Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

Slides:



Advertisements
Similar presentations
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.
Advertisements

CCNA 1 v3.1 Module 11 Review.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.
Chapter 15 Networks. Chapter Goals Types of networks Topologies Open Systems Home Internet connections 15-2.
Module 1: Reviewing the Suite of TCP/IP Protocols.
Networking Components Christopher Biles LTEC Assignment 3.
Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Chapter 6: Packet Filtering
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.
Release 16/07/2009Jetking Infotrain Ltd. Assembling and Cabling Cisco Devices Chapter 3.
Computer Communication & Networks Lecture # 02 Nadeem Majeed Choudhary
© McLean HIGHER COMPUTER NETWORKING Lesson 1 – Protocols and OSI What is a network protocol Description of the OSI model.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.
University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department INTRODUCTION TO COMPUTER NETWORKS Dr. Abdelhamid.
Network – internet – part2  Address at diff. layers  Headers at diff. layers  Equipment at diff. layers.
Networking Components Daniel Rosser LTEC Network Hub It is very difficult to find Hubs anymore Hubs sends data from one computer to all other computers.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
1 TCP/IP, Addressing and Services S. Hussain Ali M.S. (Computer Engineering) Department of Computer Engineering King Fahd University of Petroleum and Minerals.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Connecting to the Network Introduction to Networking Concepts.
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
نظام المحاضرات الالكترونينظام المحاضرات الالكتروني.
Network Components Basics!. Network HUB  Used to connect multiple Ethernet devices together  Layer 1 of the OSI model  Not used much today.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Communicating over the Network Network Fundamentals – Chapter 2.
1 Syllabus at a glance – CMCN 6103 Introduction Introduction to Networking Network Fundamentals Number Systems Ethernet IP Addressing Subnetting ARP DNS.
1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
Transmission Control Protocol (TCP) Internet Protocol (IP)
Networks. Local area network (LAN( Wide-area network (WAN( Networks Topology.
Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.
NETWORK DEVICES Department of CE/IT.
The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.
COMPUTER NETWORKS Hwajung Lee. Image Source:
Cisco Router Technology. Overview Topics :- Overview of cisco Overview of cisco Introduction of Router Introduction of Router How Router Works How Router.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.
Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI network layer CCNA Exploration Semester 1 – Chapter 5.
Chapter Objectives In this chapter, you will learn:
Chapter 5 Network and Transport Layers
CCENT Study Guide Chapter 12 Security.
NETWORK Unit 1 Module: 2 Objective: 7.
Lecture 6: TCP/IP Networking By: Adal Alashban
Firewall Exercise.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
Topic 5: Communication and the Internet
Computing Over Distance
TCP/IP Protocol Suite: Review
NETWORK Unit 1 Module: 2 Objective: 7.
NETWORK Unit 1 Module: 2 Objective: 7.
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
Presentation transcript:

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft

Topics Background material –TCP/IP network traffic –router functionality –Cisco routers and NetFlow protocol PI-NetFlow Interface and PacketCapture –practical applications Questions –please wait until the end of the presentation

Network Traffic Internet Information Server Internet Explorer Web ClientWeb Server

Network Traffic PINetMgr PIArchss etc. PI-ProcessBook PI ClientPI Server

TCP/IP Network Traffic PI-ProcessBook Internet Explorer PI Server Web Server TCP/IP

IP Addresses All TCP/IP network traffic is based on IP addresses Internet Explorer Web Server TCP/IP

Multiple Network Programs Internet Explorer Web Server PI-ProcessBook PI Server More than 1 client program on a machine More than 1 server program on a machine Network traffic confusion?

Port Number Helps defines the application for the network traffic Server programs –Port number is defined by the program itself, sometimes at runtime (i.e., user configurable) –PI : 5450 or 545 –Web server : 80 Client programs –Port number is assigned by operating system

Multiple Network Programs Internet Explorer Web Server PI-ProcessBookPI Server : : : : 5450

TCP/IP Protocols TCP, UDP, ICMP –Chosen by the application developer –Protocol and port number define network application TCP –PI; port 5450 or 545 –Web browsing (HTTP); port 80 UDP –Network management (SNMP); ports 161 and 162 ICMP –No port numbers involved –Ping

Summary of TCP/IP Traffic All TCP/IP traffic has these attributes –Source address (e.g., ) –Source port (e.g., 2024) –Destination address (e.g., ) –Destination port (e.g., 80) –Protocol type (e.g., TCP ) –Size (e.g., number of bytes)

Router Functionality San DiegoChicago

Router Functionality San Diego Chicago router

Router Functionality Source address: Internet Explorer Web Server Source port: 2024 Destination address: Destination port: 80 Protocol: TCP router San Diego Chicago Bytes: 100 Attributes of TCP/IP traffic:

Cisco Routers and Data Aggregation 100 bytes 120 bytes 2100 bytes Web server 5300 bytes : : : : : : : : 2024

Cisco Routers and Data Aggregation Web server 100 bytes 120 bytes 2100 bytes 5300 bytes : : : : : : : : 2024

NetFlow Data Aggregation Source address: Source port:2024 Destination address: Destination port:80 Protocol:TCP Bytes:220 ( ) The 4 previous individual messages result in 2 NetFlow records Source address: Source port:80 Destination address: Destination port:2024 Protocol:TCP Bytes:7400 ( ) ServerClient ServerClient

NetFlow Data Export Source address: Source port: 2024 Destination address: Destination port: 80 Protocol: TCP Bytes: 220 ( ) Source address: Source port: 80 Destination address: Destination port: 2024 Protocol: TCP Bytes: 7400 ( ) NetFlow Data Collector Web server IE

