- NA module – network port scanning (detects network worms): The network port scan module detects many suspicious activities as worms, BOTNET scanning attacks, etc. The latest software version detects stations which are scanning the network and looking for network vulnerabilities e.g.: Microsoft WINS, NETBIOS, Microsoft DS, SOCKS, Microsoft SQL, MySQL, web cache, VNC, Microsoft EPMAP and Microsoft terminal services. This module also detects SWIFT, DABBER, QWIN worms and many other unusual activities.
- NA module – host port scanning: This network detection module identifies attackers that scan TCP or UDP service ports for vulnerabilities. This module supports only scanning of applications that uses low ports (1-1024).
- NA module – ICMP flooding: The ICMP flooding detection checks how many ICMP packets the host is sending. If the number of packets exceeds the configured threshold, then the system creates a new anomaly. System recognizes long ICMP messages (>1000B) so that you can configure different thresholds for short ICMP messages and long ICMP messages. Software is capable of detecting unreachable messages (often it signify infection by worm) and other ICMP message types.
- NA module – TCP/SYN flooding: The TCP/SYN flooding module detects direct or distributed flooding of network with TCP connection requests. This attack is characteristic for distributed denial of service attacks.
- NA module – network games detection: The network games detection module uses heuristic methods to detect network games. Many games use the same TCP or UDP port so it is very difficult to say which game was used. The latest version supports the following games: Need for Speed, Diablo, Civilization, Worms 3D, Microsoft DirectX games, Railroad Tycoon, Athena Sword, Unreal, Team Speak, Battlefield 1942, Battle Zone, Age of Empires, Heretic, Hexen, Doom, Call Of Duty, Castle Wolfenstein, Battlefield 2142, MSN Game Zone, Alien vs. Predator, America’s Army, Battle.NET, Vietcong, Half-Life and Quake.
- NA module -peer-2-peer application detection: Peer to peer applications waste network bandwidth the most, so detection of these applications is very useful for many administrators, detection of these applications is very, very difficult. Network analysis software uses well-known TCP/UDP ports and some heuristic methods, but in some cases may detect false positives. The latest version supports detection of the following applications: FastTrack, Kazza, Overnet, Kademlia, Aimster, GNUtella, GNUtella2, WinMX, OpenNapster, Direct Connect, SoulSeek, eDonkey and BitTorrent.
Network anomalies detection: Because NetFlow exports is coming directly from the router, a core element of any large network, NetFlow is capable of providing a unique view on the entire traffic of a network at the infrastructure level. It is also proactive detection of network infrastructure security events. Packet sniffer is more a troubleshooting tool than a specific tool for constant netflow monitoring. Packet sniffer allows you to capture every packet and store it on your hard disk. Let’s say you want to do 24 hour monitoring – 7 days a week, this way you need an incredible big hard disk. Netflow monitoring collects statistics not the whole packet, which is why this method is more suitable for constant monitoring.
NIM version 4 supports base network anomaly detection such as network and host port scanning, ICMP and TCP/SYN flooding detections, and detection of network games and peer-2-peer applications. Most of the modules use heuristic detection methods – for every anomaly there is a specified probability of incident. If analyzed properly, NetFlow records will be very suitable for early worm and other abnormal (suspicious) network activity detection in large enterprise networks and service providers.
Correction of unsynchronized time between server and exporting device: If the time between collector server and exporting device is unsynchronized, flows that contain the wrong time will be. You can correct the wrong time by changing the collector settings. In most cases the source of the problem is a different/wrong time zone setting or wrong time set up on exporting device. The collector by itself analyzes each flow and if there is a difference between the flow time and the collector’s time by more than 12 hours, the flow time is replaced by the collector’s time.
New web interface design: Our developers created a new NIM web interface with many new icons, hints and installation tips. You can see short description for every main menu item.
NetFlow technology efficiently provides the metering base for a key set of applications including network traffic accounting, usage-based network billing, network planning, network monitoring, outbound marketing, and data mining capabilities for both service provider and enterprise customers.
Download NIM 4.0.0 right now at:http://www.netimonitor.com/netflow/download.php
20th of July, 2006 – New NIM version was released – 3.3.2
- Utilization graphs in the overview window
- Modified parsing functions, new error messages, and support for ! exclamation
- Averages per second for collector status values and in the overview
- Improved corrupted netflow packets checking
- Added additional fields in to the generator of the debug file
- Support for converting bytes in to bit per second
- Bug-fixes: Display of forwarded packets statistics
- Bug-fixes: Netflow version 9 time parsing
- Bug-fixes: In the DEMO mode user can not remove data tables
22nd of May, 2006 – New NIM version was released – 3.3.1
- The new version has the ability to assign different names for each interface. A list of interface names is placed on the top of “interfaces” window, so that you can easily click on existing interfaces. The new version also includes some minor changes which corrected some small software issues.
- A new CD ISO version was released. The new CD ISO version is not fully compatible with the old one. We recommend reinstalling to the new version for this reason. The old CD ISO version can still be used. A new CD ISO version was created for better power and scalability of the system (partitions and file systems are optimized for the type of service).More information about new features is available in updated manual/documentation. Please, visit our NIM download page http://www.netimonitor.com/netflow/download.php
22nd of March, 2006 – NET US Inc. is looking for RESELLERS of NIM SOFTWARE!
