POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 2003. 11. 17. 정승화 DPNM Lab. in Postech.

Slides:

Advertisements

Similar presentations

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

RIP V1 W.lilakiatsakun.

,< 資管 Lee 附錄 A0 IGMP vs Multicast Listener Discovery.

TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.

Introduction to Network Analysis and Sniffer Pro

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

Internet Control Message Protocol (ICMP)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Internet Protocol Version4.

Host Configuration: BOOTP and DHCP

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

1 ICMP – Using Ping and Trace CCNA Semester

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.

NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Page 19/13/2015 Chapter 8 Some conditions that must be met for host to host communication over an internetwork: a default gateway must be properly configured.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.

Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

POSTECH DP&NM Lab 1 Remote Network Monitoring (RMON)

Chapter 6 – Connectivity Devices

Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.

CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

24/10/2015draft-novak-bmwg-ipflow-meth- 03.txt 1 IP Flow Information Accounting and Export Benchmarking Methodology

CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.

Internet Protocols. Address Resolution IP Addresses are not recognized by hardware. If we know the IP address of a host, how do we find out the hardware.

Netflow Collection & Processing David Ripley. 2 Lead Network Security Developer, Advanced Network Management Laboratory Indiana University Network security.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.

Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교

Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.

Open-Eye Georgios Androulidakis National Technical University of Athens.

- 1 IPv6 Quality of Service Measurement Issues and Solutions Alessandro Bassi Hitachi Europe SAS RIPE 50 meeting Stockholm, 2 nd May 2005.

1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.

Copyright Kenneth M. Chipps Ph.D. Ethernet Frame Format Last Update

CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.

1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.

Net Flow Network Protocol Presented By : Arslan Qamar.

Cisco 2 - Routers Perrine. J Page 112/19/2015 Chapter 8 TCP/IP Error Message Some of the conditions that must be met in order for host to host communication.

ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.

UDP : User Datagram Protocol 백 일 우

 Router Configurations part2 2 nd semester

LonWorks Introduction Hwayoung Chae.

Exploiting Layer 2 By Balwant Rathore.

A quick intro to networking

Internet Protocol Formats

BOOTP and DHCP Objectives

ICMP – Using Ping and Trace

IST 202 Chapter 4.

Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park

Net431:advanced net services

Internet Protocol Version4

Hubs Hubs are essentially physical-layer repeaters:

ICMP – Using Ping and Trace

TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

IP : Internet Protocol Surasak Sanguanpong

Chapter 8: Monitoring the Network

What does this packet do?

Chapter 10 IGMP Prof. Choong Seon HONG.

Network Analyzer :- Introduction to Wireshark

Internet Protocol Formats

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Chapter 3 Transport Layer

Presentation transcript:

POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.

POSTECH DP&NM Lab. 2 Contents Introduction & Goal Architectural Design Processes Initialization Process NetFlow Generating Process NetFlow Exporting Process Data Formats IP Packet Format NetFlow Format MySQL Table Field Overall Architecture Configuration Testing

POSTECH DP&NM Lab. 3 Introduction Monitoring Network Packets Flows CISCO Router  NetFlow InMon  sFlow Goal Free (or Cheap) Generating NetFlow

POSTECH DP&NM Lab. 4 Architecture (1/2) Capturing all Packets Passively for each interface. (Using Libpcap) Compared Packet Header information to put Buffer. Buffer gather Packets and Extracting NetFlow Info. Capture Packet Analysis Buffer Packet Comparing Comparing with another Captured Packet Header information to check Interface.

POSTECH DP&NM Lab. 5 Architecture (2/2) Buffer Export Two buffers are switched by Configured Time Interval. Exporting Flow Info. in NetFlow (V.5) Format to configured Analyzer IP & Port on every configured time interval. Analyzer

POSTECH DP&NM Lab. 6 Initialization Process Getting Configuration Packet Pool Initialization Buffer Initialization Export Thread Start Timer Start Capture Thread Start

POSTECH DP&NM Lab. 7 NetFlow Generating Process Receiving Captured Packets Checking Ethernet Type Ethernet Type: IP Buffer Insertion Repeat Checking Interface Interface: OK

POSTECH DP&NM Lab. 8 NetFlow Exporting Process Repeat Exporting NetFlow Resetting Buffer Switching Buffer Repeating above process every configured time interval Buffer

POSTECH DP&NM Lab. 9 Packet Header Format Timestamp Source Address Destination Address Source PortDestination Port Packet SizeEther Type IP IdentificationIP Offset ProtocolToSTCP flagUnused (zero) Input InterfaceOut Interface

POSTECH DP&NM Lab. 10 NetFlow Format NetFlow V.5 Header Flow Record Flow Record Flow Record Flow Record Flow Record UDP message format transmitted from traffic meter NetFlow VersionFlow Record Count (1-30) SysUptime of the export device booted Current count of seconds since 0000 UTC 1970 Residual nanoseconds since 0000 UTC 1970 Sequence counter of total flows seen engine_typeengine_idUnused (zero) Format of NetFlow V.5 Header

POSTECH DP&NM Lab. 11 NetFlow Format Source IP address Destination IP address IP address of next hop router Input InterfaceOutput Interface Packets in the flow Bytes in the packets of the flow SysUptime at start of flow SysUptime at the last packet of the flow was received Source PortDestination Port Unused (zero)TCP flagIP protocol typeToS Source ASDestination AS Src. MaskDst. MaskUnused (zero)

POSTECH DP&NM Lab. 12 MySQL Table Field First Timestamp:int(4) unsigned Last Timestamp:int(4) unsigned Source Address:char(20) Destination Address:char(20) Source Port:int(2) unsigned Destination Port:int(2) unsigned Packets:int(10) unsigned Bytes:int(10) unsigned Protocol:int(1) unsigned

POSTECH DP&NM Lab. 13 Overall Architecture Control Signal Data Flow Packet Analysis (Buffer Insert) Buffer [0] [Hash]Buffer [1] [Hash] Export Packet (Sending UDP) Time Handler (Switching Buffers) Packet Comparing Capture Packet

POSTECH DP&NM Lab. 14 Capturing Interface Exporting Time Interval Analyzer IP Analyzer Port MySQL Info. Sampling Rate Configuration Export Module gets below configure Info. when it starts. We can have export module to each interface separately by changing this option. This exporting time interval unit is assumed to be 10 sec at least. Export Module will send NetFlow Info. to this IP address & Port MySQL Information to use NetFlow Info.

POSTECH DP&NM Lab. 15 Configuration (Detail)

POSTECH DP&NM Lab. 16 Traffic Meter Testing UDP NMS Testing NetFlow Generator Testing NetFlow Receiving Server by fdget Program CISCO developed a tool named fdget for viewing the data exported from a NetFlow router.