Stealthwatch Flow Rate Calculator

Accurately calculate and understand your network traffic flow rates with the Stealthwatch Flow Rate Calculator.

Flow Rate Calculation

Calculation Results

Packets Per Second (PPS): Total Packets / Time Interval (in seconds)
Bytes Per Second (Bps): Total Bytes / Time Interval (in seconds)
Megabits Per Second (Mbps): (Total Bytes * 8) / Time Interval (in seconds) / 1,000,000
Megabytes Per Second (MBps): Total Bytes / Time Interval (in seconds) / (1024 * 1024)

Flow Rate Metrics Comparison

Metric	Calculated Value	Unit
Packets Per Second	—	PPS
Bytes Per Second	—	Bytes/sec
Megabits Per Second	—	Mbps
Megabytes Per Second	—	MB/sec

What is Stealthwatch Flow Rate?

Stealthwatch flow rate refers to the volume and speed of network traffic data passing through a network segment over a specific period. Cisco Stealthwatch, a network visibility and security analytics solution, uses flow data (like NetFlow, IPFIX) to monitor network behavior. Understanding flow rates is crucial for network performance, capacity planning, and identifying anomalous activities that might indicate security threats. It quantifies the "busyness" of your network in terms of packets and data volume.

Network administrators, security analysts, and IT managers should use Stealthwatch flow rate metrics. These metrics help in:

• Performance Monitoring: Identifying bottlenecks and areas of high traffic.
• Capacity Planning: Ensuring network infrastructure can handle current and future traffic loads.
• Security Analysis: Detecting unusual traffic patterns, such as Denial of Service (DoS) attacks, malware C&C communication, or data exfiltration.
• Troubleshooting: Diagnosing network issues related to congestion or unexpected traffic spikes.

A common misunderstanding involves the units used for data size and speed. While often discussed in terms of bits per second (bps), network traffic also involves packets per second (PPS) and bytes per second (Bps). It's essential to be clear about which metric is being used and to distinguish between Megabits (Mb) and Megabytes (MB), as they differ by a factor of 8.

Stealthwatch Flow Rate Formula and Explanation

The calculation of Stealthwatch flow rate involves determining the number of packets and the amount of data transferred over a given time. The primary formulas are:

Packets Per Second (PPS)

This metric measures the number of individual data packets transmitted per second.

Formula:

PPS = Total Packets / Time Interval (in seconds)

Bytes Per Second (Bps)

This metric measures the total volume of data, in bytes, transmitted per second.

Formula:

Bps = Total Bytes / Time Interval (in seconds)

Megabits Per Second (Mbps)

This is a common metric for network throughput, representing millions of bits per second.

Formula:

Mbps = (Total Bytes * 8) / Time Interval (in seconds) / 1,000,000

Note: We multiply by 8 to convert bytes to bits.

Megabytes Per Second (MBps)

This metric measures millions of bytes per second, often used for file transfer speeds.

Formula:

MBps = Total Bytes / Time Interval (in seconds) / (1024 * 1024)

Note: We divide by 1024*1024 for Megabytes.

Variables Table

Variables Used in Flow Rate Calculation

Variable	Meaning	Unit	Typical Range
Total Packets	The total count of network packets observed.	Unitless (count)	Thousands to Billions
Time Interval	The duration over which packets were observed.	Seconds, Minutes, Hours	Milliseconds to Hours
Total Bytes	The aggregate size of all data transferred in bytes.	Bytes, KB, MB, GB	Kilobytes to Terabytes
PPS	Packets Per Second.	Packets/sec	Tens to Millions
Bps	Bytes Per Second.	Bytes/sec	Kilobytes/sec to Gigabytes/sec
Mbps	Megabits Per Second.	Megabits/sec	Kbps to Gbps
MBps	Megabytes Per Second.	Megabytes/sec	KB/sec to GB/sec

Practical Examples

Let's illustrate with practical scenarios:

Example 1: High-Traffic Web Server

A busy web server experiences a surge in traffic during peak hours.

• Inputs:
• Number of Packets: 30,000,000
• Time Interval: 10 Seconds
• Total Data Size: 500 Megabytes (MB)

Calculation:

• PPS = 30,000,000 / 10 = 3,000,000 PPS
• Bps = (500 * 1024 * 1024) / 10 = 52,428,800 Bytes/sec
• Mbps = (500 * 1024 * 1024 * 8) / 10 / 1,000,000 = 419.43 Mbps
• MBps = 500 / 10 / (1024*1024) approx = 0.048 MBps (Note: This seems low, indicating the data size might be small relative to packets for this specific calculation if the server is busy. Let's re-evaluate if the total data size should be larger for a high-traffic server, or if the packet size is very small on average.)
  *Correction for clarity: If 500MB were transferred *during* those 10 seconds, then MBps = 500MB / 10s = 50 MB/s. The calculator uses total bytes, so let's recalculate using the actual byte conversion:
  Total Bytes = 500 * 1024 * 1024 = 524,288,000 Bytes
  Bps = 524,288,000 / 10 = 52,428,800 Bytes/sec
  MBps = 524,288,000 / 10 / (1024*1024) = 50 MB/sec (This is more intuitive for 500MB in 10s)

Results: The server handles 3 million packets per second, transferring approximately 52.4 MB/sec, or about 419 Mbps of data.

Example 2: Data Backup Transfer

A scheduled backup process transfers a large file.

