Products ▾
- WhatsUp Gold
  
  Download » Buy Now »
  
  Comprehensive Network Management Solution.
- Featured Product
  WhatsUp Application Performance Monitor
  
  Download » Buy Now »
  
  Unified application performance monitoring.
- WhatsUp Gold Plugins:
  
  WhatsConfigured »
  Flow Monitor »
  WhatsVirtual »
  Flow Publisher »
  VoIP Monitor »
  Failover Manager »
  Language Packs »
  
  New!
  Scalability Pollers
- WhatsUp Log Management
  
  Download » Buy Now »
  
  Log Collection, Analysis & Reporting
- Log Management Components:
  
  Event Archiver »
  Event Alarm »
  Event Analyst »
  Event Rover »
- IP Address Manager
  
  Download » Buy Now »
  
  Automate the discovery, documentation and management of your IP space.
- WhatsConnected
  
  Download » Buy Now »
  
  Inventory and document your network anytime, anywhere – with just one click.
- WhatsUp Application
  Performance Monitor
  
  Free Trial » Buy Now »
  
  Maintain the performance and availability of applications.
- AlertFox
  End-User Monitoring
  
  Free Trial » Buy Now »
  
  Test and monitor your Website from your customer’s perspective.
Solutions ▾
- Enterprise
  
  WhatsUp Gold is the most comprehensive, scalable, intuitive, and cost-effective IT management solution available today.
- Small & Midsized Business
  
  At one site or many, WhatsUp Gold is the solution to your network pain.
- Managed Service Providers
  
  Enabling the MSP's competitively priced, reponsive, quality services.
- Federal
  
  Enabling security and compliance directives across Federal agencies.
- State & Local
  
  Simple licensing and low operating costs make WhatsUp Gold IT Management solution the best value for state and local government departments.
- Education
  
  Ensure a quality IT infrastructure for educational applications.
- Financial & Insurance
  
  Protect yourself from hefty fines by ensuring that PCI, SOX, Basel II and other critical regulations are met using WhatsUp Gold.
- Healthcare
  
  Healthcare services demand broad IT services at competitive pricing.
- Manufacturing
  
  With easy implementation and low pricing, WhatsUp Gold delivers for manufacturing firms.
- Application Performance Monitoring
  
  Find and fix application performance issues before they affect users.
- Wireless Network Management
  
  Gain control of your wireless networks and optimize the availability, performance, and security of your wireless infrastructure.
- IT Compliance
  
  Prevent a costly PCI or HIPAA audit by automating IT compliance on your network.
- IT Infrastructure
  
  Maintain a baseline understanding of your network and avoid losing track of costly IT assets.
- Management Solutions
  
  IT Management Solutions »
  Fault & Availability Management »
  Change & Configuration Management »
  Traffic Analysis & Accounting »
  Performance Management »
  Security Information and Event Management »
- Compliance Solutions
  
  PCI DSS »
  Sarbanes-Oxley »
  GLBA »
  FISMA »
  NISPOM »
  HIPAA »
  Basel II »
  NERC »
  FERPA »
  MA Privacy Law »
  United Kingdoms Regulations »
  German Regulations »
  French Regulations »
Resources ▾
- Technology
  
  WhatsUp Gold technology - tested on 100,000 networks. See how it works.
- Videos
  
  WhatsUp Gold Videos »
  
  WhatsUp Gold Evaluation Tutorials »
- Other Resources
  
  Case Studies »
  
  White Papers
  
  Datasheets »
  
  Brief Notes »
- Webinars
  
  Live Webinars »
  
  Recorded Webinars »
Support ▾
- Training
  
  Learn how to get the most out of your WhatsUp Gold installation.
- WUGspace Community
  
  An IT community for managers, engineers and administrators.
- Knowledge Base
  
  Information and popular articles on the WhatsUp Gold product family.
- Support
  
  Get help on-demand.
- More Support Links
  
  New! Evalutation Tutorial
  Video Series »
  Lost Keys & Redownloads »
  Service Packs & Upgrades »
  MIB Library »
  Product Documentation »
  Product Life Cycle »
  
