Banner - Abstracts Banner
Banner - NOAATECH
Home - takes you to the index page. Tab - Agenda takes you to Tuesday's agenda. Tab reading - Abstracts
Tab reading Local Info
 Tab reading register




Internet Traffic Analysis with FlowScan

Alex Hsia
NOAA-Boulder NOC

As network bandwidth requirements expand at unprecedented rates, it is increasingly important to have good information on network usage, patterns and characteristics.

When attempting to meet the challenges of managing a heavily utilized IP network, near real-time traffic analysis and visualization quickly becomes an essential technology. One way to provide these capabilities is by utilizing Internet traffic flow profiling based on technology available in most networking equipment. FlowScan is a system designed to provide this analysis continuously in near-real time and can be an effective tool to better understand Internet traffic.

Network administrators who collect measurement data often find that they either have collected too little data or too much of it. In a sense, flow profiling is a "sweet spot" between those extremes. Flows strike a balance between detail and summary. They are neither captured packets, nor are they merely aggregate totals tallied as packets travel across a given port or interface. Flows are an expressive abbreviation in which each flow represents a series of packets traveling between "interesting" end points. While flow features within the network infrastructure are a convenience, the presence of this feature alone is not sufficient for reliable continuous use in production networks. We need software tools to extract, record, and help us understand the flows.

The information presented by FlowScan assists in understanding the nature of the traffic that your network is carrying. It can be useful in the identification and investigation of anomalies such as poor performance and attacks on hosts. It can provide a foundation on which to develop usage-based billing or to verify the effectiveness of Quality-of-Service policies.

The tutorial will present the various hardware and software components associated with the FlowScan package deployed at the NOAA-Boulder campus and discuss the operational uses of real-time flow-based analysis which include: detecting network abuse such as Denial of Service attacks, correlating traffic measurements with network configuration management at points in time, and analyzing long term IP traffic trends, including offered load sorted by peer, service and origin ASNs.

Conference Center - Tutorial
Tuesday - 11:00 - 11:20 A.M.

Publication of the NOAA Office of the CIO/High Performance Computing and Communications
Last Updated: 09/27/01
Designer/Webmaster: Jward