Overview of Network Traffic Analysis



Similar documents
NetFlow Auditor Manual Getting Started

Fluke Networks NetFlow Tracker

A message from Plixer International:

Configuring NetFlow Switching

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

How-To Configure NetFlow v5 & v9 on Cisco Routers

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

SolarWinds Technical Reference

Scrutinizer. Getting Started Guide. A message from Plixer International:

Tech Note #015. General requirements

Flow Monitor for WhatsUp Gold v16.2 User Guide

NetFlow v9 Export Format

Flow Monitor for WhatsUp Gold v16.1 User Guide

CHAPTER 1 WhatsUp Flow Monitor Overview. CHAPTER 2 Configuring WhatsUp Flow Monitor. CHAPTER 3 Navigating WhatsUp Flow Monitor

Sampled NetFlow. Feature Overview. Benefits

Network Traffic Analyzer

LogLogic Cisco NetFlow Log Configuration Guide

NetFlow The De Facto Standard for Traffic Analytics

SolarWinds Technical Reference

SolarWinds Technical Reference

WhatsUpGold. v NetFlow Monitor User Guide

WhatsUpGold. v15.0. Flow Monitor User Guide

Netflow Overview. PacNOG 6 Nadi, Fiji

I cannot find the answer to my problem in the manuals, what do I need to do?

Lab Diagramming Intranet Traffic Flows

Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Running custom scripts which allow you to remotely and securely run a script you wrote on Windows, Mac, Linux, and Unix devices.

LogLogic Cisco NetFlow Log Configuration Guide

Appendix A Remote Network Monitoring

Network Visibility Guide

Network Monitoring and Management NetFlow Overview

SolarWinds Technical Reference

How Much Broadcast and Multicast Traffic Should I Allow in My Network?

Lab Characterizing Network Applications

NetFlow Subinterface Support

NetFlow Performance Analysis

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

NetFlow-Lite offers network administrators and engineers the following capabilities:

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Introduction to Netflow

Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team

Cisco IOS NetFlow Command Reference

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

How To Set Up Foglight Nms For A Proof Of Concept

Application Note - Using Tenor behind a Firewall/NAT

and reporting Slavko Gajin

Configuring DHCP Snooping

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

How do I configure multi-wan in Routing Table mode?

SolarWinds Certified Professional. Exam Preparation Guide

Traffic monitoring with sflow and ProCurve Manager Plus

Configuring NetFlow-lite

SolarWinds. NetFlow Traffic Analyzer. Evaluation Guide. Version 4.2

Lab Diagramming External Traffic Flows

Flow Analysis Versus Packet Analysis. What Should You Choose?

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

LAB II: Securing The Data Path and Routing Infrastructure

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Cisco CallManager 4.1 SIP Trunk Configuration Guide

LiveAction Application Note

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Cisco IOS Flexible NetFlow Command Reference

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Monitoring and analyzing audio, video, and multimedia traffic on the network

GLBP - Gateway Load Balancing Protocol

Sample Configuration Using the ip nat outside source static

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

How to configure an Advanced Expert Probe as NetFlow Collector

Lab 5.5 Configuring Logging

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

- Multiprotocol Label Switching -

Configuring NetFlow Secure Event Logging (NSEL)

Network Management & Monitoring

IP videoconferencing solution with ProCurve switches and Tandberg terminals

UltraFlow -Cisco Netflow tools-

Network Monitoring Comparison

Network Agent Quick Start

Voice Over IP Per Call Bandwidth Consumption

Enabling and Monitoring NetFlow on Subinterfaces

Firewall Load Balancing

Table of Contents. Cisco How Does Load Balancing Work?

OBJECTIVES This paper examines how NetFlow is implemented on logical interfaces. Logical interfaces can be divided into two groups:

Per-Packet Load Balancing

Integrated Traffic Monitoring

Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation

NetVanta 7100 Exercise Service Provider SIP Trunk

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Configuring Network Address Translation (NAT)

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

Transcription:

Overview of Network Traffic Analysis Network Traffic Analysis identifies which users or applications are generating traffic on your network and how much network bandwidth they are consuming. For example, you may want to know what specific traffic is clogging your sites' networks. Is it your Exchange server? Is a user streaming YouTube videos or music from itunes that may be causing bandwidth utilization issues? You can drill-down into applications, conversations, domains, endpoints, and protocols to see how this bandwidth usage is impacting your network and to identify the exact sources of spikes and bursts. Also, you can set up an alert to notify you when these spikes occur. Foglight NMS monitors network traffic by capturing flow information from devices, such as routers, switches, servers, and desktops. By enabling NetFlow on your flow capable devices, you can export traffic flow information from these devices to your Foglight NMSserver. NOTE: The Network Traffic Analysis feature supports Cisco NetFlow versions 1, 3, 5, 7, and 9, as well as Juniper, J-Flow, and sflow. Topics in this section How Foglight NMSCollects Network Traffic Flow Data Viewing Traffic Flow Information Understanding the Various Groups of Traffic Flow Information Seeing How Traffic Flow Information is Trending Enabling NetFlow How Foglight NMS Collects Network Traffic Flow Data Capturing flow information from flow-capable devices provides an abundance of information that can help you better manage bandwidth usage on your sites' networks. By enabling your flow-capable devices to export NetFlow information to the server, flow data packets are captured for all of these devices. Foglight NMS takes this information and presents it to you in a very easy-to-read format, which you can use this data to determine how traffic impacts your networks. Additionally, you can generate a report using this information to help your sites plan for future network capacity.

