SlideShare a Scribd company logo

Go with the Flow

Bangladesh Network Operators Group
Bangladesh Network Operators Group

Go with the Flow

Internet
1 of 27
Download to read offline
Go with the Flow … Md. Zobair Khan AS58587
kzobair One name to rule them all … :P
NetworkFlow A flow is a set of packets with common characteristics within a given time frame and a given direction. In packet switching networks, traffic flow, packet flow or network flow is a sequence of packets from a source computer to a destination, which maybe another host, a multicast group, or a broadcast domain. RFC 2722 defines traffic flow as "A TRAFFIC FLOW is an artificial logical equivalent to a call or connection, belonging to a (user-specified) METERED TRAFFIC GROUP."
NetworkFlow
NetFlow NetFlow was introduced in Cisco routers first to get the traffic informationfrom one or many source/s to one or many destination/s. Also supported by Juniper, Mikrotiketc. Jflow or cflowd for Juniper Networks NetStream for 3Com/HP NetStream for Huawei Technologies Cflowd for Alcatel-Lucent Rflow for Ericsson AppFlow Citrix Traffic Flow MikroTik sFlow vendors include: AlcatelLucent, Cisco, Dell, D-Link, Fortinet, Hewlett-Packard, Huawei, IBM, Juniper, NEC, Netgear, ZTE etc
NetFlow Version Comment v1 First implementation, now obsolete, and restricted to IPv4 (without IP mask and AS Numbers). v2 Cisco internal version, never released. v3 Cisco internal version, never released. v4 Cisco internal version, never released. v5 Most common version, available on many routers from different brands, but restricted to IPv4 flows. v6 No longer supported by Cisco. v7 Like version 5 with a source router field. Used on Cisco Catalyst switches. v8 Several aggregation form, but only for information that is already present in version 5 records v9 Template Based, available on some recent routers. Mostly used to report flows like IPv6, MPLS, or even plain IPv4 with BGP nexthop. v10 Used for identifying IPFIX - IP Flow Information Export.
Cisco Configuration ip flow-export version 5 origin-as ip flow-export source Loopback0 ip flow-export destination[ServerIP] 3000 interface TenGigabitEthernet1/0/0 ip flow ingress ip flow egress
Juniper Configuration set firewallfilter test-flow term 1 then sample set firewallfilter test-flow term 1 then accept set interfaces ge-0/0/0 unit 0 family inet filter input test-flow set interfaces ge-0/0/0 unit 0 family inet filter output test-flow set forwarding-optionssampling input rate 1000 set forwarding-optionssampling familyinet output flow-server [ServerIp] port 3000 set forwarding-optionssampling familyinet output flow-server [ServerIp] version 5
Server First Check if you are receiving the flows or not tcpdump -i eth0 port 3000 17:30:19.248072 IP InterfaceName.53344 > ServerName.3000: UDP, length 1464 17:30:19.248079 IP InterfaceName.53344 > ServerName.3000: UDP, length 1272 17:30:19.248853 IP InterfaceName.53344 > ServerName.3000: UDP, length 1464 17:30:19.248887 IP InterfaceName.53344 > ServerName.3000: UDP, length 1464 17:30:19.248894 IP InterfaceName.53344 > ServerName.3000: UDP, length 1272 17:30:19.249385 IP InterfaceName.60532 > ServerName.3000: UDP, length 1416
Now What !!! Yes…. The Flow exporter is exporting the flows and the Flow Collector is receiving them. So now we can start analyzingthem to understandthe traffic pattern of our network. Can be done in many ways with many tools. We will discuss one of the most basic tools which can be run on bash easily with little resources and required output.
