ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.
AP STUDY SESSION 2.
1
1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
Myra Shields Training Manager Introduction to OvidSP.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Create an Application Title 1A - Adult Chapter 3.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Rhesy S.ppt proRheo GmbH
Communicating over the Network
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Break Time Remaining 10:00.
Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.
Chapter 1: Introduction to Scaling Networks
Local Area Networks - Internetworking
PP Test Review Sections 6-1 to 6-6
1 DARTBOARD Tutorial: DARTBOARD Access and Use for Faculty and Staff Tutorial: DARTBOARD Access and Use for Faculty and Staff.
What is access control list (ACL)?
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
EU market situation for eggs and poultry Management Committee 20 October 2011.
PEPS Weekly Data Extracts User Guide September 2006.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Chapter 20 Network Layer: Internet Protocol
Sample Service Screenshots Enterprise Cloud Service 11.3.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I IP ADDRESSING AND SUBNETS Derived From CCNA Network Fundamentals.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 2 Networking Fundamentals.
Chapter 9: Subnetting IP Networks
5 minutes.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA TCP/IP Protocol Suite and IP Addressing Halmstad University Olga Torstensson
1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.
Analyzing Genes and Genomes
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 12 View Design and Integration.
Essential Cell Biology
Clock will move after 1 minute
Intracellular Compartments and Transport
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 9 TCP/IP Protocol Suite and IP Addressing.
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Energy Generation in Mitochondria and Chlorplasts
Select a time to count down from the clock above
Murach’s OS/390 and z/OS JCLChapter 16, Slide 1 © 2002, Mike Murach & Associates, Inc.
Profile. 1.Open an Internet web browser and type into the web browser address bar. 2.You will see a web page similar to the one on.
South Dakota Library Network MetaLib User Interface South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD © South Dakota.
Presentation transcript:

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net

2 What is IP flow? IP flow is a unidirectional series of IP packets of a given protocol traveling between a source and destination IP address/port pair within a certain period of time IP flow parameters: Src & Dst IP address Src & Dst TCP/UDP port Protocol ToS field

3 What is IP flow accounting? IP flow accounting is a collection of statistical data for every single IP flow crossing a network device: Number of packets Number of bytes Timestamps

4 What is NetFlow? NetFlow is a network protocol developed by Cisco Systems for export of collected IP flow statistics

5 NetFlow Statistics Collection

6

7 ICmyNet.Flow system architecture Binary raw data files Flows_ Flows_ Flows_ ICmyNet.Flow Collector ICmyNet.Flow Aggregator Database ICmyNet.Flow Web Raw Data Files Archive

8 ICmyNet.Flow/Collector ICmyNet.Flow/Collector is a part of the system that collects flow records exported over Netflow protocol. Exported flow records have statistics about every data flow transported over network device: Src & Dst IP address Src & Dst TCP/UDP port Protocol ToS field In & Out Interfaces of the network device Statistics information contains timestamps and number of packets and bytes carried over the data flow Supported NetFlow protocol versions: Version 5 (supported on most of the network devices) Version 9 (flexible format with support for IPv6, MPLS, Multicast and MAC addresses) System can be easily extended to support different vendor protocols: J-Flow – Juniper protocol for statistics export NetStream – Huawei protocol for statistics export IPFIX – currently standardized protocol based on NetFlow v9

9 ICmyNet.Flow/Aggregator ICmyNet.Flow/Aggregator is performing analysis and aggregation over collected raw NetFlow records. This analysis is done according to the user configuration of the “Traffic Patterns” which is the basic element of the analysis Analyzed information is stored in the database and it is used for further search and view from the user interface System supports fast PostgreSQL database The level of aggregated data can be configured according to the user needs and the available server capabilities Different grains for keeping the data. For example: High grain – 5 min aggregation sample, 7 days keeping Medium grain – 60 min aggregation sample, 30 days keeping Low grain – 360 min aggregation sample, 356 days keeping

10 Traffic Pattern – basic element of analysis Local Network External Network The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

11 Traffic Pattern – basic element of analysis Local Network /8 Application Servers /24 The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

12 Traffic Pattern – basic element of analysis Local Network /8 Internet Exclude /8 The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

13 Traffic Pattern – basic element of analysis Local Network /8 Internet /0 The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address.

