Posted on Monday, 29th December 2008 by sean
The last article used flow-nfilter and some variable substitution to pull out all flows to a particular address.
The next useful thing would be to pull out all flows to or from a particular network. To do so, we’ll have to define a new primitive that is a variable network/netmask, and then a filter specifying a [...]
Posted in Network Management | Comments (0)
Posted on Tuesday, 23rd December 2008 by sean
Yesterday, we had a web site crash. I was curious if it had to do with load or something else was going on. This is a great opportunity to show how to analyze NetFlow data.
First, I should mention that there may be easier ways of doing this. The flow-tools package includes a lot of [...]
Posted in Network Management | Comments (0)
Posted on Monday, 22nd December 2008 by sean
In the NetFlow world, a NetFlow exporter sends flow data to a NetFlow collector. The exporter is usually a router, the collector is usually a Unix server of some sort.
First, set up your router to export flow information:
ip flow-cache timeout active 2
mls flow ip full
mls flow ipx destination
mls nde sender
mls nde interface
mls nde flow include [...]
Posted in Network Management | Comments (1)
Posted on Saturday, 20th December 2008 by sean
NetFlow is a technology that lets a router export information about current traffic to a collector for analysis. The analysis might be real time, such as to detect a denial of service attack, or not real time, such as to view trending information.
NetFlow is concerned with flows, which are a one way session between [...]
Posted in Network Management | Comments (0)
I'm a happy Linode customer. This is a Linode 540 VPS.