Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

Slides:



Advertisements
Similar presentations
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Advertisements

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Supercomputing Center Measurement and Performance Analysis of Supercomputing Traffic by FlowScan+ 2.0 Supercomputing Center of KISTI Kookhan Kim August.
Implementing a Highly Available Network
CCNA 1 v3.1 Module 11 Review.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
Monitoring network traffic of Cisco 2950 switch and Cisco 1600 router Group 4 Ishan Shah (CIN: ) Jyotsna Mishra (CIN: ) Parth Chavda (CIN: )
Embracing the chaos mark lorenc
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.
Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
HiVision SNMP Software.
1.  TCP/IP network management model: 1. Management station 2. Management agent 3. „Management information base 4. Network management protocol 2.
Netflow Overview PacNOG 6 Nadi, Fiji. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation –Cisco.
1 © 2000, Cisco Systems, Inc _05_2000_c3 Netflow Michael Lin.
Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.
Flow tools APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008.
Characterizing the Existing Internetwork PART 1
賴守全 銘傳大學 電腦與通訊工程學系 網際網路安全 之異常偵測. Bad News! Huston, we have a problem! 2.
NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.
Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.
1 Introduction to Internet Network Management Mi-Jung Choi Dept. of Computer Science KNU
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
ECE Prof. John A. Copeland Office: Klaus or call.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.
Multicast monitoring and visualization tools A. Binczewski R. Krzywania R. Łapacz.
Chapter 19: Network Management Business Data Communications, 4e.
Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
Chapter 2 The Internet Underlying Architecture. How the DNS works? DNS: Domain Name System Visiting a website: - Write the address - IP will use the address.
April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.
Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교
Open-Eye Georgios Androulidakis National Technical University of Athens.
CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.
POSTECH DP&NM Lab. (1)(1) Web-based Internet/Intranet Network Traffic Monitoring System Introduction –Web-based Network Traffic Monitoring,
1 Kyung Hee University Prof. Choong Seon HONG SNMP Network Management Concepts.
CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.
1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.
Net Flow Network Protocol Presented By : Arslan Qamar.
How to use mrtg to monitor traffic on your wireless and wired network a bella mia company.
Network Management  introduction  Internet SNMP: Simple Network Management Protocol  required reading: section 7.3 in text.
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.
POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.
Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 3 TCP and IP by Zornitza Genova Prodanoff.
Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
Network Traffic Monitoring and Analysis - Shisheer Teli CCCF.
Network Data Monitoring and Analysis Computer Networks Lecture's Seminar Lecturer:Assoc.Prof.Turgay İBRİKÇİ Prepared by Çağla TERLİKCİOĞULLARI 1.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.
OPEN SOURCE NETWORK MANAGEMENT TOOLS
or call for office visit, or call Kathy Cheek,
Chapter 3 TCP and IP Chapter 3 TCP and IP.
Lec 5: SNMP Network Management
Network Management Computer Networks.
Network and Services Management
Introduction to Internet Network Management
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Chapter 8: Monitoring the Network
Lec 5: SNMP Network Management
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003

Houston, we have a problem!

What happened?

What can we do?

5 Problem Diagnose Call for help Call our contracted support Ask an expert Do it yourself Cable tester Network analyzer Network Management System

6 Possible Solution Replace malfunction parts Adjust network configurations Expand network capacity

Network Traffic Analysis

8 Network Traffic Information Link Host Service port Application User behavior

9 Analyze Tools Device built-in functions LED status LCD messages MRTG SNMP + MIB-II NetFlow Cisco Routers w/ NetFlow export function Switch w/ mirror/SPAN + NetFlow generator

SNMP + MIB-II

11 SNMP + MIB-II Simple Network Management Protocol RFC 1157 Management Information Base RFC 1213

12 MANAGER AGENTS SNMP AGENTS SNMP MIB Simple Network Management Protocol Architecture

13 SNMP Manager SNMP Agent UDP port 161 GetRequest GetNextRequest SetRequest GetResponse TrapUDP port 162 SNMP Operations

14 MIB Object Names itu(2) root iso(1) org(3) dod(6) internet(1) directory(1)mgmt(2)experiment(3)private(4) enterprise(1)mib(1) system(1)interface(2)at(3)ip(4)icmp(5)tcp(6)udp(7)

15 MIB-II Common Operational Statistics (RFC 1857) ifInUcastPkts (unicast packets in) ifOutUcastPkts (unicast packets out) ifInNUcastPkts (non-unicast packets in) ifOutNUcastPkts (non-unicast packets out) ifInOctets (octets in) ifOutOctets (octets out)

MRTG

17 MRTG (Multi Router Traffic Grapher) A tool to monitor the traffic load on network-links. Generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. Based on Perl and C and works under UNIX and Windows NT.

18 MRTG (I) – An Example Packet per Second Byte per Second

19 MRTG (II) – A Suspicious Case Excess Outgoing Packets

20 MRTG (III) – Other Applications Mail Server Queue Length Router CPU Utilization

21 MRTG Track Back Deploy MRTG on each switch w/ SNMP support In case of abnormal traffic behavior, with each link information, we may be able to trace back to the switch port which nearest the problem node. With SNMP SET, we may disable that port as a temporal solution.

NetFlow

23 Why NetFlow ? NetFlow statistics empowers users with the ability to characterize their IP data flows The who, what, where, when, and how much IP traffic questions are answered Offers a rich data set to be mined for network management, traffic engineering, and value-added service offerings (i.e. marketing data, personal NMS data)

24 What is a Flow? Defined by 7 unique keys Source IP address Destination IP address Source port Destination port Layer 3 protocol type TOS byte (DSCP) Input logical interface (ifIndex)

25 Source IP Address Destination IP Address Input ifIndex Output ifIndex Type of Service TCP Flags Protocol Start sysUpTime End sysUpTime Source TCP/UDP Port Destination TCP/UDP Port Next Hop Address Source AS Number Dest. AS Number Source Prefix Mask Dest. Prefix Mask Source IP Address Destination IP Address From/To Application Routing and Peering Usage Time of Day Port Utilization Quality of Service Packet Count Byte Count NetFlow Version 5 Format

26 NetFlow Collection Campus Network Department Network Internet NetFlow Collector NetFlow

27 NetFlow Example I DateIn (GB)Out (GB) Mon Nov Sun Nov Sat Nov Fri Nov Thu Nov Wed Nov Tue Nov

28 NetFlow Example II Out-going Traffic (SRC IP) NoFQDNIP Address Octets (MB) %Note AB Dept Dept AB AB

29 NetFlow Example III Destination Hosts: 100 NoFQDNIP Address Octets (KB) % Packets (K) Packet Size Note

30 NetFlow Example IV SRC PORT: TCP#=1849 UDP#=1 NoProt.Port#Con# Octets (KB) %Packets Packet Size Note 1TCP TCP UDP TCP TCP

31 Internet Worm Problem Network Security Responding System NetFlow Analyzer Blocking System Notifying System Manual Control Web Pages Internet IP NetFlow

32 Open Mail Relay Problem NetFlow Analyzer Blocking System Notifying System IP:Port NetFlow IP Open Relay Analyzer

Feature Works

34 The Issues Octets vs. Contents Service port vs. Application Quantity vs. Quality Network Security Personal Privacy

35 Reference University of Twente, Netherlands, “SimpleWeb,” Tobias Oetiker, Dave Rand, “MRTG,” Tobi Oetiker, “RRDtool,” Cisco Systems, Inc., “Cisco IOS NetFlow,” Mark Fullmer, “flow-tools,” ntop.org, “ntop,” Slava Astashonok, “fprobe,”

Thank You! Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.