product iamge

Network Flow Analysis

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

You know that servers have log files and performance measuring tools and that traditional network devices have LEDs that blink when a port does something. You may have tools that tell you how busy an interface is, but mostly a network device is a black box. Network Flow Analysis opens that black box, demonstrating how to use industry-standard software and your existing hardware to assess, analyze, and debug your network. Unlike packet sniffers that require you to reproduce network problems in order to analyze them, flow analysis lets you turn back time as you analyze your network. You'll learn how to use open source software to build a flow-based network awareness system and how to use network analysis and auditing to address problems and improve network reliability. You'll also learn how to use a flow analysis system; collect flow records; view, filter, and report flows; present flow records graphically; and use flow records to proactively improve your network. Network Flow Analysis will show you how to: Identify network, server, router, and firewall problems before they become critical Find defective and misconfigured software Quickly find virus-spewing machines, even if they're on a different continent Determine whether your problem stems from the network or a server Automatically graph the most useful data And much more. Stop asking your users to reproduce problems. Network Flow Analysis gives you the tools and real-world examples you need to effectively analyze your network flow data. Now you can determine what the network problem is long before your customers report it, and you can make that silly phone stop ringing.

Author(s): Michael W. Lucas
Edition: 1
Publisher: No Starch Press
Year: 2010

Language: English
Pages: 228

Brief Contents......Page 9
Contents in Detail......Page 11
Acknowledgments......Page 17
Introduction......Page 19
Network Management Tools......Page 21
Enough Griping: What's the Solution?......Page 23
Flows and This Book......Page 24
1: Flow Fundamentals......Page 27
What Is a Flow?......Page 28
Flow System Architecture......Page 29
The History of Network Flow......Page 30
Flows in the Real World......Page 32
Flow Export and Timeouts......Page 36
Packet-Sampled Flows......Page 37
Collector Considerations......Page 39
Sensor Considerations......Page 40
Implementing the Collector......Page 42
Installing Flow-tools......Page 43
Running flow-capture......Page 44
Collector Log Files......Page 46
Configuring Hardware Flow Sensors......Page 47
Configuring Software Flow Sensors......Page 50
The Sensor: softflowd......Page 52
Using flow-print......Page 59
Setting flow-print Formats with -f......Page 64
TCP Control Bits and Flow Records......Page 68
ICMP Types and Codes and Flow Records......Page 70
4: Filtering Flows......Page 75
Filter Fundamentals......Page 76
Useful Primitives......Page 79
Filter Match Statements......Page 88
Using Multiple Filters......Page 93
Logical Operators in Filter Definitions......Page 94
Filters and Variables......Page 96
5: Reporting and Follow-Up Analysis......Page 99
Default Report......Page 100
Modifying the Default Report......Page 103
Analyzing Individual Flows from Reports......Page 106
Other Report Customizations......Page 107
Useful Report Types......Page 110
Customizing Reports......Page 125
6: Perl, Flowscan, and Cflow.pm......Page 135
Installing Cflow.pm......Page 136
flowdumper and Full Flow Information......Page 137
FlowScan and CUFlow......Page 138
Installing FlowScan and CUFlow......Page 139
Flow Record Splitting and CUFlow......Page 148
Using Cflow.pm......Page 151
7: FlowViewer......Page 157
Installing FlowViewer......Page 158
Configuring FlowViewer......Page 159
Using FlowViewer......Page 164
FlowGrapher......Page 168
FlowTracker......Page 170
Interface Names and FlowViewer......Page 174
8: Ad Hoc Flow Visualization......Page 175
gnuplot 101......Page 176
Time-Series Example: Bandwidth......Page 178
Automating Graph Production......Page 191
Comparison Graphs......Page 193
NetFlow v9......Page 195
sFlow......Page 198
Problem Solving with Flow Data......Page 200
Afterword......Page 207
Index......Page 209