Nagios Network
Analyzer
Nicholas Scott
nscott@nagios.com
2
Itinerary
Quick (Maybe) Netflow Introduction
How NNA fits into the picture
NNA Features
NNA Use Cases
Questions
3
Netflow – What is Netflow?
What is Netflow?
4
Netflow – What is a flow?
A grouping of packets that share:
Interface Index
Source Address
Destination Address
Source Po...
5
Netflow – General Architecture
Router
A
Network
System
Traffic
Generators
Netflow Collector
The idea is: Traffic flows t...
6
Netflow – On Versions
v5 and v9 are the most popular
IPv6 is not supported by v5
IPFIX will take it from here
7
Netflow – Packet Information
Input interface index used by SNMP (ifIndex in IF-MIB).
Output interface index or zero if t...
8
Netflow – On Flow Standards
Lots of incredibly similar standards:
jFlow, rFlow, cflowd, etc
sFlow is different
Samples p...
Upcoming SlideShare
Loading in …5
×

Nagios Conference 2013 - Nick Scott - Nagios Network Analyzer

1,182 views

Published on

Nick Scott's presentation on Nagios Network Analyzer.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Nagios Conference 2013 - Nick Scott - Nagios Network Analyzer

  1. 1. Nagios Network Analyzer Nicholas Scott nscott@nagios.com
  2. 2. 2 Itinerary Quick (Maybe) Netflow Introduction How NNA fits into the picture NNA Features NNA Use Cases Questions
  3. 3. 3 Netflow – What is Netflow? What is Netflow?
  4. 4. 4 Netflow – What is a flow? A grouping of packets that share: Interface Index Source Address Destination Address Source Port Source Address IP Type of Service
  5. 5. 5 Netflow – General Architecture Router A Network System Traffic Generators Netflow Collector The idea is: Traffic flows through some Netflow Exporter, and gets sent to a collector. Software Netflow export is available.
  6. 6. 6 Netflow – On Versions v5 and v9 are the most popular IPv6 is not supported by v5 IPFIX will take it from here
  7. 7. 7 Netflow – Packet Information Input interface index used by SNMP (ifIndex in IF-MIB). Output interface index or zero if the packet is dropped. Timestamps for the flow start and finish time Number of bytes and packets observed in the flow Source & destination IP addresses Source and destination port numbers for TCP,UDP, SCTP ICMP Type and Code. IP protocol Type of Service (ToS) value IP address of the immediate next-hop Source & destination IP masks (prefix lengths in the CIDR notation)
  8. 8. 8 Netflow – On Flow Standards Lots of incredibly similar standards: jFlow, rFlow, cflowd, etc sFlow is different Samples packets Uses statistical analysis Scales well Can lose traffic information Used by many vendors

×