  Contact Customer Service »
  Contact Technical Support »
Company ▾
- Contact Us
  
  Find contact information for sales, technical support, customer service, or other inquiries here.
- Buzz
  
  See the latest in WhatsUp Gold social media.
- About Us
  
  All about Ipswitch, Inc. and its WhatsUp Gold Network Management Division.
- Careers with Ipswitch
  
  We make more than software. We make a difference.
- More Company Links
  
  Blog »
  Press Releases »
  Management Team »
  Privacy Policy »
  License Agreement »
  Return Policy »
  Trademark List »
Downloads

Bookmark and Share

WhatsUp Gold Flow Publisher

Network traffic monitoring and analysis

Flow monitoring for the whole network without changing your infrastructure

You know your network better than anyone else. Yet when your users complain that web pages are taking too long to load, or a critical internal application is timing out, you’re often at a loss to explain why. After all, users are only focused on whether their business applications are working right, while you have to think about much more, including managing the infrastructure that delivers those applications. So while you work hard to keep your network and servers healthy and running at optimal capacity - that’s not enough for your business users or your management. It’s almost as if you are conversing in different languages. And while you see the spikes in network traffic, you can’t pinpoint why and how they are affecting your applications.

Blindsided (def). Not knowing who or what is on your network

With flow enabled network devices you can quickly see which users, applications, protocols and traffic sources are generating traffic and consuming bandwidth. Maybe some users are doing unexpected things – like streaming large files or doing backups during normal business hours. Or maybe it’s something dangerous – like a virus spreading on your network. But you can only see this on a flow-enabled network. What happens if you don’t have the luxury of turning on flow monitoring across the network – simply because your devices don’t support it or the cost of upgrading to new infrastructure is not in your budget. You’re destined to manage your network with only partial visibility.

Flow Publisher brings Traffic Analysis to Every Corner of your Network

Well, help is on the way. With WhatsUp Gold Flow Publisher, you can get unique insight and visibility into your network traffic for every device – whether they natively support flow monitoring or not. In short, Flow Publisher makes flow monitoring possible for every network segment and for literally every device. By capturing raw traffic from the network and converting it into standard NetFlow records, Flow Publisher puts you in complete control and conversing in a language your users understand.

With Flow Publisher you can:

Turn on network traffic analysis for every device and every network segment
Determine which users, applications or traffic sources are consuming bandwidth
Require no costly upgrade of your devices to turn on application flow visibility
Get alerted in real-time when monitored traffic parameters breach targeted thresholds
Ensure business applications get the bandwidth they need
Access over 40+ web and mobile reports for base-lining and analysis

Key Capabilities of WhatsUp Gold Flow Publisher include:

Uses Flow Monitor plug-in for advanced reporting and alerting

WhatsUp Gold Flow Publisher acts as a network traffic flow information source for Flow Monitor and forwards processed NetFlow records to it. Flow Monitor acts as a standard collector, as it does for other flow-enabled devices, and provides a comprehensive picture of application flows across the entire network in one screen. All of Flow Monitor’s powerful reporting, configurable thresholds, analysis and alerting capabilities are also available to Flow Publisher records - ensuring centralized management of application, host and user traffic.

Works with any existing network devices and your Windows servers

Since Flow Publisher captures and processes raw network traffic from any mirrored switch port, or network TAP (Test Access Point) or even a Windows host server – there is no requirement for changes or upgrades to existing device capabilities. While Flow Monitor can be used to directly receive flow records from NetFlow, sFlow or J-Flow enabled devices, Flow Publisher seamlessly extends coverage to any non-flow enabled device. With Flow Publisher in place, the entire network can be managed with the same level of visibility.

Develops standard format flow records that you can easily understand

Flow Publisher outputs NetFlow v1, v5 and v9 compliant records enabling operations staff to use existing knowledge, skills and best practices that your business may already have in place. With advanced analysis, real time alerting and historical trending available through Flow Monitor – network managers can identify top conversation pairs, top senders and receivers, failed connections per host and analyze breakdown of traffic from every monitored network interface on any device.