Flow-Tools Flow-toolsis a library and a collection of programs used to collect, send, process, and generate reports from NetFlow data. Supports NetFlow version upto 8. Best output with NetFlow version 5. Included Programs are flow-capture , flow-cat, flow-statsand many more. http://linux.die.net/man/1/flow-tools
Advantages 1. Gives detailinformation on each & every particularconversationwithout sniffing. 2. No problem for encrypted data.For any incident,traffic source & Destinationsare visible. 3. Historicaldata of Flows can help operator to improve quality. 4. Data can be fetched from anywhere in network as needed in a customized way. 5. If you are multihomed, these information are importantto make sure that your clients are getting qualityservice. 6. NFSEN does the same work but needs bigger resources compared to Flow-Tools. 7. Ideal for startup ISPs, small enterprise, office IT network, campus network etc.
Flow-Tools apt-get installflow-tools Or get it from here and installit https://flow-tools.googlecode.com/files/flow-tools-0.68.5.1.tar.bz2 Make a directory to store your flows mkdir /var/flows/
Flow-Tools Edit the flow-capture.conf file at /etc/flow-tools/ , comment all and use the below line. -V 5 -E 5G -N 3 -w /var/flows 0.0.0.0/ServerIP/3000 Which means – NetFlow Version will be 5 Expire the totalstored flow files as per the given space – here we will set 5 G Nesting level for sorting flow files Working directory will be /var/flows Allow any IP as analyzer and ServerIP as exporter with port 3000
Flow-Tools We can now start capturing flows with the following command. flow-capture -w /var/flows -E5G -S3 0/0/3000 Which means – Flow capture will start with working directory /var/flows Totalsize of all the flow files will not exceed 5 G Emit a stat log message every 3 minutes Allow any IP as analyzer and exporter with port 3000
Flow-Tools Now if you go to /var/flows/2015/2015-10/2015-10-27/ to see the flow files. Filenamesbegining with tmp which are typicallyin-progress flow files from flow-capture are not processed. cd /var/flows/2015/2015-10/2015-10-27/ [3 level nesting for sorting files] ls -lah total 259M drwxr-xr-x 2 root root 4.0K Oct 27 17:07 . drwxr-xr-x 3 root root 4.0K Oct 27 15:24 .. -rw-r--r-- 1 root root 36M Oct 27 16:43 ft-v05.2015-10-27.163000+0600 -rw-r--r-- 1 root root 1022K Oct 27 16:45 ft-v05.2015-10-27.164438+0600 -rw-r--r-- 1 root root 26M Oct 27 16:54 ft-v05.2015-10-27.164500+0600 -rw-r--r-- 1 root root 2.6M Oct 27 16:55 ft-v05.2015-10-27.165435+0600 -rw-r--r-- 1 root root 12M Oct 27 17:00 ft-v05.2015-10-27.165558+0600 -rw-r--r-- 1 root root 21M Oct 27 17:07 ft-v05.2015-10-27.170000+0600 -rw-r--r-- 1 root root 16M Oct 27 17:13 tmp-v05.2015-10-27.170753+0600
Flow-Tools We are ready to see some outputs finally… 0 OverallSummary 1 Average packet size distribution 2 Packets per flow distribution 3 Octets per flow distribution 4 Bandwidthper flow distribution 5 UDP/TCP destinationport 6 UDP/TCP source port 7 UDP/TCP port 8 DestinationIP 9 Source IP 10 Source/DestinationIP 11 Source or DestinationIP 12 IP protocol 13 octets for flow durationplot data 14 packets for flow durationplot data 15 short summary 16 IP Next Hop 17 Input interface 18 Output interface 19 Source AS 20 DestinationAS 21 Source/DestinationAS 22 IP ToS 23 Input/OutputInterface 24 Source Prefix 25 DestinationPrefix 26 Source/DestinationPrefix 27 Exporter IP 28 Engine Id 29 Engine Type 30 Source Tag 31 DestinationTag 32 Source/DestinationTag
Flow-Tools To view output in bash we need to use the below command remaining at the flow files directory which is /var/flows/2015/2015-10/2015-10-27/ flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f11 -P -p -S4 | head -30 Meaning – Concatenateflow file named ft-v05.2015-10-27.170000+0600 The headers are preloaded for this file containingthe metadata. Flow-stat will provide function 11 (Source or DestinationIP) with preloaded headers and Percentage to the total amount for 4 minutes durationof flows.
