BN.com Gift Guide

Network Flow Analysis

( 1 )

Overview

Unlike packet sniffers that require you to reproduce network problems in order to analyze them, flow analysis lets you turn back time as you analyze your network. You'll learn how to use open source software to build a flow-based network awareness system and how to use network analysis and auditing to address problems and improve network reliability. You'll also learn how to use a flow analysis system; collect flow records; view, filter, and report flows; present flow records graphically; and use flow records to ...

See more details below
Paperback
$32.55
BN.com price
(Save 18%)$39.95 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (26) from $20.87   
  • New (14) from $21.56   
  • Used (12) from $20.87   
Network Flow Analysis

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$17.99
BN.com price
(Save 43%)$31.95 List Price

Overview

Unlike packet sniffers that require you to reproduce network problems in order to analyze them, flow analysis lets you turn back time as you analyze your network. You'll learn how to use open source software to build a flow-based network awareness system and how to use network analysis and auditing to address problems and improve network reliability. You'll also learn how to use a flow analysis system; collect flow records; view, filter, and report flows; present flow records graphically; and use flow records to proactively improve your network. Network Flow Analysis will show you how to:

  • Identify network, server, router, and firewall problems before they become critical
  • Find defective and misconfigured software
  • Quickly find virus-spewing machines, even if they're on a different continent
  • Determine whether your problem stems from the network or a server
  • Automatically graph the most useful data

And much more. Stop asking your users to reproduce problems. Network Flow Analysis gives you the tools and real-world examples you need to effectively analyze your network flow data. Now you can determine what the network problem is long before your customers report it, and you can make that silly phone stop ringing.

Read More Show Less

Product Details

  • ISBN-13: 9781593272036
  • Publisher: No Starch Press San Francisco, CA
  • Publication date: 7/30/2010
  • Edition number: 1
  • Pages: 224
  • Sales rank: 785,515
  • Product dimensions: 6.90 (w) x 9.20 (h) x 0.70 (d)

Meet the Author

Michael W. Lucas is a network/security engineer who keeps getting stuck with network problems nobody else wants to touch. He is the author of the critically acclaimed Absolute FreeBSD, Absolute OpenBSD, Cisco Routers for the Desperate, and PGP & GPG, all from No Starch Press.