Delivers accurate visibility with full flow capture

Popular flow protocols like sFlow or J-Flow employ sampling techniques that reduce the granularity of visibility and insight that flow data can provide. For example, flow sampling may completely miss occasional network congestion instances caused by intermittent and unpredictable user actions or malicious virus activity. With Flow Publisher, the full extent of raw traffic is captured and processed into NetFlow compliant records – ensuring accurate and in-depth visibility into user, protocol, source and destination, and application activity on the network.

Supports simple, manageable and cost-effective deployment

Flow Publisher is a small footprint application that can be installed on most Windows systems, enabling cost-effective deployment. It can capture flows from remote network ports and from four different traffic sources simultaneously. For servers, Flow Publisher is installed directly on the target system. Further, Flow Publisher supports configurable ACL’s (access control list) for administration and management.

Flow Publisher’s unique ability to capture and process raw traffic information from non-flow enabled devices or host systems, combined with the powerful analysis capabilities of Flow Monitor deliver the following features:

Flow Publisher Basics

Simple, software only solution that can be deployed on any current Windows operating system
Capture of raw traffic flows from any of the following:

Port mirroring (SPAN or RAP)
Network Test Access Points (TAP)
Directly on Windows server platforms

Creates NetFlow v1, v5 or v9 compliant records from raw traffic
Maps device MAC addresses to reported interfaces
Provides options to log flows and commands
ACL’s for access to administration and configuration
Flow Publisher Management Console:

Configuration and management of single or multiple agents
Interface(s) from which to capture network traffic
Mode and status for each interface in the probe (promiscuous or normal)
Collector IP address to forward NetFlow records
NetFlow version of flow data to send to a collector
Local IP and port of the probe to forward flow records
Active and Inactive timeout for flow record management
SNMP index for the default input/output reported interface MAC Addresses to Interface indices mapping

Traffic Analysis and Monitoring / Troubleshooting Capabilities (in conjunction with Flow Monitor)

Automatic classification of traffic by type and protocol in real-time
Real-time identification of traffic flow patterns through the network
Identification of traffic sources (top talkers) and destinations
Identification of traffic destination by group, domain, top level domain (TLD), and country
Pinpointing of internal and external traffic sources and destinations
Conducting traffic identification and analysis for Quality of Service using ToS or DSCP
Grouping of flow data based on common parameters, including IP addresses by domain, TLD or country
Automatic identification of high traffic flows to un-monitored ports and highlighting of those ports as candidates for monitoring
Uncovers unauthorized applications, including file and music sharing
Detection of failed connections

Reporting (in conjunction with Flow Monitor)

Access to over 40 flow management reports via WhatsUp Gold web and mobile access
Automated rollup of flow data with hourly, daily, weekly, monthly and yearly views
Displays flow information in custom formats
Sorts and displays filtered reports by protocol, application, host, domain, TLD, country, groups or type of service
Integration of flow reports with WhatsUp Gold workspace reports
Access to WHOIS information for sender and receiver reports
Display traffic information by bytes, packets or flows

Configuration and Management (in conjunction with Flow Monitor)

Configuration of thresholds on multiple flow metrics via the Alert Center
Configuration and management of flow data retention policies
Configuration of flow logging levels
Configurable support for non-standard ports and proprietary protocols
Starting and stopping of flow services
Setting of address resolution levels
Access to flow database and service status, providing instant views of database parameters and running flow services
Backup and restoration of flow database
Apply custom names to flow interfaces
Notification of database status

Flow Publisher = Complete Network Visibility

WhatsUp Gold’s new Flow Publisher extends flow monitoring visibility and analytics to non-flow supporting devices and Windows host systems.

