TEIN2 Measurement and Monitoring Workshop Netflow.
|
|
- Lisa Berry
- 8 years ago
- Views:
Transcription
1 TEIN2 Measurement and Monitoring Workshop Netflow
2 Passive Measurements - Netflow Netflow Setting up Netflow on a router Using Netflow Establishing exports Configuring a collector Analysing the data
3 Netflow Netflow was developed by Cisco in response to demands by customers to have accessible detailed information about the IP traffic in the network Cisco IOS NetFlow efficiently provides a key set of services for IP applications, including network traffic accounting, usage-based network billing, network planning, security, Denial of Service monitoring capabilities, and network monitoring. NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing.
4 Configuring Netflow on a router On the router: At interface level: ip route-cache flow ip flow ingress On switch/routers it is different: ip route-cache flow gives only supervisor routed packets Need to cover switched packets mls flow ip interface-full The router is now deploying Netflow but the data is not being exported but it is available local to the router.
5 sh ip cache flow Router> sh ip cache flow IP packet size distribution (10608M total packets): IP Flow Switching Cache, bytes active, inactive, added ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, bytes active, inactive, added, added to flow 0 alloc failures, force free 3 chunks, 1089 chunks added last clearing of statistics never
6 show ip cache flow Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet TCP-FTP TCP-FTPD TCP-WWW TCP-SMTP TCP-X TCP-BGP TCP-NNTP TCP-Frag TCP-other UDP-DNS UDP-NTP UDP-TFTP UDP-Frag UDP-other ICMP IGMP IPv6INIP GRE IP-other Total:
7 sh ip cache flow SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Gi Gi C Gi Gi Gi Gi E Gi Gi C3A
8 sh ip cache flow Useful tips: For spotting large numbers of packets in a flow: Router>sh ip cache flow include K Gi Gi E3F K Gi Gi D K Gi Gi F 0AAF 12K Gi Gi D 0FAF 10K Gi Gi D86 15K Gi Gi F9F 26E4 12K
9 Top talkers Configure terminal ip flow-top-talkers Sort-by packets Cache-timeout 2000 top 5 Sample output: Router>show ip flow top-talkers SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Gi Local F K Gi Null E DC Gi Gi F Gi Gi D Gi Gi D
10 Sampled Netflow Sampling rates (if required): flow-sampler-map SAMPLE mode random one-out-of 100 exit
11 Configuring flow-export on a router Flow data can be exported as a UDP stream from the router to a collection machine The commands for enabling this are normally: ip flow-export source Loopback0 ip flow-export version 5 origin AS ip flow-export destination Configuring flow-export on a switch/router mls nde sender version 5
12 Now verify router export Router> show ip flow export Flow export v5 is enabled for main cache Exporting flows to (9991) Exporting using source interface Loopback0 Version 5 flow records, origin-as flows exported in udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures 0 export packets were dropped enqueuing for the RP 0 export packets were dropped due to IPC rate limiting Router>
13 Configuring flow-export the receiver Many netflow tools available Many in-house developed solutions eg AARNet NFA Flowtools ( is a software package for collecting and processing NetFlow data from Cisco and Juniper routers
14 Flowtools Flow-tools is library and a collection of programs used to collect, send, process, and generate reports from NetFlow data. The tools can be used together on a single server or distributed to multiple servers for large deployments. The flow-toools library provides an API for development of custom applications for NetFlow export versions 1,5,6 and the 14 currently defined version 8 subversions. A Perl and Python interface have been contributed and are included in the distribution.
15 Flowtools Flows are exported from a router in a number of different configurable versions. A flow is a collection of key fields and additional data. The flow key is {srcaddr, dstaddr, input, output, srcport, dstport, prot, ToS}. Flow-tools supports one export version per file.