Read More Show Less

Table of Contents

Acknowledgments

Introduction 1

Network Administration and Network Management 3

Network Management Tools 3

MRTG, Cricket, and Cacti 3

RTG 4

Nagios and Big Brother 4

CiscoWorks, OpenView, and More 4

Enough Griping: What's the Solution! 5

Flow-Tools and Its Prerequisites 6

Flows and This Book 6

1 Flow Fundamentals 9

What Is a Flow? 10

Flow System Architecture 11

The History of Network Flow 12

NetFlow Versions 12

NetFlow Competition 13

The Latest Standards 13

Flows in the Real World 14

ICMP Flows 14

UDP Flows 15

TCP Flows 16

Other Protocols 17

Flow Export and Timeouts 18

Packet-Sampled Flows 19

2 Collectors and Sensors 21

Collector Considerations 21

Operating System 22

System Resources 22

Sensor Considerations 22

Location 23

From Remote Facilities 24

From Private Network Segments/DMZs 24

Implementing the Collector 24

Installing Flow-tools 25

Installing from Packages 25

Installing from Source 25

Running flow-capture 26

Starting flow-capture at Boot 27

How Many Collectors! 28

Collector Log Files 28

Collector Troubleshooting 29

Configuring Hardware Flow Sensors 29

Cisco Routers 30

Cisco Switches 30

Juniper Routers 31

Configuring Software Flow Sensors 32

Setting Up Sensor Server Hardware 32

Network Setup 33

Sensor Server Setup 34

Running the Sensor on the Collector 34

The Sensor: softflowd 34

Running softflowd 35

Watching softflowd 35

3 Viewing Flows 41

Using flow-print 41

Printing Protocol and Port Names 43

Common Protocol and Port Number Assignments 44

Viewing Flow Record Header Information with -p 45

Printing to a Wide Terminal 45

Setting flow-print Formats with -f 46

Showing Interfaces and Ports in Hex with Format -f 0 46

Two Lines with Times, Flags, and Hex Ports Using -f 1 47

Printing BGP Information 48

Wide-Screen Display 48

IP Accounting Format 49

TCP Control Bits and Flow Records 50

ICMP Types and Codes and Flow Records 52

Types and Codes in ICMP 53

Flows and ICMP Details 54

4 Filtering Flows 57

Filter Fundamentals 58

Common Primitives 58

Creating a Simple Filter with Conditions and Primitives 60

Using Your Filter 61

Useful Primitives 61

Protocol, Port, and Control Bit Primitives 61

IP Address and Subnet Primitives 64

Time, Counter, and Double Primitives 65

Interface and BGP Primitives 67

Filter Match Statements 70

Protocols, Ports, and Control Bits 70

Addresses and Subnets 72

Filtering by Sensor or Exporter 72

Time Filters 73

Clipping Levels 73

BGP and Routing Filters 74

Using Multiple Filters 75

Logical Operators in Filter Definitions 76

Logical "or" 76

Filter Inversion 77

Filters and Variables 78

Using Variable-Driven Filters 79

Defining Your Own Variable-Driven Filters 79

Creating Your Own Variables 80

5 Reporting and Follow-Up Analysis 81

Default Report 82

Timing and Totals 83

Packet Size Distribution 84

Packets per Flow 84

Octets in Each Flow 84

Flow Time Distribution 85

Modifying the Default Report 85

Using Variables: Report Type 86

Using Variables: Sort 86

Analyzing Individual Flows from Reports 88

Other Report Customizations 89

Choosing Fields 89

Displaying Headers, Hostnames, and Percentages 90

Presenting Reports in HTML 91

Useful Report Types 92

IP Address Reports 92

Network Protocol and Port Reports 94

Traffic Size Reports 96

Traffic Speed Reports 97

Routing, Interfaces, and Next Hops 99

Reporting Sensor Output 104

BGP Reports 104

Customizing Reports 107

Custom Report: Reset-Only Flows 107

More Report Customizations 110

Customizing Report Appearance 112

6 Perl, Flowscan, and Cflow.Pm 117

Installing Cflow.pm 118

Testing Cflow.pm 118

Install from Operating System Package 118

Install from Source 119

Installing from Source with a Big Hammer 119

flowdumper and Full Flow Information 119

FlowScan and CUFlow 120

FlowScan Prerequisites 121

Installing FlowScan and CUFlow 121

FlowScan User, Group, and Data Directories 122

FlowScan Startup Script 123

Configuring FlowScan 123

Configuring CUFlow: CUFlow.cf 124

Rotation Programs and flow-capture 127

Running FlowScan 128

FlowScan File Handling 128

Displaying CUFlow Graphs 129

Flow Record Splitting and CUFlow 130

Splitting Flows 131

Scripting Flow Record Splitting 132

Filtered CUFlow and Directory Setup 132

Using Cflow.pm 133

A Sample Cflow.pm Script 133

Cflow.pm Variables 134

Other Cflow.pm Exports 135

Acting on Every File 137

Return Value 137

Verbose Mode 138

7 Flowviewer 139

FlowTracker and FlowGrapher vs. CUFlow 140

FlowViewer Security 140

Installing FlowViewer 140

Prerequisites 141

FlowViewer Installation Process 141

Configuring FlowViewer 141

Directories and Site Paths 142

Website Setup 144

Devices and Exporters 144

Troubleshooting the FlowViewer Suite 145

Using FlowViewer 146

Filtering Flows with FlowViewer 146

Reporting Parameters 147

Printed Reports 149

Statistics Reports 149

FlowGrapher 150

FlowGrapher Settings 150

FlowGrapher Output 151

FlowTracker 152

FlowTracker Processes 152

FlowTracker Settings 152

Viewing Trackers 153

Group Trackers 154

Interface Names and FlowViewer 156

8 Ad Hoc Flow Visualization 157

gnuplot 101 158

Starting gnuplot 158

gnuplot Configuration Files 159

Time-Series Example: Bandwidth 160

Total Bandwidth Report 160

Unidirectional Bandwidth Reports 168

Combined Inbound/Outbound Traffic 170

Automating Graph Production 173

Comparison Graphs 175

Data Normalizing 175

Time Scale 175

9 Edges and Analysis 177

NetFlow v9 177

Installing flowd 178

Configuring flowd 178

Converting flowd Data to Flow-tools 179

sFlow 180

Configuring sFlow Export with sflowenable 181

Convert sFlow to NetFlow 181

Problem Solving with Flow Data 182

Finding Busted Software 182

Identifying Worms 186

Traffic to Illegal Addresses 187

Traffic to Nonexistent Hosts 188

Afterword 189

Index 191

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star

(1)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted August 5, 2010

    GO WITH THE FLOW!!!!!!

    Are you a network administrator who wants to build a flow-based network management system? If you are, then this book is for you. Author Michael W. Lucas, has done an outstanding job of writing a book that shows you how to build a flow-based network management system out of any free Unix-like operating system, freely available software, and existing network hardware.

    Lucas, begins by introducing flows. Next, the author discusses flow export and how to configure it in both hardware and software; as well as, how to collect those flow records from many different network devices using the industry-standard flow-tools software package. Then, he shows you how to view the flow records you've gathered. The author continues by demonstrating filtering flows that display only interesting data. Next, he shows you how flow-tools support a wide variety of reports. Then, he covers FlowScan, web-based software that offers traffic graphs to your users. The author continues by covering FlowViewer, another web-based tool that lets you deeply dissect your traffic. Next, he shows you how to use gnuplot to create graphs of truly arbitrary floe data. Finally, the author discusses some flow collection edge cases and how you can use flow records to proactively improve your network.

    This most excellent book provides the tools and real-world examples you need to effectively analyze your network flow data. In other words, now you can determine what the network problem is long before your customers report it.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)