• Inputs:
• Number of Packets: 15,000,000
• Time Interval: 5 Minutes (300 seconds)
• Total Data Size: 2 Gigabytes (GB)

Calculation:

• PPS = 15,000,000 / 300 = 50,000 PPS
• Total Bytes = 2 * 1024 * 1024 * 1024 = 2,147,483,648 Bytes
• Bps = 2,147,483,648 / 300 = 7,158,278.8 Bytes/sec
• Mbps = (2,147,483,648 * 8) / 300 / 1,000,000 = 57.27 Mbps
• MBps = 2,147,483,648 / 300 / (1024 * 1024) = 6.82 MB/sec

Results: During the backup, the transfer rate averaged 50,000 packets per second, moving around 7.16 MB/sec or 57.27 Mbps.

How to Use This Stealthwatch Flow Rate Calculator

Using the Stealthwatch Flow Rate Calculator is straightforward. Follow these steps:

1. Enter Total Packets: Input the total number of packets observed during your monitoring period.
2. Enter Time Interval: Provide the duration of the observation period.
3. Select Time Unit: Choose the appropriate unit (Seconds, Minutes, or Hours) for your Time Interval. The calculator will convert this to seconds for internal calculations.
4. Enter Total Data Size: Input the total amount of data transferred.
5. Select Data Unit: Choose the unit (Bytes, KB, MB, GB) for your Total Data Size. The calculator will convert this to bytes for internal calculations.
6. Click Calculate: Press the 'Calculate' button.

The calculator will instantly display the calculated Packets Per Second (PPS), Bytes Per Second (Bps), Megabits Per Second (Mbps), and Megabytes Per Second (MBps). These results update in real-time as you change inputs.

Interpreting Results:

• PPS: High PPS can indicate chatty applications, control plane traffic, or potential DoS attacks.
• Bps/MBps: These show the raw data volume. Useful for understanding file transfer performance or storage usage.
• Mbps: This is the standard for network bandwidth, useful for comparing against network link capacities.

Use the 'Copy Results' button to easily transfer the calculated metrics for reporting or further analysis.

Key Factors That Affect Stealthwatch Flow Rate

Several factors significantly influence the flow rates observed by Stealthwatch:

1. Application Type: Different applications generate traffic with varying packet sizes and frequencies. For instance, VoIP generates many small packets, while file transfers involve fewer, larger packets.
2. Network Congestion: High congestion can lead to packet drops and increased latency, affecting the observed rate of successful packet delivery and data throughput.
3. Network Device Performance: The processing capabilities of routers, switches, and firewalls impact how efficiently they handle and forward traffic. Overloaded devices can become bottlenecks.
4. End-Device Capabilities: The processing power and network interface card (NIC) speed of the source and destination devices limit the maximum achievable flow rate.
5. Protocol Overhead: Different network protocols (TCP, UDP, ICMP, etc.) have varying header sizes, which contribute to the overall data size and packet count.
6. Security Policies: Firewall rules, Intrusion Prevention Systems (IPS), and other security devices can inspect traffic, potentially introducing latency or even throttling certain types of traffic, thereby affecting flow rates.
7. Time of Day/Usage Patterns: Network traffic typically fluctuates based on user activity, time zones, and scheduled events like backups or batch processing.

FAQ

What is the difference between Mbps and MBps?

Mbps stands for Megabits per second, while MBps stands for Megabytes per second. Since there are 8 bits in a byte, 1 MBps is equivalent to 8 Mbps. It's crucial to distinguish between them when analyzing network performance.

How does Stealthwatch collect flow data?

Stealthwatch typically collects flow data from network devices like routers and switches that support flow technologies such as NetFlow, IPFIX, sFlow, or J-Flow. These devices export summarized traffic information to the Stealthwatch collector.

Why are my packet counts so high but data volume low?

This often indicates traffic composed of many small packets, such as control traffic, acknowledgments (ACKs), or traffic from chatty applications like DNS queries or certain IoT devices. High PPS with low data volume can sometimes be associated with network reconnaissance or DoS attacks.

Can this calculator predict future bandwidth needs?

While this calculator helps analyze current and historical flow rates, it doesn't inherently predict future needs. Trend analysis of historical data, combined with business growth projections, is necessary for capacity planning.

What time interval should I use for calculation?

The appropriate time interval depends on the granularity you need. For real-time anomaly detection, shorter intervals (seconds or minutes) are useful. For trend analysis or understanding daily patterns, longer intervals (hours) might be better. Ensure consistency in your chosen interval.

How are Gigabytes (GB) and Gigabits (Gb) related?

Similar to the Megabyte/Megabit relationship, 1 Gigabyte (GB) equals 8 Gigabits (Gb). Network speeds are typically advertised in Gbps (Gigabits per second), while storage is measured in GB (Gigabytes).

What if my time interval is in milliseconds?

You would need to convert milliseconds to seconds first (1000 milliseconds = 1 second) before entering the value, or adjust your calculation logic accordingly. For example, 500 milliseconds would be 0.5 seconds.

Does Stealthwatch account for different packet sizes automatically?

Yes, Stealthwatch's flow data typically includes metrics like average packet size or total bytes, allowing it to calculate both PPS and throughput (like Bps or Mbps) based on the observed traffic characteristics.

Related Tools and Resources

Explore these related tools and resources for a comprehensive understanding of network traffic analysis and security:

• Network Latency Calculator: Understand the delay in data transmission across your network.
• Bandwidth Calculator: Estimate required network bandwidth for various applications and services.
• Cisco NetFlow Explained: Learn more about the flow data protocol used by Stealthwatch.
• Network Security Analytics Overview: Discover how tools like Stealthwatch enhance your security posture.
• TCP Throughput Calculator: Calculate theoretical maximum TCP transfer speeds considering latency and packet loss.
• Understanding Packet Loss Impact: Learn how packet loss affects network performance and flow rates.