Search form

Upcoming Webinars

Learn Effective Strategies to Automate Backups, Track Changes and Ensure Compliance
November 19, 2024

On-Demand Webinars

Cloudinary Ushers in a New DAM Era
Turn Your High-Volume CDN Log Analytics into Actionable Insights
The Future of IT Operations - AIOps, Observability and Beyond
Equinox levels up its observability fitness with Elastic
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Harnessing the Power of Generative AI in Retail
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Supercharge Your IT Resources
Automate and Save Time
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Automox Virtual Summit 2023
Puzzled by Patching: Solve Endpoint Pains On-Demand
Perfecting the Customer & Employee Digital Experience with TMNAS
Gaining App-Centric Visibility Into Your IT Infrastructure
Preventing Outages: Monitor What Matters
Bridging Visibility Gaps in Your Multi-Cloud Infrastructure
Cloud Trends and How Observability Enables Hybrid Cloud and Operational Efficiency

All Webinars...

Analyst Reports

Gartner® Magic Quadrant™ for Digital Experience Monitoring 2024
Gartner® Magic Quadrant™ for Observability Platforms 2024

All Analyst Reports...

White Papers

AI is Taking "Management" Out of Digital Asset Management for IT and Product Teams
The Ultimate APM Playbook: Overcoming Roadblocks & Best Practices
Modernizing the AdTech Stack
10 best practices for mastering Azure monitoring
Key factors to consider when evaluating application monitoring tools
Cloud monitoring: A complex yet essential aspect of effective cloud management
Level up with distributed tracing: Enhancing application performance with Applications Manager
Top challenges of digitization and how network traffic analysis can help
What is APM: Understanding the Basics of Application Performance Management
What is end-user experience monitoring?
How IT leaders can drive more with less
Bandwidth throttling - A strategic approach to network bandwidth monitoring and optimization with NetFlow Analyzer
Address multi-client network traffic monitoring challenges with OpManager MSP’s new NetFlow Analyzer integration
Full-stack observability: Implementation, benefits, and ROI
Network traffic analysis for today's IT
The 2024 Observability Landscape — a survey of observability decision-makers
2024 State of IT Operations Report: Journey to Agility
OpUtils IP scanner for visibility: See everything, manage effortlessly
Digital experience monitoring in Applications Manager
How to monitor Apache web server performance metrics
How IT leaders can drive more with less
Firewall Segmentation
Startup vs. running configuration conflict: Its impact, and how to avoid it
A comprehensive guide to enhance performance and reliability in your storage systems
An IT leader's enterprise guide to drive more with less
Website monitoring in Applications Manager
Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report

All White Papers...

The Pros & Cons of Flow & Packet Data - Part 2
February 23, 2022

Jay Botelho
LiveAction

Share this

What are the cons or challenges of Flow and Packet data?

Start with: The Pros and Cons of Flow and Packet Data - Part 1

While Flow data offers a high level of traffic visibility, it has little detail about what's actually flowing. For example, you can't see microbursts, or the amount of time an application spends churning on a request. It can also present complications for flow monitoring at the edge (small, remote offices), since many edge routers aren't full-featured enough to offer xFlow.

And although xFlow come "for free," it does put an extra processing load on the router, especially when the router is very busy, and this can lead to gaps in visibility when you need it most.

Finally, flow sampling is sometimes used to reduce the processing load on the router, making security detection much less effective since some flows, and perhaps the flows in question, may not be reported on due to sampling.

When it comes to Packet data, dedicated hardware and cabling are required between mirror ports on a router and a DPI application or appliance. This means there's more equipment to purchase, configure and maintain. Furthermore, when routers get busy the processing power required to mirror data can be reduced, resuling in some data not being mirrored, thereby reducing the effectiveness of the mirrored data. This can be addressed by using network taps or packet brokers, but this introduces even more hardware into the solution.

Packet data also requires specialized tools for analysis and a high level of expertise to be used effectively. To reap the benefits of packet data, organizations need to invest in solutions like protocol analyzers and have NetOps teams that understand how to use them. It also adds more complexity to network management, as network engineers need to be very aware of what data they want to monitor, and then ensure that the data mirroring they originally configure remains relevant as other network changes are made.

And the use of HTTPS and VPNs that create privacy tunneling is making packet payload analysis more challenging, often limited to specific instances where the keys for decryption are known for specific network flows.

What are some common ways to use Flow and Packet data to troubleshoot network performance?

The more complex underlying network problems are, the more sleuthing and expertise in protocol and packet analysis are needed. End-to-end visibility extrapolated from Flow and Packet data aids network troubleshooting at the most critical levels and sets the stage for further monitoring integrations that track application performance and sophisticated user experiences.

By using network monitoring solutions (like NPMD and NDR), finding the answers to common issues can be simplified. Here are four ways Packet and Flow data can help.