Cisco Routers and Data Aggregation 100 bytes 120 bytes 2100 bytes Web server 5300 bytes : : : : : : : : 2024 Internet Explorer

Cisco NetFlow Data Export NetFlow Data Collector Continuous export of real-time network traffic information: source address source port destination address destination port protocol bytes Web PI Mail ProcessBook Outlook IE

Real-time Network Monitoring PI-NetFlow Interface Web PI Mail ProcessBook Outlook IE PI Universal Data Server

PI-NetFlow Interface PI-NetFlow filters NetFlow records before writing values to PI PI-NetFlow PI Universal Data Server NetFlow records contain information on all traffic seen by the router filtered values

Use of PI-NetFlow at OSIsoft Mail server PI-NetFlow Interface PI Universal Data Server Web server Support server FTP server Internet (Monitoring usage for specific servers)

Demonstration

Use of PI-NetFlow at OSIsoft Mail server PI-NetFlow Interface PI Universal Data Server Web server Support server FTP server Internet (Monitoring usage for specific servers)

Expanding the Power of PI Practical applications for PI-NetFlow Ability to monitor and manage your networking infrastructure

How Much Traffic Is PI-related? DataLink (record traffic whose source or destination port is 5450 / 545) ProcessBook PI-NetFlow Interface PI Universal Data Server PI WAN

Billing Applications PI-NetFlow Interface PI Universal Data Server Sales Marketing Engineering Internet (determine which department is using Internet connection the most)

Detection of Illegal Inbound Traffic Web server 1 PI-NetFlow Interface PI Universal Data Server Web server 2 Web server 3 Web server 4 Internet (record traffic whose destination port is 80)

Detection of Illegal Outbound Traffic PI-NetFlow Interface PI Universal Data Server Internet (record traffic to unauthorized Internet sites)

Limitations of PI-NetFlow? Web PI Mail ProcessBook Outlook IE PI-NetFlow Interface PI Universal Data Server NetFlow module

Limitations of PI-NetFlow? Web PI Mail ProcessBook Outlook IE PI-NetFlow Interface PI Universal Data Server Web Server

PI-NetFlow Limitations So, PI-NetFlow cannot monitor network traffic if –No Cisco router in the network –Cisco router exists, but NetFlow does not –Router is not involved What to do?

Summary of TCP/IP Traffic All TCP/IP traffic has these attributes –Source address (e.g., ) –Source port (e.g., 2024) –Destination address (e.g., ) –Destination port (e.g., 80) –Protocol type (e.g., TCP ) –Size (e.g., number of bytes)

Ethernet Segment – Party Line! With the proper application, can see the attributes of all TCP/IP traffic on the segment: : : : :

Packet Capturing See/capture traffic 2.Aggregate traffic information (source IP, source port, etc.) 3.Create records of NetFlow format

OSIsoft PacketCapture See/capture traffic 2.Aggregate traffic information (source IP, source port, etc.) 3.Create records of NetFlow format PacketCapture PI-NetFlow Interface PI Universal Data Server

PacketCapture with PI-NetFlow No need for a foreign (i.e., non-OSIsoft) device to supply the data Monitor traffic on different LAN segments Monitor traffic that does not go through a router

Monitor PI-Interface Traffic OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server PI-ICCP Interface SCADA system

Use with Network Gateways OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server Internet gateway without NetFlow

Use in Small Office / Home Office OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server Internet DSL / cable modem Keep track of Web sites visited by your kids!

Expand the Power of PI Discover the network management capabilities of a PI System! Demonstration room Tuesday afternoon

Questions and Answers Availability? –Approximately 1 month from now Contact information –OSIsoft sales representative –Eric Tam (software developer of PI-NetFlow) Phone:

Additional Information Next slides provide additional information that may be helpful in understanding the details of PI-NetFlow and PacketCapture

Data Collection Example Want to monitor traffic sent to and from machine with IP address of –Tagname: _usage –Filtering condition 1 destination IP: –Filtering condition 2 source IP:

Data Collection Example Want to monitor traffic sent to and from machine with IP address of –Tagname: _usage –Filtering condition 1 destination IP: –Filtering condition 2 source IP: For every NetFlow record received, PI-NetFlow –Applies the user-specified filtering conditions –Calculates a running sum of the number of bytes in those records that satisfy criteria –Periodically writes this sum to _usage

Value Written to PI bytes seconds individual NetFlow records that satisfy filtering conditions srcIP = or destIP = value written to PI tag _usage 51015

Data Collection Example “Base” tag – running sum of bytes –Created by the user – _usage “Detail” tags – fields of NetFlow records –Created by PI-NetFlow itself –Tagnames are derived from “base” tag – _usage_detail_srcIP – _usage_detail_srcPort – _usage_detail_destIP – _usage_detail_destPort – _usage_detail_octet – _usage_detail_prot

PacketCapture Limitations Standard Ethernet only, won’t see traffic on –dial-up connections –ATM networks –token ring networks –fibre networks Captures only the traffic that it sees –Won’t see traffic for other machines if switched network is involved

Comparison of Programs PI-NetFlow –PI interface program; uses PI-API and PI-SDK –Receives NetFlow records sent by an external device (e.g., Cisco router or PacketCapture) –Writes values to PI tags PacketCapture –Not an interface; does not use PI-API or PI-SDK –Measures TCP/IP traffic on Ethernet –Creates and sends NetFlow records –Not a replacement for Cisco NetFlow

Hub vs. Switch OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server

Managed Switch OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server spanning port

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.