NET US Inc., Florida based software company is looking for resellers with application and network technical resources. Our company growth depends on building strong sales channels. We are looking for the right partners and resellers in all major markets – preferably in USA, Canada and South America.
Our product is NetIMonitor software – netflow monitoring software solution. More information about product is available at:
If you are interested in becoming a reseller or distributor of our product, please contact us for terms, contracts and more information: firstname.lastname@example.org
8th of March, 2006 – NEW NIM version 3.3.0
New version of NIM software was released, please review the following new features:
- Flow Filtering (can also be used for load-balancing)
- Time, bytes and packets parsing in the Trends, Search, Iface menu
- Spoofing source IP address when forwarding
- Domain name resolution for conversation stats (only in the table)
- Reduce size factor for collectors
- AS names are displayed in the search resultsa
- More efficient database inserts (long multi-value insert 1MB)More information about new features is available in updated manual/documentation. Please, visit our NIM download page http://www.netimonitor.com/netflow/download.php
13th of January 2006 – NEW NIM version 3.2.5
New version of NIM software was released (New host lists, graph icons, increased buffer equalizer for netflow data etc.) Please, visit our NIM download page http://www.netimonitor.com/netflow/download.php and check it out.
5th of December 2005 – NEW NIM version 3.2.4
New version of NIM software was released (New DNS caching options, external authentication etc.) Please, visit our NIM download page http://www.netimonitor.com/netflow/download.php and check it out.
1st of November 2005 – NEW NIM version 3.2.3
New version of NIM software was released. Please, visit our NIM download page http://www.netimonitor.com/netflow/download.php and check it out.
16th of September 2005 – New version of NIM software released – 3.2.2
NIM new features: LDAP authentication, new statistics, new main screen, better status messages, AS and country mapping, device identification etc.
9th of August 2005 – New version of NIM software released
NIM version 3.2.1 was released today. This software update contains a few new features such as: group restriction rights, update of non-Debian installations in different Linux distributions and much more. Please, check for yourself.
18th of July 2005 – New version of NIM software released
NetIMonitor version 3.2.0 offers the following new features:
- interface statistic
- command history
- list of applications and protocols
- sending results to email address
- more application rules
- nf_debug script for sending debug information to support team
- and many more …
1st of July 2005 – New features in the NetIMonitor – version 4.0
Our clients can look forward to many new innovations in the next NIM version (4.0). It’s well worth the price to pay for the extended license!!! One of them is Intrusion Detection System (IDS). IDS is used for worm and abnormal network activities detection and deeper network analysis. More information is available here.
13th of June 2005 – Net US Inc. started working on a several new features for the NetIMonitor software – NIM 3.2.0.
The new version will include the following new features: Interface Statistics and Traffic Matrix.
This is a new option in the “Data” category. If you choose “Interface Statistics” option, you can view a list of all interfaces for each of the collectors that have an allocated device. If you choose an Interface(s) from the previously created list, then you can monitor the input and output traffic going through the selected interface(s). The results of which can be viewed in a graph. You can also view, which networks are being utilized by this interface.
Likewise in “Trend Statistics” the “Traffic Matrix” option can define different “Subjects” and “Search conditions”, every subject has it’s own row, and condition in their own column. “Traffic Matrix” option shows you statistic for each of the participating subject found in the search. You can see who has communicated with whom and what traffic was generated by those subjects. In the “Traffic Matrix” you can define conditions for each row and column. This feature is useful mainly for ISP companies (Accounting/Billing) as well as for planning and analysis of your network capacity and future changes.
23rd of May 2005 – self installing NIM version released
To make your installation easier, our company came up with a self installing software version which is available for our clients from today. For this type of installation you do not need any Linux (Debian) knowledge or experience. The one and only requirement is to install this NIM software on a separate server/computer and do a clean install (nothing on the hard drive), because of the Linux environment which is supporting this software. Both, ISO-CD download file and ISO-CD manual are available on our webpage: http://www.netimonitor.com/netflow/download.php.
11th of May 2005 – New Version of NIM software released – now available to our NetIMonitor software customers, version 3.1
NetIMonitor 3.1 offers the following new features:
(1) New Types of Graphs: e.g. spider graph, installation script upgrade.
(2) Utilization Maps: with this feature you can define maps with one or more objects and paths. For every object you can define certain conditions (e.g. IP address networks). NIM will count 5 minute byte utilization for each object and display the results on the public available map. This map (or simply image) can be linked from any other web page. You can define maps for displaying utilization of web services, FTP transfers or overall network activity. More information about this feature is available in updated NIM manual.
(3) Context Help: the most used and important pages in NIM application are linked to the page in the manual that shows the detailed feature or setup description making your work easier.
5th of January 2005 – TRIAL version of NIM is available. Please look at section SUPPORT.
10th of December 2004 – TRIAL version of NIM for our customers will be available.
29th of November 2004 – NetIMonitor on US market.
15th of November 2004 – Launched version 3.0 of NIM software. NIM software is a tool for processing and evaluating network traffic, using network packet export statistics from the router. It is also a user-friendly application used for network diagnostics. It has the added ability of real time monitoring and data analysis, in which you can find and locate network traffic transmitted over the local host and local networks.