NetFlow Analysis with Elastic Stack

Slides:

Advertisements

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Addition of Virtual Interfaces in NetFlow Probe for the NetFPGA Muhammad Shahbaz Zaheer Ahmed Habibullah Jamal Asrar Ashraf Nadeem Yousaf Raania.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

Tae-wan You, Seoul National University, Korea

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

MONITORING TOOLS Open Source Security Tools to monitor your network.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

1 Controlling High Bandwidth Aggregates in the Network.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

1 © 2000, Cisco Systems, Inc _05_2000_c3 Netflow Michael Lin.

TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. Cisco CNS NetFlow Collection Engine Version 5.0.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.

Using Measurement Data to Construct a Network-Wide View Jennifer Rexford AT&T Labs—Research Florham Park, NJ

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

Connect. Communicate. Collaborate Experiences with tools for network anomaly detection in the GÉANT2 core Maurizio Molina, DANTE COST TMA tech. Seminar.

workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.

Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.

Netflow Collection & Processing David Ripley. 2 Lead Network Security Developer, Advanced Network Management Laboratory Indiana University Network security.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교

Open-Eye Georgios Androulidakis National Technical University of Athens.

Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli.

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

S7C7 – Multilayer Switching Design and Configuration.

Fuzzy Control of Sampling Interval for Measurement of QoS Parameters Juraj Giertl.

PART3 Data collection methodology and NM paradigms 1.

Net Flow Network Protocol Presented By : Arslan Qamar.

IPv6 Flow. IPv6 Flow Options Netflow v9 (aka cflow/jflow) Sflow IPFix.

1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University

POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.

EE 122: Integrated Services Ion Stoica November 13, 2002.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets Claes Larsen, CCAI.

© 2006 EMC Corporation. All rights reserved. Section 2 – Storage Systems Architecture Introduction.

Flow sampling in IPFIX: Status and suggestion for its support Maurizio Molina,

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

1 Root-Cause Network Troubleshooting Optimizing the Process Tim Titus CTO PathSolutions.

Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.

NetFlow Analyzer Best Practices, Tips, Tricks. Agenda Professional vs Enterprise Edition System Requirements Storage Settings Performance Tuning Configure.

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

Cisco CNS NetFlow Collection Engine Version 5.0

WinCC-OA Log Analysis SCADA Application Service - Reporting

Top-Down Network Design Chapter Thirteen Optimizing Your Network Design Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Combining Metrics and Logs for Holistic System/Application Analysis

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Chapter 2: Static Routing

Data collection methodology and NM paradigms

Network Monitoring System

Streaming Network Analytics System

Chapter 8: Monitoring the Network

End to End Monitoring Solution using Open Source Technology where webMethods 9.10 is used as ESB IBM Confidential.

Proactive Management of Federation using ELK

The ELK stack - get to know logs

Building a minimum viable Security Operations Centre

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

NetFlow Analysis with Elastic Stack Elasticsearch Seoul Meetup NetFlow Analysis with Elastic Stack me@madkoala.net

Presenter manager at SK broadband me@madkoala.net I don’t have any f**king Btv coupons!

What is NetFlow? Cisco router feature that provides the ability to collect IP network traffic information on interfaces Main components Flow Exporter Flow collector (logstash) Analysis application (elasticsearch) Visualization (kibana or whatever works) Source: Wikipedia

NetFlow Architecture Source: Wikipedia

NetFlow Protocol (v5 header) Source: https://www.plixer.com/support/netflow_v5.html

NetFlow Protocol (v5 record) Source: https://www.plixer.com/support/netflow_v5.html

What we can do with NetFlow Application usage analysis Troubleshoot network problem Track down bandwidth hogs Detect abnormal traffic usage Detect hosts infected by malwares …

Elastic Stack - NetFlow Logstash: NetFlow collector Elasticsearch: NetFlow storage & analysis Kibana: Visualization

System Architecture 이보다 더 간단할 수 없다.

Logstash Configuration (input)

Logstash Configuration (filter) Calculate estimated traffic volume (need to consider sampling rate)  Enrichment with geolocation info

Logstash Configuration (output)

Template for NetFlow data

Collected data sample

Demo! Demo!! Demo!!!

Thank you.