Project Requirements (NetFlow Generator) 2003. 11. 05. 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교

Slides:

Advertisements

Similar presentations

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.

Advertisements

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

Internet Control Message Protocol (ICMP)

ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.

1 Network Packet Generator Final Presentation Presenting: Igor Brevdo Eugeney Ryzhyk, Supervisor: Mony Orbach.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) Programming with Libpcap.

1 ICMP – Using Ping and Trace CCNA Semester

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

1 © 2000, Cisco Systems, Inc _05_2000_c3 Netflow Michael Lin.

Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.

ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.

Flow tools APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008.

NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.

Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 8 TCP/IP Suite Error and Control Messages.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.

The complete picture Linux Network Management. End to End Connection Being able to describe the end to end connection sequence is a useful thing Very.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

Chapter 6 – Connectivity Devices

24/10/2015draft-novak-bmwg-ipflow-meth- 03.txt 1 IP Flow Information Accounting and Export Benchmarking Methodology

CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

Internet Protocols. Address Resolution IP Addresses are not recognized by hardware. If we know the IP address of a host, how do we find out the hardware.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.

Netflow Collection & Processing David Ripley. 2 Lead Network Security Developer, Advanced Network Management Laboratory Indiana University Network security.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.

April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.

Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.

Open-Eye Georgios Androulidakis National Technical University of Athens.

- 1 IPv6 Quality of Service Measurement Issues and Solutions Alessandro Bassi Hitachi Europe SAS RIPE 50 meeting Stockholm, 2 nd May 2005.

Sniffer, tcpdump, Ethereal, ntop

1 Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP) Relates to Lab 7. Module about private networks and NAT.

CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.

Net Flow Network Protocol Presented By : Arslan Qamar.

Cisco 2 - Routers Perrine. J Page 112/19/2015 Chapter 8 TCP/IP Error Message Some of the conditions that must be met in order for host to host communication.

1 CSE 5346 Spring Network Simulator Project.

ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.

POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.

Network Traffic Monitoring and Analysis - Shisheer Teli CCCF.

Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.

NetFlow Analyzer Best Practices, Tips, Tricks. Agenda Professional vs Enterprise Edition System Requirements Storage Settings Performance Tuning Configure.

Configuration for routing example

Introduction to Networks

A quick intro to networking

Internet Protocol Formats

Flow tools APRICOT 2008 Network Management Taipei, Taiwan

ICMP – Using Ping and Trace

Hubs Hubs are essentially physical-layer repeaters:

ICMP – Using Ping and Trace

NetFlow Analysis with Elastic Stack

IP : Internet Protocol Surasak Sanguanpong

Chapter 8: Monitoring the Network

Chapter 10 IGMP Prof. Choong Seon HONG.

Network Analyzer :- Introduction to Wireshark

Internet Protocol Formats

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Figure 6.11 Configuration for Example 4

Chapter 3 Transport Layer

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교

POSTECH DP&NM Lab. 2/13 Contents Introduction & Goal Glossary Requirements –System Requirements –Function Requirements –Non-Function Requirements Testing

POSTECH DP&NM Lab. 3/13 Introduction Monitoring Network –Packets –Flows Flows –CISCO Router NetFlow –InMon sFlow Goal –Free (or Cheap) –NetFlow

POSTECH DP&NM Lab. 4/13 Glossary NetFlow V.5 Header Flow Record Flow Record Flow Record Flow Record Flow Record UDP message format transmitted from traffic meter NetFlow VersionFlow Record Count (1-30) SysUptime of the export device booted Current count of seconds since 0000 UTC 1970 Residual nanoseconds since 0000 UTC 1970 Sequence counter of total flows seen engine_typeengine_idUnused (zero) Format of NetFlow V.5 Header

POSTECH DP&NM Lab. 5/13 Glossary Source IP address Destination IP address IP address of next hop router Input InterfaceOutput Interface Packets in the flow Bytes in the packets of the flow SysUptime at start of flow SysUptime at the last packet of the flow was received Source PortDestination Port Unused (zero)TCP flagIP protocol typeToS Source ASDestination AS Src. MaskDst. MaskUnused (zero)

POSTECH DP&NM Lab. 6/13 Requirements System Requirements –Linux –Libpcap Package –Libxml2 Package –C Compiler Functional Requirements –NetFlow Generation –Sampling –Interface Monitoring –NetFlow Exporting –Configuration Reading Non-Functional Requirements –Portability –Easy to install & use

POSTECH DP&NM Lab. 7/13 Functional Requirements: NetFlow Generation Source IP Address Destination IP Address Source IP Address Destination IP Address Next Hop AddressNext Hop Address Source AS NumberSource AS Number Dest. AS NumberDest. AS Number Source Prefix MaskSource Prefix Mask Dest. Prefix MaskDest. Prefix Mask Next Hop AddressNext Hop Address Source AS NumberSource AS Number Dest. AS NumberDest. AS Number Source Prefix MaskSource Prefix Mask Dest. Prefix MaskDest. Prefix Mask Input Interface Output Interface Input Interface Output Interface Type of Service TCP Flags Protocol Type Type of Service TCP Flags Protocol Type Packet Count Byte Count Packet Count Byte Count Start Timestamp End Timestamp Start Timestamp End Timestamp Source TCP/UDP Port Destination TCP/UDP Port Source TCP/UDP Port Destination TCP/UDP Port Usage QoS Application These are not going to be Implemented To show which Interface captured flows From/To Time Stamp

POSTECH DP&NM Lab. 8/13 NetFlow V.5 Generator Functional Requirements: Sampling In case of high speed network Sampling can be the solution of the performance problem.

POSTECH DP&NM Lab. 9/13 Functional Requirements: Interface Monitoring Router Interfaces In/Out

POSTECH DP&NM Lab. 10/13 in Memory Functional Requirements: NetFlow Exporting (1/2) Exporting NetFlows Every T Second. T = Time interval ( 설정 가능 ) NetFlow V.5 Generator T

POSTECH DP&NM Lab. 11/13 Functional Requirements: NetFlow Exporting (2/2) Exporting NetFlows Every Second by searching all Flows T = Time interval ( 설정 가능 ) NetFlow V.5 Generator Inactive T Active T

POSTECH DP&NM Lab. 12/13 Functional Requirements: Configuration Reading Flow Generator gets below configure Info. when it starts. Capturing Interface Exporting Time Interval Analyzer IP Analyzer Port Sampling Rate Interface Name, MAC are required for each Interface. This exporting time interval unit is a second unit at least. Export Module will send NetFlow Info. to this IP address & Port

POSTECH DP&NM Lab. 13/13 Non-Functional Requirements Portability Easy to install & use

POSTECH DP&NM Lab. 14/13 Testing CISCO developed a tool named fdget for viewing the data exported from a NetFlow router. –We use fdget program to check NetFlow is correctly generated and exported. Traffic Meter fdget program Testing NetFlow Receiving Server Testing NetFlow Generator