16 Formats.. Flows are exported from a router in a number of different configurable versions. A flow is a collection of key fields and additional data. The flow key is {srcaddr, dstaddr, input, output, srcport, dstport, prot, ToS}. Flow-tools supports one export version per file. Export versions 1, 5, 6, and 7 all maintain {nexthop, dpkts, doctets, First, Last, flags}, ie the next-hop IP address, number of packets, number of octets (bytes), start time, end time, and flags such as the TCP header bits.
17 Formats Version 5 adds the additional fields {src_as, dst_as, src_mask, dst_mask}, ie source AS, destination AS, source network mask, and destination network mask. Version 7 which is specific to the Catalyst switches adds in addition to the version 5 fields {router_sc}, which is the Router IP address which populates the flow cache shortcut in the Supervisor
18 Formats Version 6 which is not officially supported by Cisco adds in addition to the version 5 fields {in_encaps, out_encaps, peer_nexthop}, ie the input and output interface encapsulation size, and the IP address of the next hop within the peer. Version 1 exports do not contain a sequence number and therefore should be avoided, although it is safe to store the data as version 1 if the additional fields are not used. Version 8 IOS NetFlow is a second level flow cache that reduces the data exported from the router. There are currently 11 formats, all of which provide {dflows, doctets, dpkts, First, Last} for the key fields.
19 V8 Formats V8 8.1 Source and Destination AS, Input and Output interface Protocol and Port Source Prefix and Input interface Destination Prefix and Output interface Source/Destination Prefix and Input/Output interface ToS ToS ToS ToS ToS ports + ToS
20 Flowtools The following programs are included in the flow-tools distribution. flow-capture - Collect, compress, store, and manage disk space for exported flows from a router. flow-cat - Concatenate flow files. Typically flow files will contain a small window of 5 or 15 minutes of exports. Flow-cat can be used to append files for generating reports that span longer time periods. flow-fanout - Replicate NetFlow datagrams to unicast or multicast destinations. Flow-fanout is used to facilitate multiple collectors attached to a single router. flow-report - Generate reports for NetFlow data sets. Reports include source/destination IP pairs, source/destination AS, and top talkers. Over 50 reports are currently supported.
21 Flowtools flow-report - Generate reports for NetFlow data sets. Reports include source/destination IP pairs, source/destination AS, and top talkers. Over 50 reports are currently supported. flow-tag - Tag flows based on IP address or AS #. Flow-tag is used to group flows by customer network. The tags can later be used with flow-fanout or flow-report to generate customer based traffic reports. flow-filter - Filter flows based on any of the export fields. Flow-filter is used in-line with other programs to generate reports based on flows matching filter expressions. flow-import - Import data from ASCII or cflowd format. flow-export - Export data to ASCII or cflowd format.
22 FlowTools flow-send - Send data over the network using the NetFlow protocol. flow-receive - Receive exports using the NetFlow protocol without storing to disk like flow-capture. flow-gen - Generate test data. flow-dscan - Simple tool for detecting some types of network scanning and Denial of Service attacks. flow-merge - Merge flow files in chronoligical order. flow-xlate - Perform translations on some flow fields. flow-expire - Expire flows using the same policy of flow-capture. flow-header - Display meta information in flow file. flow-split - Split flow files into smaller files based on size, time, or tags.
