Who is the one to blame when problems of performance occur in your network? This is the question that torments many teams working with support and service desk. Mainly, when such question is not responded correctly and with agility. Causing a delay in the resolution of the problem and impacting the operations that depend on the network to be able to function.

Before this scenario the importance of finding the offender or the offenders stands out, the importance in finding the offender or the offenders of your network. In this context, offender is an objective of the network identified as responsible for a traffic that is above the normal, thus, overloading the infrastructure. In relation to a company, offenders can be departments, localities and users.

With the identification of the offender, it will be possible to evaluate the impact of each one of the applications utilized, if they are homologated and relevant for the business of the company. Another important factor is the evaluation of the usage of the network per each department, that can be utilized for the calculation of the apportionment of costs or justification of investments.

Below, we will highlight how the TRAFip will help in the identification of offenders from your network.


The simplest way of observing the behavior of the network is per charts. The TRAFip is able to maintain historical data of an object for up to five years, keeping the granularity of five minutes for each curve of the chart. In this form, the manager will have the capacity of performing queries to past period with extreme precision and agility.

Due to the fact of the collection of the TRAFip being performed from protocols of exportation of flows, the charts are not limited only to the absolute traffic of a network interface. The collected data allow the creation of of stratified charts. In other words, the manager will have access to charts with breakages of traffic of an object in relation to other objects. For example, it will be possible to observe the traffic of several applications inside of an specific subnetwork.

With access to the several charts provided by the system, the manager will be able to observe with clarity the behavior of traffic in relation to several objects monitored. Primordially, facilitating the visual identification of peaks of traffic relative to any element of the network.


Despite the charts representing extreme easiness in the observability of the traffic, we can’t count only with our capacity of observation. It is important for the system to have means to generate notifications whenever an abnormality is detected.

The TRAFip counts with a complete alarming system. In this manner, the manager will be able to define limits of traffic for any element of the network, and if the limit is exceeded, the alarm will be activated. There is also the option for the creation of alarms of behavior that will accompany the current performance of the traffic of the object with the expected performance, if a variation beyond the margin of tolerance is detected the alarm will be activated.

The alarms when activated, will be able to generate notifications by email, trap SNMP, Telegram and sound alerts via Web console. Some clients of the Telcomanager already utilize the integrated systems with their own systems of tickets and internal communication systems.


After the identification of the abnormality, it comes the time for the investigation. Nothing better than reports to provide details of the traffic in your network. We will highlight two reports that can be found in the TRAFip.

Report TOPN Characterized

This report is able to sort objects based on the traffic in a defined period of time. The particularity of this one, is that besides sorting the objects, the report will break the chart of each object of the ranking in relation to other objects. For example, we are able to configure the report to show the Top 5 of subnetworks with higher traffic in the past month, besides, we want to see what are the applications with greater traffic inside each one of these five subnetworks. In other words, the TopN of subnetworks was performed broken by applications. With that, besides identifying possible offenders, in the same report, we will be able to already visualize the impacts of the main applications.

Report of Raw Data

The report of the raw data, is without any doubts, the one with the greater amount of information of the TRAFip. Mainly, due to the fact of being a faithful portrait of the data exported from the protocol of flow exportation. With such report, the manager will have access to all the information from every bit in relation to the object visualized. IP of origin, IP of destiny, doors, ASN, protocols, ToS, flags TCP, amount of bytes transmitted, transference rate in bits among other information. We might consider, that the report of raw data equivalent to the extract of traffic, with all the information that will guarantee complete visibility of what is passing through the network.


In this sense, there are no doubts about the importance of investing in network management. In this manner, it is perceptible that these good practices bring not only benefits for the visibility of the infrastructure, but also a way of guaranteeing crucial information for the governance of the network.

Thinking about it,  Telcomanager, leader in Latin America in the sector of software for network management, since 2002 in the market with a unique and innovative methodology, makes available smart solutions for the monitoring of data for providing complete visibility to the infrastructure of the client, allowing your Company to accompany the main aspects of your network.

Posted on 02/11/2022