Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com.

Published byDeshaun Chasey Modified over 9 years ago

Similar presentations

Presentation on theme: "ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com."— Presentation transcript:

1 ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com

2 2 What is IP flow? IP flow is a unidirectional series of IP packets of a given protocol traveling between a source and destination IP address/port pair within a certain period of time IP flow parameters: Src & Dst IP address Src & Dst TCP/UDP port Protocol ToS field

3 3 What is IP flow accounting? IP flow accounting is a collection of statistical data for every single IP flow crossing a network device: Number of packets Number of bytes Timestamps

4 4 What is NetFlow? NetFlow is a network protocol developed by Cisco Systems for export of collected IP flow statistics

5 5 NetFlow Statistics Collection

6 6

7 7 ICmyNet.Flow system architecture Binary raw data files Flows_2009-10-21-09.20.00 Flows_2009-10-21-09.25.00 Flows_2009-10-21-09.30.00 ICmyNet.Flow Collector ICmyNet.Flow Aggregator Database ICmyNet.Flow Web Raw Data Files Archive

8 8 ICmyNet.Flow/Collector ICmyNet.Flow/Collector is a part of the system that collects flow records exported over Netflow protocol. Exported flow records have statistics about every data flow transported over network device: Src & Dst IP address Src & Dst TCP/UDP port Protocol ToS field In & Out Interfaces of the network device Statistics information contains timestamps and number of packets and bytes carried over the data flow Supported NetFlow protocol versions: Version 5 (supported on most of the network devices) Version 9 (flexible format with support for IPv6, MPLS, Multicast and MAC addresses) System can be easily extended to support different vendor protocols: J-Flow – Juniper protocol for statistics export NetStream – Huawei protocol for statistics export IPFIX – currently standardized protocol based on NetFlow v9

9 9 ICmyNet.Flow/Aggregator ICmyNet.Flow/Aggregator is performing analysis and aggregation over collected raw NetFlow records. This analysis is done according to the user configuration of the “Traffic Patterns” which is the basic element of the analysis Analyzed information is stored in the database and it is used for further search and view from the user interface System supports fast PostgreSQL database The level of aggregated data can be configured according to the user needs and the available server capabilities Different grains for keeping the data. For example: High grain – 5 min aggregation sample, 7 days keeping Medium grain – 60 min aggregation sample, 30 days keeping Low grain – 360 min aggregation sample, 356 days keeping

10 10 Traffic Pattern – basic element of analysis Local Network External Network The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

11 11 Traffic Pattern – basic element of analysis Local Network 10.0.0.0/8 Application Servers 172.16.0.0/24 The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

12 12 Traffic Pattern – basic element of analysis Local Network 10.0.0.0/8 Internet Exclude 10.0.0.0/8 The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

13 13 Traffic Pattern – basic element of analysis Local Network 10.0.0.0/8 Internet 0.0.0.0/0 The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

14 14 Traffic Pattern – basic element of analysis The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address. Local Network 10.0.0.0/8

15 15 10.3.0.0/16 10.2.0.0/16 10.1.0.0/16 Traffic analysis based on Subnets Local Network 10.0.0.0/8 External Network IP address space is usually divided in hierarchical manner to represent a logical or sometimes physical topology of the network. Example: Universities have /16 address range Campuses have /21 address range Faculties have /24 address range

16 16 10.3.0.0/16 10.2.0.0/16 10.1.0.0/16 Traffic analysis for Hosts Local Network 10.0.0.0/8 External Network Within the scope of the Subnet, system is accounting network traffic of single hosts. Cut-off value can be configured for minimum traffic Universities have /16 address range Campuses have /21 address range Faculties have /24 address range