The following diagram shows how Foglight NMS collects NetFlow data and sends it to the server. Keep in mind that NetFlow data is sent to the server on port 2055 so you must make sure that it is open and not in use by another device. If it is, you can use and alternative port, such as port 9555 or port 995. See Also Enabling NetFlow Enabling NetFlow By enabling Netflow on your devices, you are configuring your devices to export NetFlow data to the Foglight NMS server. The following instructions show you how to enable Netflow on a Cisco router. Enable Cisco Express Forwarding: router(config)# ip cef In the configuration terminal on the router, issue the following to start NetFlow Export. It is necessary to enable NetFlow on all interfaces through which traffic you are interested in will flow. Now, verify that the router is generating flow stats - try 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the Rendezvous Point CLI will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'show ip cache flow' on each LC.

Enable export of these flows with the global commands. 'ip flow-export source' can be set to any interface, but one which is the least likely to enter a 'down' state is preferable. Netflow will not be exported if the specified source is down. For this reason, we suggest the Loopback interface, or a stable Ethernet interface: router(config)# ip flow-export version 5 router(config)# ip flow-export destination <ip-address> <port> router(config)# ip flow-export source FastEthernet0 Use the IP address of your NetFlow Collector and configured listening port. If your router uses BGP protocol, you can configure AS to be included in exports with command: router(config)# ip flow-export version 5 [peer-as origin-as] The following commands break up flows into shorter segments. router(config)# ip flow-cache timeout active 1 router(config)# ip flow-cache timeout inactive 15 Use the commands below to enable NetFlow on each physical interface (i.e. not VLANs and Tunnels, as they are auto included) you are interested in collecting a flow from. This will normally be an Ethernet or WAN interface. You may also need to set the speed of the interface in kilobits per second. It is especially important to set the speed for frame relay or ATM virtual circuits. interface <interface> ip route-cache flow bandwidth Now write your configuration with the 'write' or 'copy run start' commands. When in enabled mode, you can see current NetFlow configuration and state with the following commands: router# show ip flow export router# show ip cache flow router# show ip cache verbose flow

Viewing Traffic Flow Information By drilling into the Device details, you can view the various groups of traffic flow information that has been collected from a flow-capable device. In the Network Traffic Flow window, you will see data for applications, conversations, domains, endpoints, and protocols. To view network traffic information 1. In the Devices View, double-click a flow-capable device. NOTE: In order to view traffic information from a device, you must enable NetFlow on it. 2. On the Device Details page, click the Network Traffic Flow tab on the left side. 3. To set the scope of the information that you want to view on this page, do the following: In the Period drop-down list, select a reporting time period. For example, if you select last hour, then you will see only the traffic flow information captured in the last hour. In the Show Top drop-down list, select the number of records that you want to display. Keep in mind, the more records that you select to display, the more time it will take to load these records. In the Top Sort Order, select to view in the information in Bytes or Packets. 4. Click any of the following groups to start to drill down into the details of your traffic flow information: Applications, Conversations, Domains, Endpoints, and Protocols.

For example, in the Applications group, you can see which port the application is using, and how much traffic it has generated. If you select a record, you will see specific information about the endpoint, destination domain name, out packets and in packets, and more. NOTE: The scope that you selected in the previous step will remain in place as you view each group. See Also Understanding the Various Groups of Traffic Flow Information Seeing How Traffic Flow Information is Trending Understanding the Various Groups of Traffic Flow Information Foglight NMS captures the various groups of traffic flow information and displays the information on the Device Details page. Applications For each application shown in the list, you can see which port the application is using, and how much traffic it has generated. Select an application in the list and you will see more specific information about the endpoint, destination domain name, out packets and in packets, and more.

Conversations The Conversation group shows you which nodes are going to which domain names or devices in a network. By selecting a conversation in the list, you can see which device has the highest number of conversations. If there is a spike in the data, you will see which user or device is causing this spike. Using the color-coding, you can look at the spike and then find the user or device in the Top Conversations list that is causing this spike in traffic. You can discover which user caused the spike, where they went, what port they were using, and the amount of traffic that was generated. You can also see the amount of time how long the traffic was generated for. This color coded chart provides you with a quick look at who s doing what on the network at what time, over which port. Domains The Domains group displays all the different web sites that your users are visiting, the amount of traffic generated, and the amount of time they spent surfing the web. If you double-click on a source IP, you can see the specific conversation for a domain on that IP address. Endpoints The Endpoints group displays traffic flow information between 2 devices. If you select an endpoint, you can see that this person is going to this system using this application. Clicking the Trend Chart button, you can see the spikes in the data when this action occurred. Again if you double-click, it shows you the specific conversations that took place between this user and this endpoint. Protocols The Protocol group displays the type of traffic that is being generated on your network and which protocols are consuming the most network bandwidth. Network Engineers may find this information particularly helpful. For example, if you notice on the chart that there is more UDP traffic on your network than expected, you can see where and by whom is generating the traffic. See Also

Viewing Traffic Flow Information Seeing How Traffic Flow Information is Trending By default, a pie chart displays how the different conversations in a group compare to each other. However, Foglight NMS also provides a way for you to see how the data is trending. Pie Charts By default, PacketTrap MSP presents traffic flow information in a pie chart. As you can see in the following image, the pie chart is broken down into color-coded sections, where each color represents a specific conversation that occurred for a given group. Trend Charts If you want to see how a particular conversation is trending, select it in the list of conversations, and then click the Trend Chart link. As you can see in the following image, this chart will show you if any spikes occur during the defined time period, and how much traffic is generated for this particular application or IP address.

NOTE: You can use the Pie Chart link on this page to return to the Pie Chart after viewing the Trend Chart. See Also Viewing Traffic Flow Information

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information