- Login via:
- vk.com
- ok.ru
- google.com
- mail.ru
- yandex.ru
Lucas Michael W. Network Flow Analysis
- pdf file
- size 2,68 MB
- added by maxk
- info modified
No Starch Press, 2010. — 224 p. — ISBN10: 1593272030, ISBN13: 978-1593272036.Unlike packet sniffers that require you to reproduce network problems in order to analyze them, flow analysis lets you turn back time as you analyze your network. You'll learn how to use open-source software to build a flow-based network awareness system and how to use network analysis and auditing to address problems and improve network reliability. You'll also learn how to use a flow analysis system; collect flow records; view, filter, and report flows; present flow records graphically; and use flow records to proactively improve your network. Network Flow Analysis will show you how to:Identify network, server, router, and firewall problems before they become critical
Find defective and misconfigured software
Quickly find virus-spewing machines, even if they're on a different continent
Determine whether your problem stems from the network or a server
Automatically graph the most useful data
And much more. Stop asking your users to reproduce problems. Network Flow Analysis gives you the tools and real-world examples you need to effectively analyze your network flow data. Now you can determine what the network problem is long before your customers report it, and you can make that silly phone stop ringing.Flow Fundamentals
Collectors and Sensors
Viewing Flows
Filtering Flows
Reporting and Follow-up Analysis
Perl, Flowscan, and Cflow.pm
FlowViewer
Ad-Hoc Flow Visualization
Edges & AnalysisNetwork Administration and Network Management
Network Management Tools
MRTG, Cricket, and Cacti
RTG
Nagios and Big Brother
CiscoWorks, OpenView, and More
Enough Griping: What’s the Solution?
Flow-Tools and Its Prerequisites
Flows and This Book
FLOW FUNDAMENTALS
What Is a Flow?
Flow System Architecture
The History of Network Flow
NetFlow Versions
NetFlow Competition
The Latest Standards
Flows in the Real World
ICMP Flows
UDP Flows
TCP Flows
Other Protocols
Flow Export and Timeouts
Packet-Sampled Flows
COLLECTORS AND SENSORS
Collector Considerations
Operating System
System Resources
Sensor Considerations
Location
From Remote Facilities
From Private Network Segments/DMZs
Implementing the Collector
Installing Flow-tools
Installing from Packages
Installing from Source
Running flow-capture
Starting flow-capture at Boot
How Many Collectors?
Collector Log Files
Collector Troubleshooting
Configuring Hardware Flow Sensors
Cisco Routers
Cisco Switches
Juniper Routers
Configuring Software Flow Sensors
Setting Up Sensor Server Hardware
Network Setup
Sensor Server Setup
Running the Sensor on the Collector
The Sensor: softflowd
Running softflowd
Watching softflowd
VIEWING FLOWS
Using flow-print
Printing Protocol and Port Names
Common Protocol and Port Number Assignments
Viewing Flow Record Header Information with -p
Printing to a Wide Terminal
Setting flow-print Formats with -f
Showing Interfaces and Ports in Hex with Format -f 0
Two Lines with Times, Flags, and Hex Ports Using -f 1
Printing BGP Information
Wide-Screen Display
IP Accounting Format
TCP Control Bits and Flow Records
ICMP Types and Codes and Flow Records
Types and Codes in ICMP
Flows and ICMP Details
FILTERING FLOWS
Filter Fundamentals
Common Primitives
Creating a Simple Filter with Conditions and Primitives
Using Your Filter
Useful Primitives
Protocol, Port, and Control Bit Primitives
IP Address and Subnet Primitives
Time, Counter, and Double Primitives
Interface and BGP Primitives
Filter Match Statements
Protocols, Ports, and Control Bits
Addresses and Subnets
Filtering by Sensor or Exporter
Time Filters
Clipping Levels
BGP and Routing Filters
Using Multiple Filters
Logical Operators in Filter Definitions
Logical “or”
Filter Inversion
Filters and Variables
Using Variable-Driven Filters
Defining Your Own Variable-Driven Filters
Creating Your Own Variables
REPORTING AND FOLLOW-UP ANALYSIS
Default Report
Timing and Totals
