Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli.

Slides:

Advertisements

Similar presentations

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Advertisements

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003.

Overview of network monitoring development at AMRES Slavko Gajin.

FIREWALLS Chapter 11.

FlowScan at the University of Wisconsin-Madison Copyright Dave Plonka and Perry Brunelli, This work is the intellectual property of the authors.

Supercomputing Center Measurement and Performance Analysis of Supercomputing Traffic by FlowScan+ 2.0 Supercomputing Center of KISTI Kookhan Kim August.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Introduction to Network Analysis and Sniffer Pro

QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.

BTT 101 / 2O1 Lesson 10 Dundas Valley Secondary Mr. Young.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

1 K. Salah Module 5.1: Internet Protocol TCP/IP Suite IP Addressing ARP RARP DHCP.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

NAV Project Update By: Meghan Allen and Peter McLachlan.

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,

Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin – Madison Summer, 2002.

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Lecture 1 Internet CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Daniel Zappala Lecture 1 Introduction.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

What is FORENSICS? Why do we need Network Forensics?

IP Flow Measurement & Analysis with FlowScan IPAM Workshop, Los Angeles, March 21, 2002 Dave Plonka Division of Information Technology,

Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Dividing the Pizza An Advanced Traffic Billing System An Advanced Traffic Billing System Christopher Lawrence Burke The University of Queensland.

Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

Network Monitoring Chapter 20.

FlowScan at the University of Wisconsin Perry Brunelli, Network Services.

1 CSCD 443/533 Advanced Networks Lecture 10 Usage and Network Measurement Fall 2013 Reading: See References at end.

workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.

I-Path : Network Transparency Project Shigeki Goto* Akihiro Shimoda*, Ichiro Murase* Dai Mochinaga**, and Katsushi Kobayashi*** 1 * Waseda University **

Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.

1 Network Measurement Summary ESCC, Feb Joe Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.

April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.

FlowScan A Network Traffic Reporting and Visualization Tool Dave Plonka

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

NetVizura A network traffic analysis tool. Agenda Why NetVizura is needed How NetVizura works Where NetVizura is deployed Use cases.

Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang

Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.

NetFlow Analyzer Best Practices, Tips, Tricks. Agenda Professional vs Enterprise Edition System Requirements Storage Settings Performance Tuning Configure.

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

OPEN SOURCE NETWORK MANAGEMENT TOOLS

DISA Cyclops Program.

A SURVEY ON NETWORK traffic Monitoring Tools.

Technologies and Applications

Network Tools and Utilities

Network Operations and Network Management

Network and Services Management

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.

Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.

CPE 401 / 601 Computer Network Systems

Binary Lesson 5 Classful IP Addresses

i-Path : Network Transparency Project

Chapter 8: Monitoring the Network

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli

Agenda 1. How did we get here 2. Network monitoring tools 3. Sample graphs

n Shawn Fanning n cles/0,3266,55730,00.html Napster

Taming Bandwidth Hogs... How can your campus do it? Ana Preston, University of Tennessee Linda Roos, University of Nebraska, Lincoln Tuesday, 11:45, Marquis 4

A simple question n CIO requested that we estimate Internet transit requirements for the next 18 months

Sources n rks.html n ay/Moore_Law.html

What are current bandwidth requirements? What do we receive from our provider?

A few words about UW Internet access n WiscNet is a state education-based ISP - founded with help from UW-Madison n Charter membership included 14 UW- System universities and 8 privates colleges n WiscNet now serves over 500 educational institutions - predominantly K-12

The WiscNet backbone n Comprised of OC-3 links connecting UW- Madison, UW-Milwaukee, the Chicago NAP and the Ameritech Advanced Data Service Center (AADS), also in Chicago.

WiscNet Services n Internet transport and transit n Internet 2 transport n Peering transport at AADS

Current bandwidth requirements continued... n Inbound vs. outbound traffic n Usage caps n Prime time usage n Peering and I2 traffic n Effect of peer-to-peer networking and future policy on usage/fair utilization

What is a flow? n Host-to-host conversation between that includes the IP address and port # for each host. n Representation of a series of packets traveling between two end-points. n A unidirectional series of IP packets of a given protocol, traveling between a source and destination within a certain period of time.

Flow as represented by log n Easy to think of it as we would a sniffer trace - bits and bytes seen traversing the wire n In actuality, the flows are the accounting record or log of activity as reported by the router

Measurement Tools - Flowscan n Flowscan - freely available perl scripts and modules that aggregate other freely available tools for representing flows n Analyzes and reports on NetFlow data collected by CAIDA’s clfowd n Stored using RRDtool - time series data n Flowscan provides reporting capabilities and visualization of flow data

Example n cflowd receives flow data from the router and writes it to disk. n Flowscan parses/messages data from cflowd and stores the results in RRD format. n RRDtool graph produces graphs from RRD files.

More on FlowScan See Dave ->

General Flowscan Graphs

Network Events Captured by FlowScan

New Development wwwstats.net.wisc.edu/CampusIO/top/originAS.html wwwstats.net.wisc.edu/CampusIO/top/ _22_top.html

“It’s easier to ride a horse in the direction it’s going” Daniel Burrus