Network security devices perform security detection on the traffic passing through the devices based on signature rules. When the network communication data matches the signature rules, the network security devices will block the data. However, sometimes, the security devices block normal network business communication as well.
Network performance analysis system has storage capacity to save all packets. IT teams are challenged to locate the network problem in the huge and complex data, and usually need to check specified network traffic for given objects. Colasoft nChronos network performance analysis system provides the function of customizing analysis objects.
Many network service abnormitis are often caused by Cyber-attacks, but there are many reasons for the abnormitis. How to analyze and locate the reasons is the key to solving the problem. A DNS amplification attack is a DoS attack. The attacker uses a large number of controlled hosts in the botnet to pretend to be the attacked host. And it continuously sends a large number of DNS requests to multiple DNS servers that allow recursive queries at a specific point in time, forcing servers to provide response services. A large amount of response data amplified by the DNS server is sent to the attacked host to form attack traffic, which causes it to fail to provide normal service or even paralysis.
TCP transaction analysis allows users to define the transaction by configuring the protocol on the application level. And this would make transaction identification and analysis more accurate.
Troubleshooting network problems can be a very intensive and challenging process. Intermittent network problems are even more difficult to troubleshoot as the problem occurs at random times with a random duration, making it very hard to capture the necessary information, perform troubleshooting, identify and resolve the network problem.
HTTP reconstruction is an advanced network security feature offered by nChronos. With HTTP reconstruction, network security engineers and IT managers can uncover suspicious user web activity and check user web history to examine specific HTTP incidents or HTTP data transferred in/out of the corporate network.
The following steps will allow you to migrate configuration files from an nChronos Evaluation to an nChronos Licensed version on the same machine.
Do you know what your normal network throughput volume is, what types of traffic are most used in your network? If you can't answer these questions then you should baseline your network.
Based on the architecture that nChronos stores all data on nChronos Server while nChronos Console works like a display, users who want to view network data have to connect to nChronos Server first.
If you use nChronos to monitor traffic on a core switch you will see lots of internal IP addresses, and also the Internet IP addresses. You can find that most of the Internet IP addresses are shown as their domain name, such as www.colasoft.com.
nChronos provides a Traffic Alarm, which is defined by users, so as to notify there is traffic abnormal on the network.
Colasoft nChronos provides twelve system reports, and users can define new reports according to need.
As a network performance analysis solution, nChronos allows users to view historical data just by a drag. Below is a screenshot of the Time Window, you can drag the trend charts back and forth to view the network traffic of any interested time period.
A network link is defined as the traffic source of a monitoring session. Depending on different editions, higher edition enables you to use one nChronos server to monitor mirror traffic from multiple NICs in one link, while basic edition may only support monitor traffic from a single NIC. .
This short video introduces the components, user interface and important functions of Colasoft nChronos. Please leave a comment for suggestions or feedback below. Thank you.