Flow-Tools : Case Study
Flow-Tools : Case Study Viewing most talkative Source or Destination IP: flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f11 -P -p -S4 | head -30 # --- ---- ---- Report Information --- --- --- # # Fields: Percent Total # Symbols: Disabled # Sorting: Descending Field 4 # Name: Source or Destination IP # # Args: flow-stat -f11 -P -p -S4 # # IPaddr flows octets packets # 122.102.32.106 5.809 7.793 8.062 103.253.38.11 2.577 10.787 9.039 122.102.32.90 2.791 5.509 5.384 103.26.112.170 3.132 3.334 3.175 103.26.112.17 1.849 1.865 1.767
Flow-Tools : Case Study Finding most talkative Source ASNs: flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f19 -P -p -S4 | head -30 # --- ---- ---- Report Information --- --- --- # # Fields: Percent Total # Symbols: Disabled # Sorting: Descending Field 4 # Name: Source AS # # Args: flow-stat -f19 -P -p -S4 # # # src AS flows octets packets # 45245 3.764 0.045 0.236 15169 0.738 0.071 0.066 7565 0.792 0.021 0.056 56138 0.985 0.010 0.062
Flow-Tools : Case Study Finding Top Source/Destination ASN: flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f21 -P -p -S4 | head -30 # --- ---- ---- Report Information --- --- --- # # Fields: Percent Total # Symbols: Disabled # Sorting: Descending Field 4 # Name: Source/Destination AS # # Args: flow-stat -f21 -P -p -S4 # # # src AS dst AS flows octets packets # 45245 32934 1.023 0.012 0.061 45245 15169 0.505 0.008 0.032 15169 7565 0.230 0.030 0.025 15169 45245 0.277 0.025 0.024
Flow-Tools : Case Study Finding DoS/DDoS Source/Destination: flow-cat -p ft-v05.2015-10-28.133000+0600 | flow-stat -f10 -P -p -S3 | head -40 # --- ---- ---- Report Information --- --- --- # src IPaddr dst IPaddr flows octets packets # 178.79.215.39 43.231.22.2 0.001 0.793 0.622 62.210.157.218 122.102.32.90 0.000 0.713 0.560 87.248.221.154 43.231.22.2 0.001 0.555 0.436 87.240.163.54 122.102.32.90 0.001 0.523 0.410 37.59.33.100 210.1.249.136 0.001 0.510 0.400 163.53.140.168 103.52.134.18 0.017 0.461 0.365 31.14.252.94 210.1.253.68 0.000 0.455 0.357 62.210.103.45 122.102.32.90 0.001 0.450 0.353 188.138.1.11 122.102.32.106 0.001 0.448 0.351 4.26.227.253 103.230.105.13 0.004 0.420 0.330 31.3.245.242 122.102.32.106 0.002 0.418 0.328 86.146.198.23 122.102.32.106 0.000 0.408 0.229 95.55.44.11 103.230.105.26 0.000 0.405 0.222 163.53.140.179 103.52.134.18 0.011 0.387 0.308 163.53.140.178 103.230.105.14 0.027 0.382 0.222
Flow-Tools : Case Study
Flow-Tools : Case Study Finding DoS/DDoS Source/Destination: flow-cat -p ft-v05.2015-10-28.134500+0600 | flow-stat -f10 -P -p -S3 | head -40 # --- ---- ---- Report Information --- --- --- # src IPaddr dst IPaddr flows octets packets # 103.7.251.45 173.205.124.100 12.517 6.555 5.006 95.211.191.89 103.253.38.11 0.003 4.548 2.901 69.16.175.42 103.253.38.5 0.005 3.779 2.486 46.28.51.252 103.253.38.5 0.002 2.850 1.818 89.46.103.119 103.253.38.5 0.018 2.454 1.575 69.16.175.42 103.253.38.11 0.006 2.440 1.610 91.121.4.51 103.253.38.11 0.003 2.437 1.558 195.154.194.38 103.253.38.5 0.011 2.047 1.310 203.223.95.78 50.97.95.98 0.008 2.037 0.960 87.248.212.205 103.253.38.11 0.002 1.955 2.144 176.205.18.194 103.253.38.5 0.003 1.504 1.332 188.165.200.34 103.253.38.11 0.002 1.440 0.919 94.242.246.118 103.253.38.11 0.005 1.374 0.881 205.185.216.42 103.253.38.11 0.002 0.973 0.676 178.149.93.10 103.253.38.11 0.000 0.965 0.443
Any Query ???
Thank You …

