Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

Published byMorgan Day Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft."— Presentation transcript:

1 Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft

2 Topics Background material –TCP/IP network traffic –router functionality –Cisco routers and NetFlow protocol PI-NetFlow Interface and PacketCapture –practical applications Questions –please wait until the end of the presentation

3 Network Traffic Internet Information Server Internet Explorer Web ClientWeb Server

4 Network Traffic PINetMgr PIArchss etc. PI-ProcessBook PI ClientPI Server

5 TCP/IP Network Traffic PI-ProcessBook Internet Explorer PI Server Web Server TCP/IP

6 IP Addresses All TCP/IP network traffic is based on IP addresses Internet Explorer Web Server TCP/IP 192.168.10.161 10.12.18.67

7 Multiple Network Programs Internet Explorer Web Server PI-ProcessBook PI Server More than 1 client program on a machine More than 1 server program on a machine Network traffic confusion? 10.12.18.67 192.168.10.161

8 Port Number Helps defines the application for the network traffic Server programs –Port number is defined by the program itself, sometimes at runtime (i.e., user configurable) –PI : 5450 or 545 –Web server : 80 Client programs –Port number is assigned by operating system

9 Multiple Network Programs Internet Explorer Web Server 10.12.18.67 192.168.10.161 PI-ProcessBookPI Server 192.168.10.161 : 202410.12.18.67 : 80 192.168.10.161 : 102610.12.18.67 : 5450

10 TCP/IP Protocols TCP, UDP, ICMP –Chosen by the application developer –Protocol and port number define network application TCP –PI; port 5450 or 545 –Web browsing (HTTP); port 80 UDP –Network management (SNMP); ports 161 and 162 ICMP –No port numbers involved –Ping

11 Summary of TCP/IP Traffic All TCP/IP traffic has these attributes –Source address (e.g., 192.168.10.161) –Source port (e.g., 2024) –Destination address (e.g., 10.12.18.67) –Destination port (e.g., 80) –Protocol type (e.g., TCP ) –Size (e.g., number of bytes)

12 Router Functionality 10.12.18.67192.168.10.161 San DiegoChicago

13 Router Functionality 192.168.10.161 10.12.18.67 192.168.10.1 10.12.18.1 San Diego Chicago router

14 Router Functionality Source address: 192.168.10.161 192.168.10.161 10.12.18.67 Internet Explorer Web Server Source port: 2024 Destination address: 10.12.18.67 Destination port: 80 Protocol: TCP router San Diego Chicago Bytes: 100 Attributes of TCP/IP traffic:

15 Cisco Routers and Data Aggregation 100 bytes 120 bytes 2100 bytes Web server 5300 bytes 10.12.18.67 : 80 3. 192.168.10.161 : 202410.12.18.67 : 80 2. 192.168.10.161 : 202410.12.18.67 : 80 4. 192.168.10.161 : 202410.12.18.67 : 80 1. 192.168.10.161 : 2024

16 Cisco Routers and Data Aggregation Web server 100 bytes 120 bytes 2100 bytes 5300 bytes 10.12.18.67 : 80 3. 192.168.10.161 : 202410.12.18.67 : 80 2. 192.168.10.161 : 202410.12.18.67 : 80 4. 192.168.10.161 : 202410.12.18.67 : 80 1. 192.168.10.161 : 2024

17 NetFlow Data Aggregation Source address:192.168.10.161 Source port:2024 Destination address:10.12.18.67 Destination port:80 Protocol:TCP Bytes:220 (100+120) The 4 previous individual messages result in 2 NetFlow records Source address:10.12.18.67 Source port:80 Destination address:192.168.10.161 Destination port:2024 Protocol:TCP Bytes:7400 (2100+5300) ServerClient ServerClient