23 Flow-capture flow-capture [-h] [-A AS0_substitution] [-b big little] [-C comment] [-c flow_clients] [-d debug_level] [-D daemonize] [-e expire_count] [-f filter_fname] [-F filter_definition] [-E expire_size] [-m privacy_mask] [-n rotations] [-N nesting_level] [-p pidfile] [-R rotate_program] [-S stat_interval] [-t tag_fname] [-T active_def active_def,active_def...] [-V pdu_version] [-z z_level] {-w workdir} {localip/remoteip/port}
24 Using flow-capture % flow-capture -z0 -N0 -V5 n95 -w/var/local/flows / /9991 This will create a flow capture file in the /var/local/flows directory It will initially by named tmp-v5.yyyy-mm-dd.hhmmss+0700 When the collection period (15 minutes) expires it will be renamed ft-v5.yyyy-mm-dd.hhmmss+tz00 % flowprint < ft-v5.yyyy-mm-dd.hhmmss+tz00 To anonymise use the m privacy_mask
25 flow-cat The flow-cat utility processes files and/or directories of files in the flow-tools format. The resulting concatenated data set is written to the standard output or file specified by -o. If file is a single dash (`-') or absent, flow-cat will read from the standard input. flow-cat [-aghmp] [-b big little] [-C comment] [-d debug_level] [-o filename] [-t start_time] [-T start_time] [-z z_level] [file directory...] % flow-cat ft-v * flow-print
26 flow-stat The flow-stat utility generates usage reports for flow data sets by IP address, IP address pairs, ports, packets, bytes, interfaces, next hops, autonomous systems, ToS bits, exporters, and tags. flow-stat [-hnppw] [-d debug_level] [-f format] [-S sort_field] [-s sort_field] [-t tally_lines] [-T title]
27 Formats 0 Overall Summary 1 Average packet size distribution 2 Packets per flow distribution 3 Octets per flow distribution 4 Bandwidth per flow distribution 5 UDP/TCP destination port 6 UDP/TCP source port 7 UDP/TCP port 8 Destination IP 9SourceIP 10 Source/Destination IP 11 Source or Destination IP 12 IP protocol 13 octets for flow duration plot data 14 packets for flow duration plot data 15 short summary 16 IP Next Hop 17 Input interface 18 Output interface 19 Source AS 20 Destination AS 21 Source/Destination AS 22 IP ToS 23 Input/Output Interface 24 Source Prefix 25 Destination Prefix 26 Source/Destination Prefix 27 Exporter IP 28 Engine Id 29 Engine Type 30 Source Tag 31 Destination Tag 32 Source/Destination Tag
28 Flow-filter The flow-filter utility will filter flows based on user selectable criteria. The IP address filters are defined in flow.acl or by the filename specified by -f. Other filters such as input interface and ports are defined on the command line. These filters accept range and negation operators, ie -i1-15 for input interfaces 1 through 15 or -i1,15 for input interfaces 1 and 15, or!1,15 for not input interfaces 1 and 15. flow-filter [-hko] [-a src_as_filter] [-A dst_as_filter] [-b big little] [-C comment] [-D dstaddr_filter_name] [-d debug_level] [-f acl_fname] [-i input_filter] [-I output_filter] [-p srcport_filter] [-P dstport_filter] [-r ipprot_filter] [-S srcaddr_filter_name] [-t tos_filter] [-T tcp_flags_filter] [-x nexthop_filter_name] [-z z_level]
29 Flow-tools are modular To produce a report on top source/destination AS using symbolic names: % flow-cat ft-v * flow-stat f20 n S4 To produce a report on top destination IP address report by outbound traffic: % flow-cat ft-v * flow-filter I 5 flow-stat -f8 -P -p -S3 To produce a report on top destination IP address report by outbound traffic: % flow-cat ft-v * flow-filter I 5 flow-stat f9 -P -p -S3
30 Flowscan FlowScan examines flow data and maintains counters reflecting what was found. Counter values are stored using RRDtool, a database system for time-series data. Finally, FlowScan uses visualization capabilities of both RRDtool and other frontends to report on the processed flow data.