Topological Views

These views use Flow and Packet data to provide a comprehensive map of network performance. This helps Netops teams to identify infrastructure components in need of upgrading or replacement, and perform capacity planning. They also help when maintaining a real-time comprehensive device inventory, can trigger automatic device discovery, can help to proactively identify choke points on the network, and can be used to compare different performance metrics.

Flow Path Analysis

This is used to identify possible routes, hops, and network latency impacts across endpoints based on IP address. Packet and flow data allows Netops to identify issues caused by load balancing and to identify other issues caused by routing, such as sudden changes in network latency and poor performance of real-time protocols, typically voice and video.

Application Monitoring

Establishing performance baselines that can be used to monitor for abnormal traffic levels is crucial for application performance. Flow and Packet data allows NetOps to uncover insight into how the network is being used at the application level. For example, by identifying policy weaknesses that have allowed unwanted usage.

Intrusion Detection and Prevention Monitoring

Having insight into Flow and Packet data allows NetOps and SecOps to identify a known attack or type of attack based on its signature (signature-based). Teams can also identify deviations from the norm of network behaviors (anomaly-based) or the norms of protocol use (stateful protocol analysis).

Oftentimes, enterprises have seen Flow and Packet data as mutually exclusive — that one can be utilized without the need for the other — but the truth is that when combined NetOps teams can gain more complete visibility. This helps to protect against security threats, investigate alerts and ensure the overall performance of the network and applications.

Jay Botelho is Senior Director of Product Management at LiveAction
Share this

Related Links

www.liveaction.com
The Pros and Cons of Flow and Packet Data - Part 1

Hot Topics

NPM/NetOps

The Latest

Internet and Cloud Creating Network Blind Spots
November 21, 2024

Broad proliferation of cloud infrastructure combined with continued support for remote workers is driving increased complexity and visibility challenges for network operations teams, according to new research conducted by Dimensional Research and sponsored by Broadcom ...

How Do Banks Stay Ahead? Use the Right Tech to Connect the Business From End-To-End
November 20, 2024

New research from ServiceNow and ThoughtLab reveals that less than 30% of banks feel their transformation efforts are meeting evolving customer digital needs. Additionally, 52% say they must revamp their strategy to counter competition from outside the sector. Adapting to these challenges isn't just about staying competitive — it's about staying in business ...

Financial Services Industry Is Ready to Lead on AI Adoption, Once Data Concerns Are Addressed
November 19, 2024

Leaders in the financial services sector are bullish on AI, with 95% of business and IT decision makers saying that AI is a top C-Suite priority, and 96% of respondents believing it provides their business a competitive advantage, according to Riverbed's Global AI and Digital Experience Survey ...

SLOs for Mobile: Key Challenges and How to Address Them
November 18, 2024

SLOs have long been a staple for DevOps teams to monitor the health of their applications and infrastructure ... Now, as digital trends have shifted, more and more teams are looking to adapt this model for the mobile environment. This, however, is not without its challenges ...

Navigating the IT Modernization Journey: Insights, Challenges and Strategic Recommendations for Success
November 14, 2024

Modernizing IT infrastructure has become essential for organizations striving to remain competitive. This modernization extends beyond merely upgrading hardware or software; it involves strategically leveraging new technologies like AI and cloud computing to enhance operational efficiency, increase data accessibility, and improve the end-user experience ...

Testing AI with AI: Navigating the Challenges of QA
November 13, 2024

AI sure grew fast in popularity, but are AI apps any good? ... If companies are going to keep integrating AI applications into their tech stack at the rate they are, then they need to be aware of AI's limitations. More importantly, they need to evolve their testing regiment ...

Large-Scale Outages Highlight the Need for Continuous Testing
November 12, 2024

If you were lucky, you found out about the massive CrowdStrike/Microsoft outage last July by reading about it over coffee. Those less fortunate were awoken hours earlier by frantic calls from work ... Whether you were directly affected or not, there's an important lesson: all organizations should be conducting in-depth reviews of testing and change management ...

MEAN TIME TO INSIGHT Podcast - Episode 11: Secure Access Service Edge (SASE)
November 08, 2024

In MEAN TIME TO INSIGHT Episode 11, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses Secure Access Service Edge (SASE) ...

Gartner: Only 48% of Digital Initiatives Meet or Exceed Their Business Outcome Targets
November 07, 2024

On average, only 48% of digital initiatives enterprise-wide meet or exceed their business outcome targets according to Gartner's annual global survey of CIOs and technology executives ...

The Case for Adopting AI Gradually: A Roadmap for Tech Leadership
November 06, 2024

Artificial intelligence (AI) is rapidly reshaping industries around the world. From optimizing business processes to unlocking new levels of innovation, AI is a critical driver of success for modern enterprises. As a result, business leaders — from DevOps engineers to CTOs — are under pressure to incorporate AI into their workflows to stay competitive. But the question isn't whether AI should be adopted — it's how ...