18 NetFlow Data Export Source address: 192.168.10.161 Source port: 2024 Destination address: 10.12.18.67 Destination port: 80 Protocol: TCP Bytes: 220 (100+120) Source address: 10.12.18.67 Source port: 80 Destination address: 192.168.10.161 Destination port: 2024 Protocol: TCP Bytes: 7400 (2100+5300) NetFlow Data Collector Web server IE

19 Cisco Routers and Data Aggregation 100 bytes 120 bytes 2100 bytes Web server 5300 bytes 10.12.18.67 : 80 3. 192.168.10.161 : 202410.12.18.67 : 80 2. 192.168.10.161 : 202410.12.18.67 : 80 4. 192.168.10.161 : 202410.12.18.67 : 80 1. 192.168.10.161 : 2024 Internet Explorer

20 Cisco NetFlow Data Export NetFlow Data Collector Continuous export of real-time network traffic information: source address source port destination address destination port protocol bytes Web PI Mail ProcessBook Outlook IE

21 Real-time Network Monitoring PI-NetFlow Interface Web PI Mail ProcessBook Outlook IE PI Universal Data Server

22 PI-NetFlow Interface PI-NetFlow filters NetFlow records before writing values to PI PI-NetFlow PI Universal Data Server NetFlow records contain information on all traffic seen by the router filtered values

23 Use of PI-NetFlow at OSIsoft Mail server PI-NetFlow Interface PI Universal Data Server Web server Support server FTP server Internet (Monitoring usage for specific servers)

24 Demonstration

25 Use of PI-NetFlow at OSIsoft Mail server PI-NetFlow Interface PI Universal Data Server Web server Support server FTP server Internet (Monitoring usage for specific servers)

26 Expanding the Power of PI Practical applications for PI-NetFlow Ability to monitor and manage your networking infrastructure

27 How Much Traffic Is PI-related? DataLink (record traffic whose source or destination port is 5450 / 545) ProcessBook PI-NetFlow Interface PI Universal Data Server PI WAN

28 Billing Applications PI-NetFlow Interface PI Universal Data Server Sales Marketing Engineering Internet (determine which department is using Internet connection the most)

29 Detection of Illegal Inbound Traffic Web server 1 PI-NetFlow Interface PI Universal Data Server Web server 2 Web server 3 Web server 4 Internet (record traffic whose destination port is 80)

30 Detection of Illegal Outbound Traffic PI-NetFlow Interface PI Universal Data Server Internet (record traffic to unauthorized Internet sites)

31 Limitations of PI-NetFlow? Web PI Mail ProcessBook Outlook IE PI-NetFlow Interface PI Universal Data Server NetFlow module

32 Limitations of PI-NetFlow? Web PI Mail ProcessBook Outlook IE PI-NetFlow Interface PI Universal Data Server Web Server

33 PI-NetFlow Limitations So, PI-NetFlow cannot monitor network traffic if –No Cisco router in the network –Cisco router exists, but NetFlow does not –Router is not involved What to do?

34 Summary of TCP/IP Traffic All TCP/IP traffic has these attributes –Source address (e.g., 192.168.10.161) –Source port (e.g., 2024) –Destination address (e.g., 10.12.18.67) –Destination port (e.g., 80) –Protocol type (e.g., TCP ) –Size (e.g., number of bytes)

35 Ethernet Segment – Party Line! 192.168.10.6 192.168.10.20 192.168.10.5 With the proper application, 192.168.10.5 can see the attributes of all TCP/IP traffic on the segment: 192.168.10.6 : 1026 192.168.10.20 : 5450 192.168.10.6 : 1124 10.12.18.67 : 80 10.12.18.67

36 Packet Capturing 192.168.10.6 192.168.10.20 192.168.10.5 10.12.18.67 1.See/capture traffic 2.Aggregate traffic information (source IP, source port, etc.) 3.Create records of NetFlow format