31 Other tools flowscan ntop prtg flowd Netflow Monitor
Flow-tools Tutorial. SANOG 6 Bhutan
Flow-tools Tutorial SANOG 6 Bhutan Agenda Network flows Cisco / Juniper implementation NetFlow Cisco / Juniper Configuration flow-tools programs overview and examples from Abilene and Ohio- Gigapop Network
More informationNetflow, Flow-tools tutorial
Netflow, Flow-tools tutorial Gaurab Raj Upadhaya Agenda Agenda bashing Do you want to see the labs, or want to discuss issues Netflow What it is and how it works Uses and Applications Vendor Configurations/
More informationNetflow, Flow-tools tutorial
Netflow, Flow-tools tutorial Gaurab Raj Upadhaya Agenda Agenda bashing Do you want to see the labs, or want to discuss issues Netflow What it is and how it works Uses and Applications Vendor Configurations/
More informationNet-flow. PacNOG 6 Nadi, Fiji
Net-flow PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools etc
More informationhttp://www.cisco.com/en/us/products//hw/switches/ps4324/index.html http://www.cisco.com/en/us/products/ps6350/index.html
CHAPTER 54 Supervisor Engine 6-E and Catalyst 4900M chassis do not support Netflow; it is only supported on Supervisor Engine IV, Supervisor Engine V, Supervisor Engine V-10GE, or WS-F4531. This chapter
More informationNetflow Overview. PacNOG 6 Nadi, Fiji
Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools
More informationLab 4.1.2 Characterizing Network Applications
Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1
More informationGetting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export Last Updated: November 28, 2011 This module contains the minimum amount of information about and instructions necessary for configuring
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationCISCO IOS NETFLOW AND SECURITY
CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network
More informationUltraFlow -Cisco Netflow tools-
UltraFlow UltraFlow is an application for collecting and analysing Cisco Netflow data. It is written in Python, wxpython, Matplotlib, SQLite and the Python based Twisted network programming framework.
More informationNetflow For Incident Detection 1
Netflow For Incident Detection 1 Michael Scheck / Cisco CSIRT mscheck@cisco.com Introduction Netflow is often deployed for network billing, auditing, and accounting. However, Netflow can also be for incident
More informationAppendix A Remote Network Monitoring
Appendix A Remote Network Monitoring This appendix describes the remote monitoring features available on HP products: Remote Monitoring (RMON) statistics All HP products support RMON statistics on the
More informationNetFlow Aggregation. Feature Overview. Aggregation Cache Schemes
NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to
More informationHTGR- Netflow. or, how to know what your network really did without going broke
HTGR- Netflow or, how to know what your network really did without going broke Michael W. Lucas mwlucas@blackhelicopters.org GKN Driveline North America, Inc. Copyright 2007 Michael W. Lucas slide 1 What
More informationEnabling and Monitoring NetFlow on Subinterfaces
Enabling and Monitoring NetFlow on Subinterfaces This module contains instructions for enabling and monitoring NetFlow on a router subinterface or a Versatile Interface Processor (VIP) controller interface.
More informationLAB II: Securing The Data Path and Routing Infrastructure
LAB II: Securing The Data Path and Routing Infrastructure 8. Create Packet Filters a. Create a packet filter which will deny packets that have obviously bogus IP source addresses but permit everything
More informationConfiguring NetFlow and NetFlow Data Export
This module contains information about and instructions for configuring NetFlow to capture and export network traffic data. NetFlow capture and export are performed independently on each internetworking
More informationIPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令
IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,
More informationConfiguring NetFlow Data Export (NDE)
49 CHAPTER Prerequisites for NDE, page 49-1 Restrictions for NDE, page 49-1 Information about NDE, page 49-2 Default Settings for NDE, page 49-11 How to Configure NDE, page 49-11 Note For complete syntax
More informationAn overview of traffic analysis using NetFlow
The LOBSTER project An overview of traffic analysis using NetFlow Arne Øslebø UNINETT Arne.Oslebo@uninett.no 1 Outline What is Netflow? Available tools Collecting Processing Detailed analysis security
More informationNetwork Operations and Network Management
Network Operations and Network Management By Aftab A. Siddiqui aftabs@cyber.net.pk Overview Network Management Network Operations Centre Network Monitoring Systems and Tools Network Management Protocol
More informationEMIST Network Traffic Digesting (NTD) Tool Manual (Version I)
EMIST Network Traffic Digesting (NTD) Tool Manual (Version I) J. Wang, D.J. Miller and G. Kesidis CSE & EE Depts, Penn State EMIST NTD Tool Manual (Version I) Page 1 of 7 Table of Contents 1. Overview...