17 17 Parameters for traffic analysis Traffic analysis gives a detail information about following parameters at the Traffic Pattern level: IP subnets traffic Hosts traffic Network Services and applications based on TCP/UDP ports Network Protocols (TCP, UDP, ICMP, GRE...) QoS markers (ToS, IP precedence or DSCP) Autonomous System Numbers For every parameter of analysis there are following counters: Traffic Bandwidth (in bits/s, kbps, Mbps..) Traffic Volume (in MBytes, GB, TB...) Number of Packets, volume and time based diagrams (pps) Number of Flows, volume and time based diagrams (fps) Configurable cut-off percentage or data amount for negligible consumers

18 18 ICmyNet.Flow/Web Web application is chosen for the user interface De-facto standard for network management applications Accessibility, permanent development, flexibility Java application working under Tomcat JSF technologies

19 19 Settings Tab – Traffic Patterns Configuration of the NetFlow analysis is done from the Settings Tab User can configure following elements of analysis: Traffic Patterns Subnets Subnet Sets Services Protocols QoS markers AS Numbers Exporters Control Panel General Users Update My Account

20 20 Settings Tab – Traffic Patterns Advanced Traffic Patterns can be configured with flexible matching of any supported NetFlow field Examples: Local Network -> Facebook Local address 172.16.0.0/16, Src or Dst AS 32934 (Facebook) Router X Local & External address: 0.0.0.0/0, Exporter 10.1.1.1 Potential attacks: Src or Dst port: 22, 135-139, 445, 1434,… “Weird” Protocols: Protocols: Exclude 6 (TCP) or 17 (UDP) Blocked Traffic: Out Interface: 0 (Null)

21 21

22 22 Subnets Each Subnet is defined with its Name and IP address range View tab, Address Space button: below Traffic Pattern element gives an IP address hierarchy in a tree structure

23 23 Subnet Set Subnet Set is user defined grouping of Subnets and other Subnets Sets. View tab, Custom Space button: below Traffic Pattern element gives user defined hierarchy of Subnet Sets and belonging Subnets Subnet Set can be any logical grouping of Subnets: Customer Institution Faculty University

24 24

25 25

26 26

27 27

28 28

29 29

30 30

31 31 Viewing the analyzed NetFlow data ICmyNet.Flow system tends to give a user the best insight into the network traffic structure Therefore, every parameter of the network traffic analysis is presented to the user in various useful ways: Top – Visual representation of the distribution of the “Top N Talkers” in the form of the pie chart. Gives a data for the network traffic volume. Chart – Time based diagram with a Top N consuming parameters presented in different colors. List – Tabular form for reviewing of all parameters and data with advanced options for sorting according to different criteria. For every view user can select arbitrary time scale for convenient view Number of Top Talkers is user configurable parameter

32 32 View Tab – Top N

33 33 View Tab – Chart

34 34 View Tab – List

35 35 Archived raw data review Raw NetFlow records collected from network devices are archived in the files created every 5 minutes. When Collector closes a current file and Aggregator finish with analysis, file is compressed and archived in separate folder. Every single flow is saved in these files and no data is wasted User can access, review and explore these files, searching for a single flow or event that traversed the network. Review of the raw data is done over User Interface and search is available for every supported NetFlow field.

36 36 Archived raw data review

37 37

38 38 Searching and grouping raw data

39 39 Whois and DNS functions

40 40 Monitoring system performance At the View mode System Tab user can access to relevant graphs monitoring system performance Processed flows - number of flows in a single raw data file (created on 5 minutes) Matched flows – number of flows that match criteria of any Traffic Pattern

41 41 Monitoring system performance At the View mode System Tab user can access to relevant graphs monitoring system performance Processing time for a single raw data file (created every 5 minutes) Required time to store aggregated data into database Required time for aggregation between grains and deleting data

42 ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com

Download ppt "ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.

1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.

1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
Myra Shields Training Manager Introduction to OvidSP.

Myra Shields Training Manager Introduction to OvidSP.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment (11.3.2.1)

RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.

1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Create an Application Title 1A - Adult Chapter 3.

Create an Application Title 1A - Adult Chapter 3.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.

Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

Similar presentations

Ads by Google