Introducing NFA v 22.08 – featuring packet TTL and length-related information elements, SNMPv3 contexts in requests and more.

New packet TTL and length-related information elements

L3 IP TTL, L3 IP min TTL, L3 IP max TTL, L3 IP Total Length, L3 IP min Total Length and L3 IP max Total Length information elements can now be collected and used as filters in NFA’s Data Explorer.

The data obtained from the above elements are primarily related to network performance and detecting network attacks. Here are some use cases:

Routing changes observability. The TTL should remain constant between two hosts in the backbone; if it does not, it could mean that the routing has changed. The detection of unauthorized NAT configured on end devices, where the unexpectedly low TTL in flows is a potential sign of the unauthorized NAT presence. The TTL Expiry attacks detection based on many flows with the ipTTL value set to 1, etc.
In turn, monitoring packet length helps network administrators identify performance issues caused by fragmented IP packets or small-size packets.

The use of SNMPv3 contexts in requests

An SNMP context name, or simply “context”, is a collection of management information accessible by an SNMP entity. If a management information has been defined under a specific context by an SNMPv3 entity, then any management application can access that information by providing that context name. Although not compulsory, there are a lot of cases when one may use SNMP contexts: security, separate logical entities on a physical one, etc.

Other notable features and improvements include:

• The status of the device’s last SNMP request is now displayed in the Inventory;
• Interface descriptions added to the Data Explorer’s Narrow by section;
• Added option to display interface names in charts and the Data Explorer table;
• Updated Clickhouse dependency to the latest LTS 22.3.x version.

Try NFA free for 30 days. Cancel anytime.

Unlimited devices, unlimited interfaces, unlimited sites. Endless IP flow analysis capabilities! We’ll warn you when your trial ends, so you can decide whether to move further. Click the button below to get started.