Packet Size Distribution
Packets per Flow
Octets in Each Flow
Flow Time Distribution
Modifying the Default Report
Using Variables: Report Type
Using Variables: SORT
Analyzing Individual Flows from Reports
Other Report Customizations
Choosing Fields
Displaying Headers, Hostnames, and Percentages
Presenting Reports in HTML
Useful Report Types
IP Address Reports
Network Protocol and Port Reports
Traffic Size Reports
Traffic Speed Reports
Routing, Interfaces, and Next Hops
Reporting Sensor Output
BGP Reports
Customizing Reports
Custom Report: Reset-Only Flows
More Report Customizations
Customizing Report Appearance
PERL, FLOWSCAN, AND CFLOW.PM
Installing Cflow.pm
Testing Cflow.pm
Install from Operating System Package
Install from Source
Installing from Source with a Big Hammer
flowdumper and Full Flow Information
FlowScan and CUFlow
FlowScan Prerequisites
Installing FlowScan and CUFlow
FlowScan User, Group, and Data Directories
FlowScan Startup Script
Configuring FlowScan
Configuring CUFlow: CUFlow.cf
Rotation Programs and flow-capture
Running FlowScan
FlowScan File Handling
Displaying CUFlow Graphs
Flow Record Splitting and CUFlow
Splitting Flows
Scripting Flow Record Splitting
Filtered CUFlow and Directory Setup
Using Cflow.pm
A Sample Cflow.pm Script
Cflow.pm Variables
Other Cflow.pm Exports
Acting on Every File
Return Value
Verbose Mode
FLOWVIEWER
FlowTracker and FlowGrapher vs. CUFlow
FlowViewer Security
Installing FlowViewerPrerequisitesFlowViewer Installation Process
Configuring FlowViewer
Directories and Site Paths
Website Setup
Devices and Exporters
Troubleshooting the FlowViewer Suite
Using FlowViewer
Filtering Flows with FlowViewer
Reporting Parameters
Printed Reports
Statistics Reports
FlowGrapher
FlowGrapher Settings
FlowGrapher Output
FlowTracker
FlowTracker Processes
FlowTracker Settings
Viewing Trackers
Group Trackers
Interface Names and FlowViewer
AD HOC FLOW VISUALIZATION
gnuplot 101
Starting gnuplot
gnuplot Configuration Files
Time-Series Example: Bandwidth
Total Bandwidth Report
Unidirectional Bandwidth Reports
Combined Inbound/Outbound Traffic
Automating Graph Production
Comparison Graphs
Data Normalizing
Time Scale
EDGES AND ANALYSIS
NetFlow v9
Installing flowd
Configuring flowd
Converting flowd Data to Flow-tools
sFlow
Configuring sFlow Export with sflowenable
Convert sFlow to NetFlow
Problem Solving with Flow Data
Finding Busted Software
Identifying Worms
Traffic to Illegal Addresses
Traffic to Nonexistent Hosts
Find defective and misconfigured software
Quickly find virus-spewing machines, even if they're on a different continent
Determine whether your problem stems from the network or a server
Automatically graph the most useful data
And much more. Stop asking your users to reproduce problems. Network Flow Analysis gives you the tools and real-world examples you need to effectively analyze your network flow data. Now you can determine what the network problem is long before your customers report it, and you can make that silly phone stop ringing.Flow Fundamentals
Collectors and Sensors
Viewing Flows
Filtering Flows
Reporting and Follow-up Analysis
Perl, Flowscan, and Cflow.pm
FlowViewer
Ad-Hoc Flow Visualization
Edges & AnalysisNetwork Administration and Network Management
Network Management Tools
MRTG, Cricket, and Cacti
RTG
Nagios and Big Brother
CiscoWorks, OpenView, and More
Enough Griping: What’s the Solution?
Flow-Tools and Its Prerequisites
Flows and This Book
FLOW FUNDAMENTALS
What Is a Flow?
Flow System Architecture
The History of Network Flow
NetFlow Versions
NetFlow Competition
The Latest Standards
Flows in the Real World
ICMP Flows
UDP Flows
TCP Flows
Other Protocols
Flow Export and Timeouts
Packet-Sampled Flows
COLLECTORS AND SENSORS
Collector Considerations
Operating System
System Resources
Sensor Considerations
Location
From Remote Facilities
From Private Network Segments/DMZs
Implementing the Collector
Installing Flow-tools
Installing from Packages
Installing from Source
Running flow-capture
Starting flow-capture at Boot
How Many Collectors?