Recommended

How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimMyNOG
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer Bangladesh Network Operators Group
 
IPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyIPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyMyNOG
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionBangladesh Network Operators Group
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment UpdateBangladesh Network Operators Group
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
Broadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBroadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBangladesh Network Operators Group
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 

Recommended

How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimMyNOG
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer Bangladesh Network Operators Group
 
IPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyIPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyMyNOG
 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionBangladesh Network Operators Group
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment UpdateBangladesh Network Operators Group
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
Broadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBroadcast storms in service provider network, Nafeez Islam
Broadcast storms in service provider network, Nafeez IslamBangladesh Network Operators Group
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamMyNOG
 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsBangladesh Network Operators Group
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuMyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
How To Triple The Range of LoRa
How To Triple The Range of LoRaHow To Triple The Range of LoRa
How To Triple The Range of LoRaHaystack Technologies
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNsMyNOG
 
Ch 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsCh 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsYoram Orzach
 
Software Defined RAN
Software Defined RANSoftware Defined RAN
Software Defined RANOpen Networking Summit
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerAPNIC
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP TransportMyNOG
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
MPLS SDN NFV WORLD'17 - SDN NFV deployment update
MPLS SDN NFV WORLD'17 - SDN NFV deployment updateMPLS SDN NFV WORLD'17 - SDN NFV deployment update
MPLS SDN NFV WORLD'17 - SDN NFV deployment updateStephane Litkowski
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMOpen Networking Summit
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 
Netflow slides
Netflow slidesNetflow slides
Netflow slidesJose Manuel Vega Monroy
 
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Bangladesh Network Operators Group
 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG ReportBangladesh Network Operators Group
 

More Related Content

What's hot

Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamMyNOG
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuMyNOG
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNsMyNOG
 
Ch 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsCh 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsYoram Orzach
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerAPNIC
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP TransportMyNOG
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
MPLS SDN NFV WORLD'17 - SDN NFV deployment update
MPLS SDN NFV WORLD'17 - SDN NFV deployment updateMPLS SDN NFV WORLD'17 - SDN NFV deployment update
MPLS SDN NFV WORLD'17 - SDN NFV deployment updateStephane Litkowski
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMOpen Networking Summit
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 

What's hot (20)

Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul Islam
 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operators
 
Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie Liu
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
 
How To Triple The Range of LoRa
How To Triple The Range of LoRaHow To Triple The Range of LoRa
How To Triple The Range of LoRa
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment Routing
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNs
 
Ch 04 --- sdn deployment models
Ch 04 --- sdn deployment modelsCh 04 --- sdn deployment models
Ch 04 --- sdn deployment models
 
Software Defined RAN
Software Defined RANSoftware Defined RAN
Software Defined RAN
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP Transport
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
MPLS SDN NFV WORLD'17 - SDN NFV deployment update
MPLS SDN NFV WORLD'17 - SDN NFV deployment updateMPLS SDN NFV WORLD'17 - SDN NFV deployment update
MPLS SDN NFV WORLD'17 - SDN NFV deployment update
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INT
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
 

Viewers also liked

বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!Bangladesh Network Operators Group
 
Converged Fiber to The Home, Building and Offices
Converged Fiber to The Home, Building and OfficesConverged Fiber to The Home, Building and Offices
Converged Fiber to The Home, Building and OfficesLuca Matteo Ruberto
 

Viewers also liked (20)

Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG Report
 
VoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenueVoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenue
 
Local Solution with Global Potential
Local Solution with Global PotentialLocal Solution with Global Potential
Local Solution with Global Potential
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
 
Apnic update
Apnic updateApnic update
Apnic update
 
APNIC Service Improvements 2015
APNIC Service Improvements 2015APNIC Service Improvements 2015
APNIC Service Improvements 2015
 
বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!
 
