1 / 40

Interpreting Network Traffic Flows

Interpreting Network Traffic Flows. Bill Jensen, Paul Nazario and Perry Brunelli. Agenda. 1. How did we get here 2. Network monitoring tools 3. Sample graphs. Napster. Shawn Fanning http://www.time.com/time/magazine/articles/0,3266,55730,00.html.

rebeccarclark
Download Presentation

Interpreting Network Traffic Flows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli

  2. Agenda 1. How did we get here 2. Network monitoring tools 3. Sample graphs

  3. Napster • Shawn Fanning • http://www.time.com/time/magazine/articles/0,3266,55730,00.html

  4. Taming Bandwidth Hogs . . . How can your campus do it? Ana Preston, University of Tennessee Linda Roos, University of Nebraska, Lincoln Tuesday, 11:45, Marquis 4

  5. www.funnytimes.com

  6. A simple question • CIO requested that we estimate Internet transit requirements for the next 18 months

  7. Sources • www.research.att.com/~amo/doc/networks.html • http://www.research.microsoft.com/~Gray/Moore_Law.html

  8. What are current bandwidth requirements? What do we receive from our provider?

  9. A few words about UW Internet access • WiscNet is a state education-based ISP - founded with help from UW-Madison • Charter membership included 14 UW-System universities and 8 privates colleges • WiscNet now serves over 500 educational institutions - predominantly K-12

  10. The WiscNet backbone • Comprised of OC-3 links connecting UW- Madison, UW-Milwaukee, the Chicago NAP and the Ameritech Advanced Data Service Center (AADS), also in Chicago.

  11. WiscNet Services • Internet transport and transit • Internet 2 transport • Peering transport at AADS

  12. Current bandwidth requirements continued... • Inbound vs. outbound traffic • Usage caps • Prime time usage • Peering and I2 traffic • Effect of peer-to-peer networking and future policy on usage/fair utilization

  13. www.wiscnet.net

  14. What is a flow? • Host-to-host conversation between that includes the IP address and port # for each host. • Representation of a series of packets traveling between two end-points. • A unidirectional series of IP packets of a given protocol, traveling between a source and destination within a certain period of time.

  15. Flow as represented by log • Easy to think of it as we would a sniffer trace - bits and bytes seen traversing the wire • In actuality, the flows are the accounting record or log of activity as reported by the router

  16. Measurement Tools - Flowscan • Flowscan - freely available perl scripts and modules that aggregate other freely available tools for representing flows • Analyzes and reports on NetFlow data collected by CAIDA’s clfowd • Stored using RRDtool - time series data • Flowscan provides reporting capabilities and visualization of flow data

  17. Example • cflowd receives flow data from the router and writes it to disk. • Flowscan parses/messages data from cflowd and stores the results in RRD format. • RRDtool graph produces graphs from RRD files.

  18. Dave -> More on FlowScan plonka@doit.wisc.edu See http://net.doit.wisc.edu/~plonka/lisa/FlowScan/ http://mil.doit.wisc.edu/~plonka/

  19. General Flowscan Graphs

  20. Network Events Captured by FlowScan

  21. New Development wwwstats.net.wisc.edu/CampusIO/top/originAS.html wwwstats.net.wisc.edu/CampusIO/top/128.104.16.0_22_top.html

  22. “It’s easier to ride a horse in the direction it’s going” Daniel Burrus www.burrus.com

More Related