Network Traffic Monitoring and Analysis - Shisheer Teli CCCF.

Slides:



Advertisements
Similar presentations
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Chapter 19: Network Management Business Data Communications, 5e.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
Chapter 19: Network Management Business Data Communications, 4e.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.
Network Management 2 School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 16, Thursday 4/19/2007)
1 Fall 2005 Internetworking: Concepts, Architecture and TCP/IP Layering Qutaibah Malluhi CSE Department Qatar University.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
TCP/IP Reference Model Host To Network Layer Transport Layer Application Layer Internet Layer.
Remote Monitoring and Desktop Management Week-7. SNMP designed for management of a limited range of devices and a limited range of functions Monitoring.
Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.
Network Layer (Part IV). Overview A router is a type of internetworking device that passes data packets between networks based on Layer 3 addresses. A.
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
Network Management Concepts and Practice Author: J. Richard Burke Presentation by Shu-Ping Lin.
1.  TCP/IP network management model: 1. Management station 2. Management agent 3. „Management information base 4. Network management protocol 2.
SNMP (Simple Network Management Protocol)
Network Protocols UNIT IV – NETWORK MANAGEMENT FUNDAMENTALS.
Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS
Hands-on Networking Fundamentals
Business Data Communications, by Allen Dooley, (c) 2005 Pearson Prentice HallChapter Five 1 Business Data Communications Chapter Five Network, Transport,
Characterizing the Existing Internetwork PART 1
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Robert E. Meyers CCNA, CCAI Youngstown State University Manager, Cisco Regional Academy Cisco Networking Academy Program Semester 4, v Chapter 7:
13/09/2015 Michael Chai; Behrouz Forouzan Staffordshire University School of Computing Transport layer and Application Layer Slide 1.
Protocols and the TCP/IP Suite
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
BAI513 - PROTOCOLS SNMP BAIST – Network Management.
Network Management Presentation HP Openview Christopher Scott December 10, 2004.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.
1 Version 3.0 Module 11 TCP Application and Transport.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
CS 453 Computer Networks Lecture 22 Network Management.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Network Monitoring Chapter 20.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Chapter 6 – Connectivity Devices
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
SNMP Simple Network Management Protocol SNMP Simple Network Management Protocol Haris Ribic.
Chapter 19: Network Management Business Data Communications, 4e.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.
Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Network Management Presentation HP Openview. OpenView Network Node Manager (NNM) Overview How it works Capabilities Technical and business benefits Summary.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
CompTIA Security+ Study Guide (SY0-401)
Chapter 19: Network Management
Lec 5: SNMP Network Management
Instructor & Todd Lammle
Lec 2: Protocols.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Lecture 6: TCP/IP Networking By: Adal Alashban
CompTIA Security+ Study Guide (SY0-401)
Chapter 8: Monitoring the Network
Lec 5: SNMP Network Management
Network Monitoring Charles Warren.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Network Traffic Monitoring and Analysis - Shisheer Teli CCCF

Daily Network Security Problems: Frequent security violations. Need to detect unauthorized services installed by users. Who is generating suspicious traffic? Identification of misconfigured and faulty hosts.

What Do We Need ? Traffic measurement. Traffic characterization and monitoring. Detection of network security violations. Network optimization and planning.

Importance of Network Monitoring and Analysis: Network monitoring is a difficult and demanding task that is a vital part of a Network Administrators job. Network Administrators are constantly striving to maintain smooth operation of their networks. If a network were to be down even for a small period of time productivity within a company would decline. In order to be proactive rather than reactive, administrators need to monitor traffic movement and performance throughout the network and verify that security breeches do not occur within the network.

Monitoring and Analysis Techniques: Router Based : Monitoring functionalities that are built-into the routers themselves and do not require additional installation of hardware or software are referred to as Router Based techniques. Non-Router based : techniques require additional hardware and software to be installed and provide greater flexibility.

Router Based Monitoring Techniques Router Based Monitoring Techniques are hard-coded into the routers and therefore offer little flexibility. A brief explanation of the most commonly used monitoring techniques is given below. Simple Network Monitoring Protocol (SNMP) Sflow / Netflow

Simple Network Monitoring Protocol (SNMP) SNMP is an application layer protocol that is part of the TCP/IP protocol suite. It allows Administrators to manage network performance, find and solve network problems, and plan for network growth. While two versions exist, SNMPv1 and SNMPv2. There are 3 key components to SNMP: Managed Devices Agents Network Management Systems (NMSs)

The Managed Devices contain the SNMP Agent and can consist of routers, switches, hubs, printers. They are responsible for collecting information and making it available to the NMSs. The Agents contain software that have knowledge of management information and translates this information into a form compatible with SNMP. They are located on a managed device. SNMP uses four protocol operations in order to operate: Get, GetNext, Set, and Trap. The Get command is used when the NMS issues a request for information to managed devices. The SNMPv1 message (request) that is sent consists of a message header and a Protocol Data Unit (PDU). The PDU of the message contains the information that is needed to successfully complete a request that will either retrieve information from the agent or set a value within the agent

Sflow: sFlow is a multi-vendor sampling technology embedded within switches and routers. It provides the ability to continuously monitor application level traffic flows at wire speed on all interfaces simultaneously. Parameters: Polling interval: If you set the polling interval for 60 seconds, the switch is counting all of the packets that have gone through that interface in the past 60 seconds. Sample rate: You are telling the switch to sample one out of every X amount of packets that pass through the interface.

sFlow Agents and Collector: sFlow Agents throughout the network continuously send a stream of sFlow Datagrams to a central sFlow Collector where they are analyzed to produce a rich, real-time, network-wide view of traffic flows.

sFlow monitoring of high-speed, routed and switched networks has the following properties: Accurate: Because sampling is simple enough to be performed in hardware, it operates at wire speed. In addition, the sFlow system is designed so that the accuracy of any measurement can be determined. Other traffic flow measurement technologies ìclipî under heavy loads resulting errors that are difficult to quantify. Detailed: Complete packet header and switching/routing information permits detailed analysis of L2-L7 traffic flows. Scalable: The sFlow system is scalable in both the size and speed of the network it can monitor. sFlow is capable of monitoring networks at 10Gbps, 100Gbps and beyond. Thousands of devices can be monitored by a single sFlow Collector

IPTraf: IPTraf : IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte count. Protocols Recognized: IP TCP UDP ICMP IGMP IGP IGRP OSPF ARP RARP

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.