RTT matters
RTT mattersRTT matters
RTT matters
 
The Future of SIP in WebRTC
The Future of SIP in WebRTCThe Future of SIP in WebRTC
The Future of SIP in WebRTC
 
ISP status in Bangladesh 2016
ISP status in Bangladesh 2016ISP status in Bangladesh 2016
ISP status in Bangladesh 2016
 
Onboard Automation with EEM
Onboard Automation with EEM Onboard Automation with EEM
Onboard Automation with EEM
 
Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
 
Secure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of BangladeshSecure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of Bangladesh
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
 
History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet
 
Iptsp bangladesh shohel shikdar
Iptsp bangladesh shohel shikdarIptsp bangladesh shohel shikdar
Iptsp bangladesh shohel shikdar
 
Converged Fiber to The Home, Building and Offices
Converged Fiber to The Home, Building and OfficesConverged Fiber to The Home, Building and Offices
Converged Fiber to The Home, Building and Offices
 

Similar to Go with the Flow

Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014chrissanders88
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowCisco DevNet
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPPROIDEA
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginEC-Council
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
Fast Streaming into Clickhouse with Apache Pulsar
Fast Streaming into Clickhouse with Apache PulsarFast Streaming into Clickhouse with Apache Pulsar
Fast Streaming into Clickhouse with Apache PulsarTimothy Spann
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream csching
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementationFreddy Buenaño
 
Solar windsportrequirements
Solar windsportrequirementsSolar windsportrequirements
Solar windsportrequirementsnasac
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4Open Networking Summits
 
Tutorial of SF-TAP Flow Abstractor
Tutorial of SF-TAP Flow AbstractorTutorial of SF-TAP Flow Abstractor
Tutorial of SF-TAP Flow AbstractorYuuki Takano
 

Similar to Go with the Flow (20)

Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat Defense
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdump
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
 
Fast Streaming into Clickhouse with Apache Pulsar
Fast Streaming into Clickhouse with Apache PulsarFast Streaming into Clickhouse with Apache Pulsar
Fast Streaming into Clickhouse with Apache Pulsar
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
 
Solar windsportrequirements
Solar windsportrequirementsSolar windsportrequirements
Solar windsportrequirements
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference Guide
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East Workshop
 
[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4[Webinar Slides] Programming the Network Dataplane in P4
[Webinar Slides] Programming the Network Dataplane in P4
 
Tutorial of SF-TAP Flow Abstractor
Tutorial of SF-TAP Flow AbstractorTutorial of SF-TAP Flow Abstractor
Tutorial of SF-TAP Flow Abstractor
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 

Recently uploaded (20)