More informationLogLogic Cisco NetFlow Log Configuration Guide
LogLogic Cisco NetFlow Log Configuration Guide Document Release: March 2012 Part Number: LL600068-00ELS090000 This manual supports LogLogic Cisco NetFlow Version 2.0, and LogLogic Software Release 5.1
More informationEnabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches
Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Revised 2/1/2007 Introduction...2 Requirements...2 Catalyst 4500 Series...2 Enabling NetFlow...2 Configuring a NetFlow Destination...3
More informationNetFlow v9 Export Format
NetFlow v9 Export Format With this release, NetFlow can export data in NetFlow v9 (version 9) export format. This format is flexible and extensible, which provides the versatility needed to support new
More informationConfiguring SNMP and using the NetFlow MIB to Monitor NetFlow Data
Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data NetFlow is a technology that provides highly granular per-flow statistics on traffic in a Cisco router. The NetFlow MIB feature provides
More informationNFQL: A Tool for Querying Network Flow Records [6]
NFQL: A Tool for Querying Network Flow Records [6] nfql.vaibhavbajpai.com Vaibhav Bajpai, Johannes Schauer, Corneliu Claudiu Prodescu, Jürgen Schönwälder {v.bajpai, j.schauer, c.prodescu, j.schoenwaelder@jacobs-university.de
More informationCatalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting
Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting Document ID: 70974 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Network Diagram
More informationConfiguring NetFlow Switching
Configuring NetFlow Switching This chapter describes how to configure NetFlow switching. For a complete description of NetFlow commands used in this chapter, refer to the Cisco IOS Switching s chapter
More informationConfiguring Flexible NetFlow
CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields
More informationSymantec Event Collector for Cisco NetFlow version 3.7 Quick Reference
Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference Symantec Event Collector for Cisco NetFlow Quick Reference The software described in this book is furnished under a license agreement
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationHow-To Configure NetFlow v5 & v9 on Cisco Routers
How-To Configure NetFlow v5 & v9 on Cisco Routers Share: Visibility into the network is an indispensable tool for network administrators. Network visibility can be achieved through daily troubleshooting,
More informationHow To Use Netflow On Cisco Ios V2.3.4.4 (V2.4) And V2 (V3.3) (V1.4).4.2.2) (Cisco V
NetFlow Services and Applications Whitepaper Kevin Delgadillo, Cisco IOS Product Marketing Table of Contents 1.0 Introduction 2.0 NetFlow Definitions and Benefits 2.1 NetFlow Cache Management and Data
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationEnabling NetFlow on Virtual Switches ESX Server 3.5
Technical Note Enabling NetFlow on Virtual Switches ESX Server 3.5 NetFlow is a general networking tool with multiple uses, including network monitoring and profiling, billing, intrusion detection and
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Introduction... 3 Requirements... 3 Catalyst 4500 Series... 3 Enabling NetFlow... 3 Configuring
More informationLogLogic Cisco NetFlow Log Configuration Guide
LogLogic Cisco NetFlow Log Configuration Guide Document Release: September 2011 Part Number: LL600068-00ELS090000 This manual supports LogLogic Cisco NetFlow Version 1.0, and LogLogic Software Release
More informationNetFlow Services and Applications
WHITE PAPER NetFlow Services and Applications Introduction Rapid growth in Internet and intranet deployment and usage has created a major shift in both corporate and consumer computing paradigms. This