Direct Benefits of Flow Publisher

Extends standardized network traffic analysis and application flow visibility across the entire network

Supports any switch, router or network device with Port Mirroring (SPAN/RAP ); network Test Access Point (TAP); or direct installation on Windows servers (standard or virtualized)
Converts raw traffic into standardized NetFlow v1, v5 or v9 compliant records

Cost-effective installation and low overhead operation

As a small footprint, software-only solution it uses minimal CPU and memory resources
Installs on any Windows based operating system and hardware

Simple and flexible deployment model

Agents can be located anywhere in the network enabling both broad and pinpoint traffic analysis
Flow Publisher’s deployment doesn't require infrastructure upgrades or downtime

Better insight and higher investment returns compared to legacy flow monitoring technologies

More information, improved manageability and lower costs compared to RMON or packet analysis solutions
With 100% raw traffic capture and processing it provides deeper visibility and insight compared to sampled sFlow and J-Flow

Seamless integration with Flow Monitor and WhatsUp Gold

Access to over 40+ configurable Flow Monitor web and mobile reports
Configuration of thresholds and alerting on typical flow monitoring parameters via the Alert Center

See more benefits of the Flow Publisher & Flow Monitor combination

What is a Flow?

A flow is a series of packets with a set of common characteristics sent between devices. As packets traverse a device, seven parameters are analyzed, if they all match exactly, then this sequence of packets is determined to be a flow. Flows are comprised of one of the IP protocols (usually TCP or UDP) depending on the end system being accessed. For more general information on flows and flow management, refer to our Flow Monitor Frequently Asked Questions.

What does Flow Publisher do?

Flow Publisher collects raw traffic information from the network devices that are not natively flow-enabled and converts them into NetFlow v1, v5 or v9 compliant records. Flow Publisher then forwards the NetFlow records to the WhatsUp Gold Flow Monitor collector for both real time and historical reporting and alerting.

Does Flow Publisher have any prerequisites?

Flow Publisher requires both the Flow Monitor plug-in and the WhatsUp Gold core product to provide network traffic analysis, reporting and threshold monitoring and alerting. Depending on how Flow Publisher is deployed, a Windows PC and available network interfaces may also be required.

How is Flow Publisher different from Flow Monitor?

Flow Monitor collects, processes and reports on application traffic flows from devices in the network that natively support one or more industry standard formats. Supported flow formats in Flow Monitor include NetFlow v1, v5 and v9 (developed by Cisco); J-Flow (developed by Juniper Networks); and sFlow (RFC 3176 standard). The vast majority of hardware manufacturers support one of the flow formats.

Flow Publisher complements Flow Monitor capabilities by extending application traffic monitoring to devices and Windows servers that do not have any native flow capability. Together Flow Monitor and Flow Publisher provide deep and homogeneous insight into application and user traffic and behavior analysis across all devices and segments in the network.

How will Flow Publisher data help me manage the network?

The combined solution of Flow Publisher, Flow Monitor, and WhatsUp Gold analyze, report, and send alerts based on the performance of specific flow parameters for all network devices and host systems – whether they are flow enabled or not. Thresholds used for alerting are configured through the Alert Center capability in WhatsUp Gold. Flow information helps uncover which users, applications, or source/destination pairs are consuming your network bandwidth.

What components are included with Flow Publisher?

The WhatsUp Gold Flow Publisher includes two primary components – the Flow Publisher Agent and the Flow Publisher Configuration and Agent Management Console.

The Flow Publisher agent is comprised of a number of sub-components – to process raw network traffic from non-flow capable devices into NetFlow compliant records, and to forward them to the WhatsUp Gold Flow Monitor collector. The agent is installed on a Windows based computer and can be configured to support up to 4 interfaces. It can also be deployed directly on a server to track top talkers (users) and application traffic volumes.

The Flow Publisher configuration and management interface is a Windows based program that is used to dynamically configure a single or multiple probes either locally or remotely. The configuration and management interface needs the following information to be set:

Interface(s) from which to capture network traffic
Mode and status for each interface in the probe (promiscuous or normal)
Flow Monitor collector IP address to forward NetFlow records
NetFlow version of flow data to send to a collector
Local IP and port of the probe to forward flow records
Active and inactive timeout for flow record management
SNMP index for the default input/output reported interface
MAC Addresses to interface indices mapping
A configurable Access Control List for administration

What flow data does Flow Publisher provide?

