Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli.

Published byAudra Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli."— Presentation transcript:

1 Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli

2 Agenda 1. How did we get here 2. Network monitoring tools 3. Sample graphs

3 n Shawn Fanning n http://www.time.com/time/magazine/arti cles/0,3266,55730,00.html Napster

4 Taming Bandwidth Hogs... How can your campus do it? Ana Preston, University of Tennessee Linda Roos, University of Nebraska, Lincoln Tuesday, 11:45, Marquis 4

5 www.funnytimes.com

6 A simple question n CIO requested that we estimate Internet transit requirements for the next 18 months

7 Sources n www.research.att.com/~amo/doc/netwo rks.html n http://www.research.microsoft.com/~Gr ay/Moore_Law.html

8

9 What are current bandwidth requirements? What do we receive from our provider?

10 A few words about UW Internet access n WiscNet is a state education-based ISP - founded with help from UW-Madison n Charter membership included 14 UW- System universities and 8 privates colleges n WiscNet now serves over 500 educational institutions - predominantly K-12

11 The WiscNet backbone n Comprised of OC-3 links connecting UW- Madison, UW-Milwaukee, the Chicago NAP and the Ameritech Advanced Data Service Center (AADS), also in Chicago.

12

13

14 WiscNet Services n Internet transport and transit n Internet 2 transport n Peering transport at AADS

15 Current bandwidth requirements continued... n Inbound vs. outbound traffic n Usage caps n Prime time usage n Peering and I2 traffic n Effect of peer-to-peer networking and future policy on usage/fair utilization

16 www.wiscnet.net

17 What is a flow? n Host-to-host conversation between that includes the IP address and port # for each host. n Representation of a series of packets traveling between two end-points. n A unidirectional series of IP packets of a given protocol, traveling between a source and destination within a certain period of time.

18 Flow as represented by log n Easy to think of it as we would a sniffer trace - bits and bytes seen traversing the wire n In actuality, the flows are the accounting record or log of activity as reported by the router

19 Measurement Tools - Flowscan n Flowscan - freely available perl scripts and modules that aggregate other freely available tools for representing flows n Analyzes and reports on NetFlow data collected by CAIDA’s clfowd n Stored using RRDtool - time series data n Flowscan provides reporting capabilities and visualization of flow data

20 Example n cflowd receives flow data from the router and writes it to disk. n Flowscan parses/messages data from cflowd and stores the results in RRD format. n RRDtool graph produces graphs from RRD files.

21 More on FlowScan See http://net.doit.wisc.edu/~plonka/lisa/FlowScan/ plonka@doit.wisc.edu http://mil.doit.wisc.edu/~plonka/ Dave ->

22 General Flowscan Graphs

23

24

25

26

27

28

29

30

31

32 Network Events Captured by FlowScan

33

34

35

36

37

38

39 New Development wwwstats.net.wisc.edu/CampusIO/top/originAS.html wwwstats.net.wisc.edu/CampusIO/top/128.104.16.0_22_top.html

40 “It’s easier to ride a horse in the direction it’s going” Daniel Burrus www.burrus.com

Download ppt "Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli."

Similar presentations

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.

The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.
ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com.

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003.

Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003.
Overview of network monitoring development at AMRES Slavko Gajin.

Overview of network monitoring development at AMRES Slavko Gajin.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FlowScan at the University of Wisconsin-Madison Copyright Dave Plonka and Perry Brunelli, 2001. This work is the intellectual property of the authors.

FlowScan at the University of Wisconsin-Madison Copyright Dave Plonka and Perry Brunelli, This work is the intellectual property of the authors.
Supercomputing Center Measurement and Performance Analysis of Supercomputing Traffic by FlowScan+ 2.0 Supercomputing Center of KISTI Kookhan Kim August.

Supercomputing Center Measurement and Performance Analysis of Supercomputing Traffic by FlowScan+ 2.0 Supercomputing Center of KISTI Kookhan Kim August.
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.

QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.
BTT 101 / 2O1 Lesson 10 Dundas Valley Secondary Mr. Young.

BTT 101 / 2O1 Lesson 10 Dundas Valley Secondary Mr. Young.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
1 K. Salah Module 5.1: Internet Protocol TCP/IP Suite IP Addressing ARP RARP DHCP.

1 K. Salah Module 5.1: Internet Protocol TCP/IP Suite IP Addressing ARP RARP DHCP.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
NAV Project Update By: Meghan Allen and Peter McLachlan.

NAV Project Update By: Meghan Allen and Peter McLachlan.

Similar presentations

Ads by Google