More informationIntegrated Traffic Monitoring
61202880L1-29.1E July 2008 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of the
More informationOBJECTIVES This paper examines how NetFlow is implemented on logical interfaces. Logical interfaces can be divided into two groups:
Configuration Guide NetFlow on Logical Interfaces: Frame Relay, Asynchronous Transfer Mode, Inter-Switch Link, 802.1q, Multilink Point to Point Protocol, General Routing Encapsulation, Layer 2 Tunneling
More informationIntroduction to Cisco IOS Flexible NetFlow
Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity
More informationNETWORK FLOW ANALYSIS
NETWORK FLOW ANALYSIS DefCon 2008 Bruce Potter gdead@shmoo.com bpotter@pontetec.com INTRODUCTIONS Bruce Potter Founder of Ponte Technologies Focus on advanced defensive technologies Founder of The Shmoo
More informationIntegrated Traffic Monitoring
61202880L1-29.1F November 2009 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of
More informationSonicOS 5.8: NetFlow Reporting
SonicOS 5.8: NetFlow Reporting Document Scope Rapid growth of IP networks has created interest in new business applications and services. These new services have resulted in increases in demand for network
More informationOverview. Why use netflow? What is a flow? Deploying Netflow Performance Impact
Netflow 6/12/07 1 Overview Why use netflow? What is a flow? Deploying Netflow Performance Impact 2 Caveats Netflow is a brand name like Kleenex. It was developed by Cisco Juniper uses the term cflowd for
More informationTutorial: Options for Blackhole and Discard Routing. Joseph M. Soricelli Wayne Gustavus NANOG 32, Reston, Virginia
Tutorial: Options for Blackhole and Discard Routing Joseph M. Soricelli Wayne Gustavus NANOG 32, Reston, Virginia Caveats and Assumptions The views presented here are those of the authors and they do not
More informationCisco IOS NetFlow Command Reference
July 2011 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND
More informationTools. Caution. What tcpdump can do for you? What Tcpdump can do for you. Network Analyzer
Network Analyzer Network troubleshooting Monitoring bandwidth usage Defend against the security threats Programming troubleshooting Learn/Examine Network protocol Tools Tcpdump WireShark Snoop nmap Snort
More informationNetFlow FlowAnalyzer Overview
CHAPTER 1 FlowAnalyzer Overview This chapter describes the FlowAnalyzer system and its components. This system is used to read, analyze, and display switching data collected by the FlowCollector application.
More informationNetFlow & BGP multi-path: quo vadis?
NetFlow & BGP multi-path: quo vadis? Paolo Lucente Elisa Jasinska Netnod, Stockholm Agenda About Netflix About pmacct Brief digression on BGP ADD-PATHS Putting all
More informationCisco IOS NetFlow Version 9 Flow-Record Format
Cisco IOS NetFlow Version 9 Flow-Record Format Last updated: February 007 Overview Cisco IOS NetFlow services provide network administrators with access to information concerning IP flows within their
More informationDesign and Implementation of an Interactive DBMS-supported Network Traffic Analysis and Visualization System
Design and Implementation of an Interactive DBMS-supported Network Traffic Analysis and Visualization System 1 Hyun-chul Kim, 2Jihoon Lee Dept. of Computer Software Engineering, Sangmyung Univ., hyunchulk@gmail.com
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Configuring Devices for Flow Collection Introduction... 3 Cisco... 3 Cisco Catalyst 3560/3750... 4 Cisco Catalyst 4500... 7 Cisco Catalyst 6500... 9 Cisco Nexus 7000/7010...
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Configuring Devices for Flow Collection Introduction... 3 Cisco... 3 Cisco Catalyst 3560/3750... 4 Cisco Catalyst 4500... 7 Cisco Catalyst 6500... 9 Cisco Nexus 7000/7010...