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 

Go with the Flow

  • 1. Go with the Flow … Md. Zobair Khan AS58587
  • 2. kzobair One name to rule them all … :P
  • 3. NetworkFlow A flow is a set of packets with common characteristics within a given time frame and a given direction. In packet switching networks, traffic flow, packet flow or network flow is a sequence of packets from a source computer to a destination, which maybe another host, a multicast group, or a broadcast domain. RFC 2722 defines traffic flow as "A TRAFFIC FLOW is an artificial logical equivalent to a call or connection, belonging to a (user-specified) METERED TRAFFIC GROUP."
  • 5. NetFlow NetFlow was introduced in Cisco routers first to get the traffic informationfrom one or many source/s to one or many destination/s. Also supported by Juniper, Mikrotiketc. Jflow or cflowd for Juniper Networks NetStream for 3Com/HP NetStream for Huawei Technologies Cflowd for Alcatel-Lucent Rflow for Ericsson AppFlow Citrix Traffic Flow MikroTik sFlow vendors include: AlcatelLucent, Cisco, Dell, D-Link, Fortinet, Hewlett-Packard, Huawei, IBM, Juniper, NEC, Netgear, ZTE etc
  • 6. NetFlow Version Comment v1 First implementation, now obsolete, and restricted to IPv4 (without IP mask and AS Numbers). v2 Cisco internal version, never released. v3 Cisco internal version, never released. v4 Cisco internal version, never released. v5 Most common version, available on many routers from different brands, but restricted to IPv4 flows. v6 No longer supported by Cisco. v7 Like version 5 with a source router field. Used on Cisco Catalyst switches. v8 Several aggregation form, but only for information that is already present in version 5 records v9 Template Based, available on some recent routers. Mostly used to report flows like IPv6, MPLS, or even plain IPv4 with BGP nexthop. v10 Used for identifying IPFIX - IP Flow Information Export.
  • 7. Cisco Configuration ip flow-export version 5 origin-as ip flow-export source Loopback0 ip flow-export destination[ServerIP] 3000 interface TenGigabitEthernet1/0/0 ip flow ingress ip flow egress
  • 8. Juniper Configuration set firewallfilter test-flow term 1 then sample set firewallfilter test-flow term 1 then accept set interfaces ge-0/0/0 unit 0 family inet filter input test-flow set interfaces ge-0/0/0 unit 0 family inet filter output test-flow set forwarding-optionssampling input rate 1000 set forwarding-optionssampling familyinet output flow-server [ServerIp] port 3000 set forwarding-optionssampling familyinet output flow-server [ServerIp] version 5
  • 9. Server First Check if you are receiving the flows or not tcpdump -i eth0 port 3000 17:30:19.248072 IP InterfaceName.53344 > ServerName.3000: UDP, length 1464 17:30:19.248079 IP InterfaceName.53344 > ServerName.3000: UDP, length 1272 17:30:19.248853 IP InterfaceName.53344 > ServerName.3000: UDP, length 1464 17:30:19.248887 IP InterfaceName.53344 > ServerName.3000: UDP, length 1464 17:30:19.248894 IP InterfaceName.53344 > ServerName.3000: UDP, length 1272 17:30:19.249385 IP InterfaceName.60532 > ServerName.3000: UDP, length 1416
  • 10. Now What !!! Yes…. The Flow exporter is exporting the flows and the Flow Collector is receiving them. So now we can start analyzingthem to understandthe traffic pattern of our network. Can be done in many ways with many tools. We will discuss one of the most basic tools which can be run on bash easily with little resources and required output.