WhatsUp Gold Flow Publisher provides the same information into Flow Monitor for analysis and reporting as other NetFlow sources. This includes the following:

Protocol
Application (port number)
Conversations
Sender host
Receiver host
Sender domain
Receiver domain
Sender top level domain (TLD)
Receiver TLD
Top sender country
Top receiver country
Type of service (ToS)

How is Flow Publisher licensed?

The WhatsUp Gold Flow Publisher is licensed for each separate instance of software product installation on a Windows Server.

What kind of devices can be monitored by Flow Publisher?

Flow Publisher can capture traffic information from any router, switch, or any other network device that supports port mirroring (e.g. Cisco SPAN ports or 3Com RAP ports). It can also receive traffic information from Network TAPs (Test Access Points). Flow Publisher can also be installed on a Windows server and monitor application and user traffic originating or being received by the server.

Can I use Flow Publisher with my existing flow-enabled devices?

Flow Publisher works with your existing flow-enabled devices as well. In fact, popular formats like sFlow only provide sampled flow data that may fail to accurately capture and diagnose intermittent network issues arising from unauthorized application usage or even malicious virus activity. Using Flow Publisher, you would get complete traffic capture and analysis that can help you rapidly track down and resolve intermittent network issues as they happen.

Flow Publisher software requirements

32-bit and 64-bit support for the following OS versions: Windows XP Professional SP3, Windows Server 2003 SP2 (or later), Windows Vista (SP2 recommended), Windows Server 2008 (SP2 recommended), Windows Server 2008 R2, or Windows 7.
WinPcap version 3.1 or later. Download and install WinPcap on the server hosting the Flow Publisher.

Note: WhatsUp Flow Publisher was tested on WinPcap versions 3.1 to 4.1.
WhatsUp Gold 16 or greater with Flow Monitor.

Flow Publisher hardware requirements

The following are the hardware requirements for the Flow Publisher:

	Recommended	Required
Processor(s)	Dual-core	Single-core
Processor speed	2 GHz or more	2 GHz
RAM	1 GB	< 100 KB
Network interface cards (NIC)	1 Gbps (1+n) NICs, where n is the number of Flow Publisher capture devices.	100 Mbps Minimum of 1 NIC when capturing local traffic on a server. Minimum of 2 NICs when capturing traffic copied from a network device.
Video display resolution	800 x 600 or higher	800 x 600

Traffic Analysis How-To webinar series

Are you continually asked why your network and applications are slow? Is it a constant struggle for you to monitor the bandwidth utilization and keep unauthorized traffic out to ensure the performance of business critical applications? Armed with the knowledge you’ll gain from the Traffic Analysis How-To webinar series, you can ensure that you’ll maintain control over your network’s performance at all times.

Recorded webinar series

Traffic Analysis for Non-Flow Enabled Networks (Part 1)

Recorded Tuesday January 12th, 2010

Understand single or multi-segment traffic patterns
Pinpoint origins of slow network performance in real-time

Watch the recording

Traffic Analysis for Non-Flow Enabled Networks (Part 2)

Recorded Tuesday January 19th, 2010

Increase defense against internal and external threats
Provide cost effective traffic analysis without upgrades or downtime

Watch the recording

Traffic Analysis Techniques for Flow and Non-Flow Networks

Recorded Tuesday January 26th, 2010

Optimize the power of flow-based traffic analysis in networks
Create valuable strategies to ensure future network stability and security

Watch the recording

Traffic Analysis on Windows Servers

Recorded Thursday December 10th, 2009

Access and view granular data on user and application traffic to and from servers
Understand and troubleshoot issues for both non-virtualized and virtualized systems and applications

Watch the recording

WhatsUp Gold Plugins:

Log Management Components:

Management Solutions

Videos

More Support Links

More Company Links