In today's world, the survival of all organizations depends on their ability to work and produce digitally. Therefore, the need for visibility into application and network performance is a must for a network monitoring solution.
Traditionally, APM and NPM services have taken an "either-or" approach, focusing on either packet capture or NetFlow. This means that there is a trade-off between the two, choosing one to monitor but missing the other. The “either-or” approach has limitations and blind spots. (Note: APM: the abbreviation of Application Performance Monitoring, that is, application performance monitoring. NPM: the abbreviation of Network Performance Monitoring, that is, network performance monitoring)
Of course, there will be organizations that use the "both" method for network monitoring, but for organizations, many tools are required to have better network coverage, which is a very troublesome thing for everyone.
So we created a unified network and application monitoring platform that combines packet capture and NetFlow in one view.
We can continue discussing the benefits of correlating these data types later, but first, let's look at the unique features and benefits of using packet capture and NetFlow for network analysis.
NetFlow or Flow Analysis
Flow Analytics is a higher-level, lightweight summary of network health. It studies OSI Layer 3 traffic-based data produced by network devices such as switches and routers to identify patterns and anomalies in network traffic.
Traffic analysis reports IP addresses and answers the "where" question with IP addresses and how bandwidth is being used and where applications are located.
Creating streams is a secondary priority of the device, so when the device is overloaded, no streams will be generated. Or when your device does not support generating streams, LiveWire can solve this problem by generating IPFIX based streams from packets.
Packet Capture or PCAP
PCAP collects network packet data in transit from layers 2-7 of the OSI model. It gets an accurate picture of the raw packets traveling in the network, and it does this through SPAN ports/mirror ports or probes. Packet capture analysis answers the "who and what" question with network domain reports and username access. Drilling down to the root cause of an event with traffic source data, error detection codes, sequencing information, and more, PCAP captures exactly what happened. Some packet capture tools (like LiveWire) also allow targeted storage of packet captures for retrospective forensics of historical data.
You can use packet captures to break into specific time ranges or port numbers if you identify the relevant flow paths. Combined, you can quickly see how resources are being used, i.e. bandwidth usage, and get more information when needed.
If this taxonomy is new to you, check out this OSI model diagram for reference:
Packet+Flow
Using LiveNX Flow Analysis and LiveWire Packet Capture together has the following advantages:
✔ Faster incident identification and resolution
✔ Improve troubleshooting accuracy through improved visibility
✔ Historical data storage to provide context for the development of network events
✔ Cloud-based remote device management
✔ Custom search parameters for quick incident investigation
How is Hongke LiveAction different?
Hongke LiveAction's vendor-independent network monitoring tools unify packets and data flows. Our technology allows us to create LiveFlow through AI and advanced analytics to extend flow and reach visibility where IPFIX is not available.
Because LiveAction can generate stream data directly from packets, stream data is richer than data typically obtained through streams from network infrastructure devices.
This enhanced flow data includes TCP metrics, packet retransmission details, and VoIP metrics such as jitter and phone numbers, providing advanced data to simplify network and application alerting and troubleshooting, significantly reducing mean time to resolution (MTTR) ).
Our integration between LiveWire and LiveNX provides a direct link via LiveWire to raw packet data for detailed root cause analysis within the same platform, significantly reducing time to resolution (MTTR).
LiveAction provides a network monitoring solution that combines packet data, streaming and SNMP for correlation and real-time or historical reporting in topographical maps.
When you need to see everything - there is Hongke LiveAction
Use LiveAction's platform anywhere you need ultra-visibility of critical network operations or changes. For example:
✔ SD-WAN deployment
✔ VoIP Troubleshooting
✔ Remote location management
✔ Campus and branch monitoring
✔ Data Center Observability
✔ Cloud Architecture Visibility
● Hybrid cloud
● Public cloud
● Multi-cloud configuration