There seems to be more security events happening on the network nowadays, so the administrators have to be able to find the malicious activities in progress as soon as possible in order to launch effective and efficient countermeasures. The Network administrators need to monitor the networks through collecting real time traffic measurement data on their networks, but they might find that the data gathered seems to be too little or too much detail. SNMP-based tools traditionally adopted most often give too little. However, packet sniffing tools investigate too much, so that the performance is sacrificed, especially on a large network with heavy traffic.
Flows are defined as a series of packets traveling between the two communicating end hosts. Flow profiling functionality is built into most networking devices today, which efficiently provide the information required to record network and application resource utilization. Flow strikes a balance between detail and summary.
NetFlow is the de facto standard in flow profiling. We introduce¡A describe¡Aand investigate its features, advantages, and strengths. Many useful flow-related tools are freely available on the Internet. A mechanism is proposed to make use of the flow logs to monitor the network effectively and efficiently. Through verification, it is believed that using flow logs can benefit the network administrator so much. The administrators can use them for timely monitoring, DoS and worm propagation detection, forensics et al.
| Identifer | oai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0706104-012221 |
| Date | 06 July 2004 |
| Creators | Wei, Chuan-pi |
| Contributors | none, none, none |
| Publisher | NSYSU |
| Source Sets | NSYSU Electronic Thesis and Dissertation Archive |
| Language | English |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0706104-012221 |
| Rights | not_available, Copyright information available at source archive |
Page generated in 0.0016 seconds