Presentation is loading. Please wait.

Presentation is loading. Please wait.

A SURVEY ON NETWORK traffic Monitoring Tools.

Published byShannon Nelson Modified over 7 years ago

Similar presentations

Presentation on theme: "A SURVEY ON NETWORK traffic Monitoring Tools."— Presentation transcript:

1 A SURVEY ON NETWORK traffic Monitoring Tools.
BY: Medarametla Jasmitha Harshini Sri Bingi Nanduri Sai Gopal

2 Introduction. Network traffic monitoring is the process of reviewing, analyzing and managing the network traffic for any abnormality or process that can affect network performance, availability and security. Traffic monitoring and analyzing has become more important in this modern world as the number of network elements are increasing in a very large number when compared to past. Network administrators have to not only deal with higher speed wired networks but also wireless networks.

3 Network Administrators need more sophisticated monitoring tools in order to deal with the network stability and to avoid the network failure. Based on data acquisition methods, the tools are categorized into three types: Network traffic flow from Netflow-like devices SNMP Packet Sniffing

4 Traffic flow: Traffic flow is a sequence of packets from particular source to particular destination. Network traffic flow information from network devices like NetFlow, such as "Cisco NetFlow" and "sFlow", by SNMP such as "MRTG" and "Cricket", and by packet sniffer such as "snoop" and "tcpdump“ are discussed.

5 1.CISCO NETFLOW: CISCO NetFlow services provide network administrators with access to information concerning IP flows within their data networks. Exported NetFlow data can be used for a variety of purposes, including network management and planning, enterprise accounting, Internet Service Provider (ISP) billing, data warehousing, combating Denial of Service (DoS) attacks, and data mining for marketing purposes. The basic output of NetFlow is a flow record. Several different formats for flow records have evolved as NetFlow has matured. The most recent evolution of the NetFlow flow-record format is known as Version 9. 

6 NETFLOW COLLECTOR TOOLS:
Software/OS Input Output Functions/Features flow Script Netflow Text Script for NetFlow-generating software traffic probe flowd BSD-liked, OpenBSD, Linux Text or SQL Flow collector (IPv4 and IPv6 transports) Support NetFlow V9 nfdump BSD-liked text A set of tools to capture/record, dump, filter, and replay NetFlow (v5/v7/9) data Neye Linux, Solaris, AIX, Irix, HP/UX, Mac OS X, Digital Unix, Ultrix, Nextstep NetFlow v5 ASCII, MySQL, SQLite Support various operating systems, make full use of POSIX threads pcNetFlow Linux, FreeBSD A software running on normal PC hosts

7 NETWORK TRAFFIC FLOW MONITORING AND ANALYSIS TOOLS:
These tools generate graph or function as the visualization tools, which provide the summarization and classification of network flow information. FlowScan, Autofocus, and Fluxoscope are few popular tools for network traffic monitoring and analysis. Flowscan Visualization tool Output in gif or png format cflowd- data collector Buffer management

8 PRTG: Powerful and Low-cost tool. Supports all three data acquisition methods. Both free and commercial versions. AutoFocus: Traffic analysis and visualization tool. Output-text reports and time series plots. Traffic cluster aggregation. Fluxoscope: Aggregation and analysis tool. Web based tool. Supports multiple netflow streams.

9 FREE NETFLOW M AND A TOOLS:
HARDWARE/SOFTWARE INPUT OUTPUT MONITOR-M CAPTURE-C ANALYSIS-A REAL TIME-R/OFFLINE-O Argus (S) Linux, Solaris, FreeBSD, MAC, OpenBSD, NetBSD packet capture files, data from a live interface Text (log files) M, C, A: report/ audit R, O Autofocus(Cluster) (S) N/A packet header traces, NetFlow GUI (Web*) visualization A O Aflow N/A NetFlow GUI(web*) M, C, A AsItHappens (S) Java SNMP and Netflow GUI M, C R CAIDA cflowd (S) Unix-liked, FreeBSD flow-export data from one or more Cisco routers Tabular summaries

10 CONTINUED.. TOOL HARDWARE/SOFTWARE INPUT OUTPUT MONITOR-M CAPTURE-C
ANALYSIS-A REAL TIME-R/OFFLINE-O CoMo (S) Linux, FreeBSD NetFlow and other traffic capture source N/A M, C R CUFlow (S) Unix-liked, Debian NetFlow TexT CANINE (S) Linux, MAC, Solaris, Windows GUI CoralReef(optical net) (S) Unix-liked, Linux, FreeBSD ATM Traffic live O Cricket (S) BSD-liked, Linux, FreeBSD, HP-UX SNMP GUI (Web*) A (time-series data)

11 2.Network traffic flow information by snmp
Application layer protocol defined by IEFT to monitor network-attached devices. Manager-Agent model. Uses MIB to exchange information SNMP uses five basic messages to exchange information: Get Get-Next Get-Response Set Trap

12 Thus the network information can be retrieved from the networking device by SNMP, like the network traffic flow information. Cannot store all flow and packet information. Link utilization, interface bandwidth are provided. Net-SNMP is a suite of software for using and deploying the SNMP protocol. SnmpGet is a tool that allows you to monitor networks using SNMP.

13 MRTG (MULTI ROUTER TRAFFIC GRAPHER) :
Visualization tool for monitoring SNMP based devices. To generate the output via SNMP agent, input and output object identifiers are queried regularly (the default is 5 minutes). Output is a HTML file with graphs displaying the traffic up and down speed. So far, it supports up to 600 router ports per 5 minutes. Limitation: SNMP performance.

14 Cricket: Free high performance, extremely flexible system for monitoring trends in time-series data. Two components-Collector and grapher. Written entirely in Perl. Developed on Solaris machines running under Apache. Inftraf: Another tool to monitor the SNMP based network devices.

15 3.Local traffic flow information by packet sniffer.
A "sniffer" can be either hardware or software, which mainly intercept and collect the local traffic. Then, it provides a function to decode and analyze the entire content of the packet in human readable. Traffic flow information in this category is local. Limitation: Cannot read encrypted packets. Commercial and free packet sniffers.

16 Software sniffer: Snoop:
simple packet capture tool bundled on Solaris OS. Command line interface and displays packet in text. Drawback-Does not reassemble IP fragments. Microsoft network monitor: Bundled with Microsoft windows. All "sniffer" provided for each operating system can run either in real-time and in batch modes.

17 Continued.. tcpdump: Bundled in Linux operating system.
windump can be used in windows. Runs on command line and output as to common text file for further analysis. Only used as Traffic capturing tool. Wireshark: User-friendly interface, with sorting filtering features. Capturing packets both from live network and from a saved capture file

18 Comparison of network traffic information
Sniffer RMON (4 groups) RMON II NetFlow Packet capture Y N Interface counters P Protocols: Packet Header Ethernet/802.3 IP/ICMP/UDP/TCP IPX Appletalk Y= fully supported, N= not supported, P= partially supported

19 Conclusion: The network traffic information is used to meet the administrators need. Tools based on three categories: SNMP - more suitable for remote management and configuration. Packet Sniffer - local tool where the device is attached. Netflow-like information is very useful for further analysis, but the limitations remain, such as high cost implementation and privacy concerns.

20 Queries….?

21 Thank you.

Download ppt "A SURVEY ON NETWORK traffic Monitoring Tools."

Similar presentations

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Network Performance Measurement

Network Performance Measurement
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Overview of network monitoring development at AMRES Slavko Gajin.

Overview of network monitoring development at AMRES Slavko Gajin.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Web Server Hardware and Software

Web Server Hardware and Software
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 

Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.

Similar presentations

Ads by Google