More informationNetFlow Subinterface Support
NetFlow Subinterface Support Feature History Release Modification 12.2(14)S This feature was introduced. 12.2(15)T This feature was integrated into Cisco IOS Release 12.2 T. This document describes the
More informationNetFlow Auditor Manual Getting Started
NetFlow Auditor Manual Getting Started Setting up NetFlow Check if your Routers or Switches Supports NetFlow. Almost all Cisco devices support NetFlow since its introduction in the 11.1 train of Cisco
More informationFlow Based Traffic Analysis
Flow based Traffic Analysis Muraleedharan N C-DAC Bangalore Electronics City murali@ncb.ernet.in Challenges in Packet level traffic Analysis Network traffic grows in volume and complexity Capture and decode
More informationOverview of Network Traffic Analysis
Overview of Network Traffic Analysis Network Traffic Analysis identifies which users or applications are generating traffic on your network and how much network bandwidth they are consuming. For example,
More informationConfiguring NetFlow-lite
CHAPTER 55 Note NetFlow-lite is only supported on Catalyst 4948E Ethernet Switch. This chapter describes how to configure NetFlow-lite on the Catalyst 4948E switch. NetFlow-lite provides traffic monitoring
More informationWireshark Developer and User Conference
Wireshark Developer and User Conference Using NetFlow to Analyze Your Network June 15 th, 2011 Christopher J. White Manager Applica6ons and Analy6cs, Cascade Riverbed Technology cwhite@riverbed.com SHARKFEST
More informationCisco IOS Flexible NetFlow Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationCase Study: Instrumenting a Network for NetFlow Security Visualization Tools
Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at
More informationNetFlow & BGP multi-path: quo vadis?
NetFlow & BGP multi-path: quo vadis? Paolo Lucente Elisa Jasinska NANOG61, Bellevue Agenda About Netflix About pmacct Brief digression on BGP ADD-PATHS Putting all
More informationResearch on Errors of Utilized Bandwidth Measured by NetFlow
Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic
More informationFlow Analysis. Make A Right Policy for Your Network. GenieNRM
Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do
More information8. 網路流量管理 Network Traffic Management
8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error
More informationTech Note #015. General requirements
Mazu Networks, Inc. 125 CambridgePark Dr. Cambridge, MA 02140 Phone (617) 354-9292 Fax (617) 354-9272 www.mazunetworks.com Configuring NetFlow for Profiler Tech Note #015 Product: Profiler Version: 5.5
More informationICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.
ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow
More informationDoes reality matter?: QoS & ISPs
Does reality matter?: QoS & ISPs Scott Bradner Harvard University s&rbn - 1 In the Beginning in the beginning (and now) there was (is) philosophy or is that religion? smart network vs. smart edges centralized
More informationNetFlow Performance Analysis
NetFlow Performance Analysis Last Updated: May, 2007 The Cisco IOS NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device. Network
More informationTEIN2 Measurement and Monitoring Workshop. Bruce.Morgan@aarnet.edu.au
TEIN2 Measurement and Monitoring Workshop Bruce.Morgan@aarnet.edu.au Introduction Agenda TEIN2 Topology Network Monitoring Network Measurement Day 1 Session I: Introduction 09:00-09:30 Introduction to
More informationDistributed Network Monitoring using NetFlow and MonALISA
Distributed Network Monitoring using NetFlow and MonALISA Developed in Joint Collaboration between: Dr. Xun Su California Institute of Technology Jose Luis Fernandez Florida International University Ernesto
More informationAnalyzing Traffic across the Greek School Network
1 Analyzing Traffic across the Greek School Network Costas Kattirtzis, Emmanuel Varvarigos, Kyriakos Vlachos, member IEEE, George Stathakopoulos and Michael Paraskevas Abstract In this paper, we present
More information網路流量量測與分析 楊竹星 國立中山大學資訊工程系
路 流 量 量 立 Outline Introduction NetFlow Netflow Overview Netflow Architecture Netflow Formats Netflow Feature Acceleration Netflow Deployment AAA Our solutions System Architecture Enhance Flow-Tools Protocol
More informationNetFlow/IPFIX Various Thoughts
NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application
More informationNetFlow Configuration Guide, Cisco IOS Release 15M&T
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationConfiguring NetFlow. Information About NetFlow. Send document comments to nexus1k-docfeedback@cisco.com. CHAPTER
CHAPTER 11 Use this chapter to configure NetFlow to characterize IP traffic based on its source, destination, timing, and application information, to assess network availability and performance. This chapter
More informationNetwork Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw
Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring
More informationEmerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.
