FlowPro#
Once registered and deployed, FlowPro probes enable the following additional functions/features in Scrutinizer.
Note
Further details are available in the FlowPro online documentation.
Reports#
The following additional report types are enabled by FlowPro:
Application Latency |
Application latency reporting measures the delay or time an application takes to send a request and receive a response. It is a critical metric for assessing the responsiveness of applications. |
Application Latency (old) |
This report refers to historical data on application latency, providing insights into how latency has changed. Analyzing historical data can help identify trends and potential issues. |
Host Jitter |
Jitter is the variation in the delay of received packets. Host Jitter measures the irregularity in the packet arrival timing at the destination host. It is crucial for understanding network stability and potential performance issues. |
Host Jitter By SSRC (Dst) |
This report breaks down the host jitter by Synchronization Source (SSRC) at the destination. SSRC is a unique identifier assigned to each synchronization source in a multimedia session. |
Hosts Latency (Dst) |
Measures the latency at the destination host; it provides insights into the delay experienced by packets as they reach their destination. |
Hosts Latency (Src) |
Like Hosts Latency (Dst), this report measures latency at the source host. It helps in understanding the delay introduced by the source system. |
Host to Host Latency |
Host to Host Latency measures the overall latency between two hosts, from source to destination. It considers the complete round trip time for data transfer between the specified hosts. |
Re-transmission by Application |
Indicates the number of times an application has to retransmit data due to packet loss or other network issues. High re-transmission rates may suggest network congestion or unreliable connections. |
Re-transmission Host to Host |
Like Re-transmission By Application, this metric focuses on retransmissions between two hosts. |
Top Applications |
This report provides information on the network’s most used or resource-intensive applications. Monitoring top applications helps identify bandwidth consumption and potential performance bottlenecks. |
Alarms#
The following additional flow analytics algorithms and their corresponding alarm policies are enabled by FlowPro:
BotNet Detection |
Alerts for large numbers of failed unique DNS lookups |
DNS Command and Control Detection |
Alerts for DNS TXT messages at the network perimeter whose volume or size exceed a specified threshold |
DNS Data Leak Detection |
Alerts for messages with suspicious DNS names whose volume or size exceed a specified threshold |
DNS Server Detection |
Alerts for new DNS servers based on packet exchanges between clients and servers |
Domain Reputation |
Alerts for traffic associated with suspicious domains (based on a Plixer-maintained reputation list) |
JA3 Fingerprinting |
Alerts for suspicious encrypted traffic based on TLS handshake data and known signatures |
Selective packet capture#
FlowPro also enables targeted traffic sampling in Scrutinizer through custom packet capture rules. These rules can be defined from the web interface or via API request.
Troubleshooting#
If there are issues with any FlowPro feature, try the following steps:
Check Scrutinizer logs for errors.
Verify that the correct credentials were entered during configuration.
For additional assistance, contact Plixer Technical Support.