destination port 53. In order to get a tighter vector on this traffic navigate to ‘Views->Conversation Map’. The time interval will be preserved.

The flow data table will be found below the map. Click on the time header of the flow data table to sort based on time. Next change the records per page to 500. The conversation map will change to represent the 500 displayed flow records. Click on a flow data page the represents the DDoS time well.

zoom2 - 700

Figure #3 – Conversation Map

 

The conversation map above is indicating that all the traffic is focused on one destination. Disable the ‘Zoom Lock’ on the map, then zoom into the center to determine what the attack target is.

zoomin - 700

Figure #4 – Flow Data Table

 

We observe that the attack traffic is focused on the DNS server, 10.248.114.10.

Looking at the flow data we see all the flows are a single packet, UDP and destined to port 53. We can also tell that none of these are valid DNS requests because the packet is much to big, 1,308 bytes. DNS responses can be large but a single DNS request should not be more than 150 bytes.

Based on this an ingress policy could be written that discards any packets larger than 150 bytes destined to the DNS server on UDP port 53.

opFlow 3.0.11 makes network insights even easier.

NetFlow analysis hits a new level with opFlow 3

With opFlow 3 your organization can rapidly identify congested links, bandwidth hogs, extreme data usage and suspicious behavior in real time; analyzing and interpreting Flow data across a broad range of protocols has never been this intuitive. Opmantek’s opFlow 3 now supports all major Flow standards including, Cisco NetFlow, NetFlow-Lite and NSEL, Juniper J-Flow, sFlow and IPFIX.

This release represents a complete rewrite of opFlow, including new flow processing daemons and faster database operations that make use of the MongoDB WiredTiger engine resulting in fast processing and easier access to historical records. This is a massive release and feedback from early adopters has been overwhelmingly positive…

“The connection map is an awesome tool – allows you to see traffic patterns really quickly and easily”

We’ve packed so much new stuff into this release, I didn’t know where to start, so I asked our engineering team to nominate and rank their favourite features from this release. Here is the top 5 countdown:

#5 New NetFlow Reporting Engine

opFlow 3 comes with a new, easy to use, reporting engine that can produce a range of useful reports on traffic trends and top talkers across your environment or for specific interfaces over time.

#4 Intuitive New GUI

A Task Driven GUI means faster access to critical information. Select Agents, Interfaces, and Flow direction quickly through a responsive filter panel.

#3 Easy Identification of Network Hogs

Search your TopN summary quickly by Application, Port, Sender or Receiver; drill down quickly to identify high-bandwidth users and squash the network hogs.

#2 Traffic Heat Maps

View network conversations interactively using a dynamic Heat Map; visually identify the biggest network traffic generators in your environment. Perfect for NOC environments and executive presentations.

#1 New High Performance Flow Daemon

The number 1 feature, according to our engineering team, is the new High-Performance Flow Daemon. Supporting a broader range of flow protocols including Cisco NetFlow, NetFlow-Lite and NSEL, Juniper J-Flow, sFlow and IPFIX, opFlow now processes data faster and more efficiently making it even more effective for analyzing extensive multi-vendor networks.

opFlow Heat Map - 700

Traffic heat maps help to identify the biggest network traffic generators in your environment.
To experience these great new features for yourself <a title=”Download” href=”https://opmantek.com/network-management-download/” target=”_blank” rel=”noopener”>Download opFlow 3</a>, activate your free 30-day trial license and gain new insight into your network performance today.