  • 11. Flow-Tools Flow-toolsis a library and a collection of programs used to collect, send, process, and generate reports from NetFlow data. Supports NetFlow version upto 8. Best output with NetFlow version 5. Included Programs are flow-capture , flow-cat, flow-statsand many more. http://linux.die.net/man/1/flow-tools
  • 12. Advantages 1. Gives detailinformation on each & every particularconversationwithout sniffing. 2. No problem for encrypted data.For any incident,traffic source & Destinationsare visible. 3. Historicaldata of Flows can help operator to improve quality. 4. Data can be fetched from anywhere in network as needed in a customized way. 5. If you are multihomed, these information are importantto make sure that your clients are getting qualityservice. 6. NFSEN does the same work but needs bigger resources compared to Flow-Tools. 7. Ideal for startup ISPs, small enterprise, office IT network, campus network etc.
  • 13. Flow-Tools apt-get installflow-tools Or get it from here and installit https://flow-tools.googlecode.com/files/flow-tools-0.68.5.1.tar.bz2 Make a directory to store your flows mkdir /var/flows/
  • 14. Flow-Tools Edit the flow-capture.conf file at /etc/flow-tools/ , comment all and use the below line. -V 5 -E 5G -N 3 -w /var/flows 0.0.0.0/ServerIP/3000 Which means – NetFlow Version will be 5 Expire the totalstored flow files as per the given space – here we will set 5 G Nesting level for sorting flow files Working directory will be /var/flows Allow any IP as analyzer and ServerIP as exporter with port 3000
  • 15. Flow-Tools We can now start capturing flows with the following command. flow-capture -w /var/flows -E5G -S3 0/0/3000 Which means – Flow capture will start with working directory /var/flows Totalsize of all the flow files will not exceed 5 G Emit a stat log message every 3 minutes Allow any IP as analyzer and exporter with port 3000
  • 16. Flow-Tools Now if you go to /var/flows/2015/2015-10/2015-10-27/ to see the flow files. Filenamesbegining with tmp which are typicallyin-progress flow files from flow-capture are not processed. cd /var/flows/2015/2015-10/2015-10-27/ [3 level nesting for sorting files] ls -lah total 259M drwxr-xr-x 2 root root 4.0K Oct 27 17:07 . drwxr-xr-x 3 root root 4.0K Oct 27 15:24 .. -rw-r--r-- 1 root root 36M Oct 27 16:43 ft-v05.2015-10-27.163000+0600 -rw-r--r-- 1 root root 1022K Oct 27 16:45 ft-v05.2015-10-27.164438+0600 -rw-r--r-- 1 root root 26M Oct 27 16:54 ft-v05.2015-10-27.164500+0600 -rw-r--r-- 1 root root 2.6M Oct 27 16:55 ft-v05.2015-10-27.165435+0600 -rw-r--r-- 1 root root 12M Oct 27 17:00 ft-v05.2015-10-27.165558+0600 -rw-r--r-- 1 root root 21M Oct 27 17:07 ft-v05.2015-10-27.170000+0600 -rw-r--r-- 1 root root 16M Oct 27 17:13 tmp-v05.2015-10-27.170753+0600
  • 17. Flow-Tools We are ready to see some outputs finally… 0 OverallSummary 1 Average packet size distribution 2 Packets per flow distribution 3 Octets per flow distribution 4 Bandwidthper flow distribution 5 UDP/TCP destinationport 6 UDP/TCP source port 7 UDP/TCP port 8 DestinationIP 9 Source IP 10 Source/DestinationIP 11 Source or DestinationIP 12 IP protocol 13 octets for flow durationplot data 14 packets for flow durationplot data 15 short summary 16 IP Next Hop 17 Input interface 18 Output interface 19 Source AS 20 DestinationAS 21 Source/DestinationAS 22 IP ToS 23 Input/OutputInterface 24 Source Prefix 25 DestinationPrefix 26 Source/DestinationPrefix 27 Exporter IP 28 Engine Id 29 Engine Type 30 Source Tag 31 DestinationTag 32 Source/DestinationTag
