Manito Networks Flow Analyzer

The Flow Analyzer collects, tags, stores, and visualizes network flow data. The appliance can be hosted in the cloud or on-premise in the datacenter, and provides immediate insight into network performance and behavior. Tagging and aggregating the flow data makes weeks or months of flow data user-friendly, allowing high-level traffic visualizations of entire networks or single hosts.

Project Goals

Our goal is to provide superior Netflow and IPFIX collection, visualization, and analysis. We do that by creating:

  • Efficient, accessible, and sustainable software
  • Scalable solutions that can evolve as you grow
  • Superior documentation from architecture through installation, configuration, tuning, and troubleshooting

One other goal of ours is to make Elasticsearch and Kibana easy to implement and accessible to those who haven't used it before. The learning curve for distributed search systems and dashboarding software can be steap, but we think that everyone should be able to realize the benefits of meaningful, beautiful data visualization.

Data Access

Flow data is available via:

  • Visualizations and Dashboards in Kibana
  • Queries in Kibana
  • Command line queries in Elasticsearch

Pre-built Visualizations and Dashboards let you see network traffic at a glance, and drill down to discover how your network is behaving. You can customize your own dashboards as well, or we can do it for you.

Searching in Kibana reveals more data about specific flows, helping you drill down into specific behaviors on your network. You can use your own searches, or use searches provided by Manito Networks for many common scenarios. Saved searches are reusable, and you can build your own visualizations and dashboards on top of them, or we can do it for you.

Queries in Kibana

Queryies in Elasticsearch

Traffic Categorization

The Flow Analyzer allows you to break your traffic down so you can get the granular reporting that you need to make informed decisions. Starting right at data collection we tag and categorize your traffic, so every flow can be explored and reported on. When you're ready to move beyond looking at just traffic volume and protocol type you'll be able to quantify what users are doing on your network and when.

We tag flows for IANA-defined protocols currently in use on modern networks. The list can be found here on IANA's Protocol Numbers list. This includes TCP, UDP, ICMP, GRE, IPv6-in-4 tunnels, and more.

Protocols Over Time

Once flows have been tagged with a protocol they also get tagged with the higher-level service name based on source and destination ports using IANA's Service Name and Transport Protocol Port Number Registry. This includes HTTP(S), FTP, SSH, DNS, and more.

Services

Architecture

The Manito Networks Flow Analyzer is built on a solid Linux foundation, using Elasticsearch for fast storage and search, and Kibana for data visualization. Our custom software parses and tags flow data so you can dynamically search and correlate network flows across the network.

Attributions

Elasticsearch is a registered trademark of Elasticsearch BV.

Kibana is a registered trademark of Elasticsearch BV.

Elasticsearch and Kibana are distributed under the Apache 2 license by Elasticsearch BV.