37 OSIsoft PacketCapture 192.168.10.6 192.168.10.20 192.168.10.5 10.12.18.67 1.See/capture traffic 2.Aggregate traffic information (source IP, source port, etc.) 3.Create records of NetFlow format PacketCapture PI-NetFlow Interface PI Universal Data Server

38 PacketCapture with PI-NetFlow No need for a foreign (i.e., non-OSIsoft) device to supply the data Monitor traffic on different LAN segments Monitor traffic that does not go through a router

39 Monitor PI-Interface Traffic OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server PI-ICCP Interface SCADA system

40 Use with Network Gateways OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server Internet gateway without NetFlow

41 Use in Small Office / Home Office OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server Internet DSL / cable modem Keep track of Web sites visited by your kids!

42 Expand the Power of PI Discover the network management capabilities of a PI System! Demonstration room Tuesday afternoon

43 Questions and Answers Availability? –Approximately 1 month from now Contact information –OSIsoft sales representative –Eric Tam (software developer of PI-NetFlow) Email: etam@osisoft.com Phone: 1-510-297-5803

44 Additional Information Next slides provide additional information that may be helpful in understanding the details of PI-NetFlow and PacketCapture

45 Data Collection Example Want to monitor traffic sent to and from machine with IP address of 192.168.10.79 –Tagname: 192.168.10.79_usage –Filtering condition 1 destination IP: 192.168.10.79 –Filtering condition 2 source IP: 192.168.10.79

46 Data Collection Example Want to monitor traffic sent to and from machine with IP address of 192.168.10.79 –Tagname: 192.168.10.79_usage –Filtering condition 1 destination IP: 192.168.10.79 –Filtering condition 2 source IP: 192.168.10.79 For every NetFlow record received, PI-NetFlow –Applies the user-specified filtering conditions –Calculates a running sum of the number of bytes in those records that satisfy criteria –Periodically writes this sum to 192.168.10.79_usage

47 Value Written to PI bytes seconds individual NetFlow records that satisfy filtering conditions srcIP = 192.168.10.79 or destIP = 192.168.10.79 value written to PI tag 192.168.10.79_usage 51015

48 Data Collection Example “Base” tag – running sum of bytes –Created by the user –192.168.10.79_usage “Detail” tags – fields of NetFlow records –Created by PI-NetFlow itself –Tagnames are derived from “base” tag –192.168.10.79_usage_detail_srcIP –192.168.10.79_usage_detail_srcPort –192.168.10.79_usage_detail_destIP –192.168.10.79_usage_detail_destPort –192.168.10.79_usage_detail_octet –192.168.10.79_usage_detail_prot

49 PacketCapture Limitations Standard Ethernet only, won’t see traffic on –dial-up connections –ATM networks –token ring networks –fibre networks Captures only the traffic that it sees –Won’t see traffic for other machines if switched network is involved

50 Comparison of Programs PI-NetFlow –PI interface program; uses PI-API and PI-SDK –Receives NetFlow records sent by an external device (e.g., Cisco router or PacketCapture) –Writes values to PI tags PacketCapture –Not an interface; does not use PI-API or PI-SDK –Measures TCP/IP traffic on Ethernet –Creates and sends NetFlow records –Not a replacement for Cisco NetFlow

51 Hub vs. Switch OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server

52 Managed Switch OSIsoft PacketCapture PI-NetFlow Interface PI Universal Data Server spanning port

Download ppt "Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft."

Similar presentations

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,

15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.

15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.
Chapter 15 Networks. Chapter Goals Types of networks Topologies Open Systems Home Internet connections 15-2.

Chapter 15 Networks. Chapter Goals Types of networks Topologies Open Systems Home Internet connections 15-2.
Module 1: Reviewing the Suite of TCP/IP Protocols.

Module 1: Reviewing the Suite of TCP/IP Protocols.
Networking Components Christopher Biles LTEC4550.020 Assignment 3.

Networking Components Christopher Biles LTEC Assignment 3.
Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.

Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,

Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.

Similar presentations

Ads by Google