Emerald Network Collector Version 4.0 Emerald Management Suite IEA Software, Inc. Table Of Contents Purpose... 3 Overview... 3 Modules... 3 Installation... 3 Configuration... 3 Filter Definitions... 4
More informationNetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com
NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK
More informationFluke Networks NetFlow Tracker
Fluke Networks NetFlow Tracker Quick Install Guide for Product Evaluations Pre-installation and Installation Tasks Minimum System Requirements The type of system required to run NetFlow Tracker depends
More informationINDEX. KretchmarBook 2003/9/5 10:27 page 231 #243
KretchmarBook 2003/9/5 10:27 page 231 #243 INDEX.character, Oak and, 119, 120 +modifier,oak and, 120 *modifier,oak and, 120 []operator, Oak and, 120 121 -character, Oak and, 121 $character, Oak and, 121
More informationConfiguring a Load-Balancing Scheme
This module contains information about Cisco Express Forwarding and describes the tasks for configuring a load-balancing scheme for Cisco Express Forwarding traffic. Load-balancing allows you to optimize
More informationCisco IOS NetFlow Version 9 Flow-Record Format
White Paper Cisco IOS NetFlow Version 9 Flow-Record Format Last updated: May 0 Overview Cisco IOS NetFlow services provide network administrators with access to information concerning IP flows within their
More informationNetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6
(Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means
More informationCisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004
Cisco NetFlow TM Briefing Paper Release 2.2 Monday, 02 August 2004 Contents EXECUTIVE SUMMARY...3 THE PROBLEM...3 THE TRADITIONAL SOLUTIONS...4 COMPARISON WITH OTHER TECHNIQUES...6 CISCO NETFLOW OVERVIEW...7
More informationNetFlow The De Facto Standard for Traffic Analytics
NetFlow The De Facto Standard for Traffic Analytics A Webinar on NetFlow and its uses in Enterprise Networks for Bandwidth and Traffic Analytics Don Thomas Jacob Technical Marketing Engineer ManageEngine
More informationAUTOMATED SYSTEM FOR LOAD-BALANCING EBGP PEERS
AUTOMATED SYSTEM FOR LOAD-BALANCING EBGP PEERS By BRIAN T. WALLACE A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER
More informationNetFlow Configuration Guide, Cisco IOS Release 12.2SR
NetFlow Configuration Guide, Cisco IOS Release 12.2SR Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationNSC 93-2213-E-110-045
NSC93-2213-E-110-045 2004 8 1 2005 731 94 830 Introduction 1 Nowadays the Internet has become an important part of people s daily life. People receive emails, surf the web sites, and chat with friends
More informationNetFlow Configuration Guide, Cisco IOS Release 12.4
NetFlow Configuration Guide, Cisco IOS Release 12.4 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationJunos OS. Flow Monitoring Feature Guide for Routing Devices. Release 14.1. Published: 2014-09-27. Copyright 2014, Juniper Networks, Inc.
Junos OS Flow Monitoring Feature Guide for Routing Devices Release 14.1 Published: 2014-09-27 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More information- Multiprotocol Label Switching -
1 - Multiprotocol Label Switching - Multiprotocol Label Switching Multiprotocol Label Switching (MPLS) is a Layer-2 switching technology. MPLS-enabled routers apply numerical labels to packets, and can
More informationAdvanced NetFlow for Service Providers. Aamer Akhter (aa@cisco.com) Benoit Claise (bclaise@cisco.com)
Advanced NetFlow for Service Providers Aamer Akhter (aa@cisco.com) Benoit Claise (bclaise@cisco.com) 1 Agenda Introduction NetFlow Version 9 Interesting Features on Traditional NetFlow Flexible NetFlow
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationConfiguring Denial of Service Protection
24 CHAPTER This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches,
More informationUser Documentation nfdump & NfSen
User Documentation nfdump & NfSen 1 NFDUMP This is the combined documentation of nfdump & NfSen. Both tools are distributed under the BSD license and can be downloaded at nfdump http://sourceforge.net/projects/nfdump/
More information