...
opFlow can detect anomalies by determining what an average network usage baseline would be and comparing it with traffic of a suspected anomaly event. DoS attacks flood the network with packets from an untrusted source and usually it is a rather large packet size. Packet sizes are normally no larger than 150 bytes, creating an ingress policy for specific ports to discard packets larger than 150 bytes could prevent some DoS attacks from ever occurring. opFlow clearly displays the sources and destinations of flow traffic allowing for you to see when an unknown or untrusted source is sending flow data to your network.
NetFlow collects the Packet source, Port number, Destination Packet size, and Protocol number. Understanding what ports are commonly used on your network can help you in determining if abnormal activity is coming through. Using the Conversation Summary feature in opFlow allows for a detailed look into all conversations happening on your network. In There may be a lot of conversations happening across your network, in Figure 1 below, you can see that the ports are filtered to only show Src Port 443 . This packets are sorted to show packets received allowing you to see specific and relevant traffic easier. These packets can be sorted in ways that help you view and understand the information more clearly. In this example, packets received are sorted in descending order to see if the packet count is any higher than normal; this is why understanding what normal packet sizes are as well as their ports/sources on your network is important for any network engineer.
...