Collector Log Files
Collector Troubleshooting
Configuring Hardware Flow Sensors
Cisco Routers
Cisco Switches
Juniper Routers
Configuring Software Flow Sensors
Setting Up Sensor Server Hardware
Network Setup
Sensor Server Setup
Running the Sensor on the Collector
The Sensor: softflowd
Running softflowd
Watching softflowd
VIEWING FLOWS
Using flow-print
Printing Protocol and Port Names
Common Protocol and Port Number Assignments
Viewing Flow Record Header Information with -p
Printing to a Wide Terminal
Setting flow-print Formats with -f
Showing Interfaces and Ports in Hex with Format -f 0
Two Lines with Times, Flags, and Hex Ports Using -f 1
Printing BGP Information
Wide-Screen Display
IP Accounting Format
TCP Control Bits and Flow Records
ICMP Types and Codes and Flow Records
Types and Codes in ICMP
Flows and ICMP Details
FILTERING FLOWS
Filter Fundamentals
Common Primitives
Creating a Simple Filter with Conditions and Primitives
Using Your Filter
Useful Primitives
Protocol, Port, and Control Bit Primitives
IP Address and Subnet Primitives
Time, Counter, and Double Primitives
Interface and BGP Primitives
Filter Match Statements
Protocols, Ports, and Control Bits
Addresses and Subnets
Filtering by Sensor or Exporter
Time Filters
Clipping Levels
BGP and Routing Filters
Using Multiple Filters
Logical Operators in Filter Definitions
Logical “or”
Filter Inversion
Filters and Variables
Using Variable-Driven Filters
Defining Your Own Variable-Driven Filters
Creating Your Own Variables
REPORTING AND FOLLOW-UP ANALYSIS
Default Report
Timing and Totals
Packet Size Distribution
Packets per Flow
Octets in Each Flow
Flow Time Distribution
Modifying the Default Report
Using Variables: Report Type
Using Variables: SORT
Analyzing Individual Flows from Reports
Other Report Customizations
Choosing Fields
Displaying Headers, Hostnames, and Percentages
Presenting Reports in HTML
Useful Report Types
IP Address Reports
Network Protocol and Port Reports
Traffic Size Reports
Traffic Speed Reports
Routing, Interfaces, and Next Hops
Reporting Sensor Output
BGP Reports
Customizing Reports
Custom Report: Reset-Only Flows
More Report Customizations
Customizing Report Appearance
PERL, FLOWSCAN, AND CFLOW.PM
Installing Cflow.pm
Testing Cflow.pm
Install from Operating System Package
Install from Source
Installing from Source with a Big Hammer
flowdumper and Full Flow Information
FlowScan and CUFlow
FlowScan Prerequisites
Installing FlowScan and CUFlow
FlowScan User, Group, and Data Directories
FlowScan Startup Script
Configuring FlowScan
Configuring CUFlow: CUFlow.cf
Rotation Programs and flow-capture
Running FlowScan
FlowScan File Handling
Displaying CUFlow Graphs
Flow Record Splitting and CUFlow
Splitting Flows
Scripting Flow Record Splitting
Filtered CUFlow and Directory Setup
Using Cflow.pm
A Sample Cflow.pm Script
Cflow.pm Variables
Other Cflow.pm Exports
Acting on Every File
Return Value
Verbose Mode
FLOWVIEWER
FlowTracker and FlowGrapher vs. CUFlow
FlowViewer Security
Installing FlowViewerPrerequisitesFlowViewer Installation Process
Configuring FlowViewer
Directories and Site Paths
Website Setup
Devices and Exporters
Troubleshooting the FlowViewer Suite
Using FlowViewer
Filtering Flows with FlowViewer
Reporting Parameters
Printed Reports
Statistics Reports
FlowGrapher
FlowGrapher Settings
FlowGrapher Output
FlowTracker
FlowTracker Processes
FlowTracker Settings
Viewing Trackers
Group Trackers
Interface Names and FlowViewer
AD HOC FLOW VISUALIZATION
gnuplot 101
Starting gnuplot
gnuplot Configuration Files
Time-Series Example: Bandwidth
Total Bandwidth Report
Unidirectional Bandwidth Reports
Combined Inbound/Outbound Traffic
Automating Graph Production
Comparison Graphs
Data Normalizing
Time Scale
EDGES AND ANALYSIS
NetFlow v9
Installing flowd
Configuring flowd
Converting flowd Data to Flow-tools
sFlow
Configuring sFlow Export with sflowenable
Convert sFlow to NetFlow
Problem Solving with Flow Data
Finding Busted Software
Identifying Worms
Traffic to Illegal Addresses
Traffic to Nonexistent Hosts
- Sign up or login using form at top of the page to download this file.