  • 18. Flow-Tools To view output in bash we need to use the below command remaining at the flow files directory which is /var/flows/2015/2015-10/2015-10-27/ flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f11 -P -p -S4 | head -30 Meaning – Concatenateflow file named ft-v05.2015-10-27.170000+0600 The headers are preloaded for this file containingthe metadata. Flow-stat will provide function 11 (Source or DestinationIP) with preloaded headers and Percentage to the total amount for 4 minutes durationof flows.
  • 20. Flow-Tools : Case Study Viewing most talkative Source or Destination IP: flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f11 -P -p -S4 | head -30 # --- ---- ---- Report Information --- --- --- # # Fields: Percent Total # Symbols: Disabled # Sorting: Descending Field 4 # Name: Source or Destination IP # # Args: flow-stat -f11 -P -p -S4 # # IPaddr flows octets packets # 122.102.32.106 5.809 7.793 8.062 103.253.38.11 2.577 10.787 9.039 122.102.32.90 2.791 5.509 5.384 103.26.112.170 3.132 3.334 3.175 103.26.112.17 1.849 1.865 1.767
  • 21. Flow-Tools : Case Study Finding most talkative Source ASNs: flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f19 -P -p -S4 | head -30 # --- ---- ---- Report Information --- --- --- # # Fields: Percent Total # Symbols: Disabled # Sorting: Descending Field 4 # Name: Source AS # # Args: flow-stat -f19 -P -p -S4 # # # src AS flows octets packets # 45245 3.764 0.045 0.236 15169 0.738 0.071 0.066 7565 0.792 0.021 0.056 56138 0.985 0.010 0.062
  • 22. Flow-Tools : Case Study Finding Top Source/Destination ASN: flow-cat -p ft-v05.2015-10-27.170000+0600 | flow-stat -f21 -P -p -S4 | head -30 # --- ---- ---- Report Information --- --- --- # # Fields: Percent Total # Symbols: Disabled # Sorting: Descending Field 4 # Name: Source/Destination AS # # Args: flow-stat -f21 -P -p -S4 # # # src AS dst AS flows octets packets # 45245 32934 1.023 0.012 0.061 45245 15169 0.505 0.008 0.032 15169 7565 0.230 0.030 0.025 15169 45245 0.277 0.025 0.024
  • 23. Flow-Tools : Case Study Finding DoS/DDoS Source/Destination: flow-cat -p ft-v05.2015-10-28.133000+0600 | flow-stat -f10 -P -p -S3 | head -40 # --- ---- ---- Report Information --- --- --- # src IPaddr dst IPaddr flows octets packets # 178.79.215.39 43.231.22.2 0.001 0.793 0.622 62.210.157.218 122.102.32.90 0.000 0.713 0.560 87.248.221.154 43.231.22.2 0.001 0.555 0.436 87.240.163.54 122.102.32.90 0.001 0.523 0.410 37.59.33.100 210.1.249.136 0.001 0.510 0.400 163.53.140.168 103.52.134.18 0.017 0.461 0.365 31.14.252.94 210.1.253.68 0.000 0.455 0.357 62.210.103.45 122.102.32.90 0.001 0.450 0.353 188.138.1.11 122.102.32.106 0.001 0.448 0.351 4.26.227.253 103.230.105.13 0.004 0.420 0.330 31.3.245.242 122.102.32.106 0.002 0.418 0.328 86.146.198.23 122.102.32.106 0.000 0.408 0.229 95.55.44.11 103.230.105.26 0.000 0.405 0.222 163.53.140.179 103.52.134.18 0.011 0.387 0.308 163.53.140.178 103.230.105.14 0.027 0.382 0.222
  • 25. Flow-Tools : Case Study Finding DoS/DDoS Source/Destination: flow-cat -p ft-v05.2015-10-28.134500+0600 | flow-stat -f10 -P -p -S3 | head -40 # --- ---- ---- Report Information --- --- --- # src IPaddr dst IPaddr flows octets packets # 103.7.251.45 173.205.124.100 12.517 6.555 5.006 95.211.191.89 103.253.38.11 0.003 4.548 2.901 69.16.175.42 103.253.38.5 0.005 3.779 2.486 46.28.51.252 103.253.38.5 0.002 2.850 1.818 89.46.103.119 103.253.38.5 0.018 2.454 1.575 69.16.175.42 103.253.38.11 0.006 2.440 1.610 91.121.4.51 103.253.38.11 0.003 2.437 1.558 195.154.194.38 103.253.38.5 0.011 2.047 1.310 203.223.95.78 50.97.95.98 0.008 2.037 0.960 87.248.212.205 103.253.38.11 0.002 1.955 2.144 176.205.18.194 103.253.38.5 0.003 1.504 1.332 188.165.200.34 103.253.38.11 0.002 1.440 0.919 94.242.246.118 103.253.38.11 0.005 1.374 0.881 205.185.216.42 103.253.38.11 0.002 0.973 0.676 178.149.93.10 103.253.38.11 0.000 0.965 0.443