14 Traffic Pattern – basic element of analysis The basic element of the analysis is configurable Traffic Pattern defined by “Local” and “External” network which intercommunication is analysed. “Local” and “External” networks can be defined as IP address ranges or as single host IP address. Local Network /8

/ / /16 Traffic analysis based on Subnets Local Network /8 External Network IP address space is usually divided in hierarchical manner to represent a logical or sometimes physical topology of the network. Example: Universities have /16 address range Campuses have /21 address range Faculties have /24 address range

/ / /16 Traffic analysis for Hosts Local Network /8 External Network Within the scope of the Subnet, system is accounting network traffic of single hosts. Cut-off value can be configured for minimum traffic Universities have /16 address range Campuses have /21 address range Faculties have /24 address range

17 Parameters for traffic analysis Traffic analysis gives a detail information about following parameters at the Traffic Pattern level: IP subnets traffic Hosts traffic Network Services and applications based on TCP/UDP ports Network Protocols (TCP, UDP, ICMP, GRE...) QoS markers (ToS, IP precedence or DSCP) Autonomous System Numbers For every parameter of analysis there are following counters: Traffic Bandwidth (in bits/s, kbps, Mbps..) Traffic Volume (in MBytes, GB, TB...) Number of Packets, volume and time based diagrams (pps) Number of Flows, volume and time based diagrams (fps) Configurable cut-off percentage or data amount for negligible consumers

18 ICmyNet.Flow/Web Web application is chosen for the user interface De-facto standard for network management applications Accessibility, permanent development, flexibility Java application working under Tomcat JSF technologies

19 Settings Tab – Traffic Patterns Configuration of the NetFlow analysis is done from the Settings Tab User can configure following elements of analysis: Traffic Patterns Subnets Subnet Sets Services Protocols QoS markers AS Numbers Exporters Control Panel General Users Update My Account

20 Settings Tab – Traffic Patterns Advanced Traffic Patterns can be configured with flexible matching of any supported NetFlow field Examples: Local Network -> Facebook Local address /16, Src or Dst AS (Facebook) Router X Local & External address: /0, Exporter Potential attacks: Src or Dst port: 22, , 445, 1434,… “Weird” Protocols: Protocols: Exclude 6 (TCP) or 17 (UDP) Blocked Traffic: Out Interface: 0 (Null)

21

22 Subnets Each Subnet is defined with its Name and IP address range View tab, Address Space button: below Traffic Pattern element gives an IP address hierarchy in a tree structure

23 Subnet Set Subnet Set is user defined grouping of Subnets and other Subnets Sets. View tab, Custom Space button: below Traffic Pattern element gives user defined hierarchy of Subnet Sets and belonging Subnets Subnet Set can be any logical grouping of Subnets: Customer Institution Faculty University

24

25

26

27

28

29

30

31 Viewing the analyzed NetFlow data ICmyNet.Flow system tends to give a user the best insight into the network traffic structure Therefore, every parameter of the network traffic analysis is presented to the user in various useful ways: Top – Visual representation of the distribution of the “Top N Talkers” in the form of the pie chart. Gives a data for the network traffic volume. Chart – Time based diagram with a Top N consuming parameters presented in different colors. List – Tabular form for reviewing of all parameters and data with advanced options for sorting according to different criteria. For every view user can select arbitrary time scale for convenient view Number of Top Talkers is user configurable parameter

32 View Tab – Top N

33 View Tab – Chart

34 View Tab – List

35 Archived raw data review Raw NetFlow records collected from network devices are archived in the files created every 5 minutes. When Collector closes a current file and Aggregator finish with analysis, file is compressed and archived in separate folder. Every single flow is saved in these files and no data is wasted User can access, review and explore these files, searching for a single flow or event that traversed the network. Review of the raw data is done over User Interface and search is available for every supported NetFlow field.

36 Archived raw data review

37

38 Searching and grouping raw data

39 Whois and DNS functions

40 Monitoring system performance At the View mode System Tab user can access to relevant graphs monitoring system performance Processed flows - number of flows in a single raw data file (created on 5 minutes) Matched flows – number of flows that match criteria of any Traffic Pattern

41 Monitoring system performance At the View mode System Tab user can access to relevant graphs monitoring system performance Processing time for a single raw data file (created every 5 minutes) Required time to store aggregated data into database Required time for aggregation between grains and deleting data

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.