Tuesday, 6 October 2015

How to analyze Internet Traffic using NetFlow

Net Flow is a technology that was introduced for Cisco routers to provide a way to collect IP network traffic while entering or exiting an interface. A network administrator can determine several things such as the source and destination of traffic, causes of congestion, and the class of service by analyzing the data provided by NetFlow. A typical NetFlow monitoring setup has three components which include flow exporters, flow collectors, and analysis application.


The flow exporter aggregates packets into NetFlows and exports flow records to one or more flow collectors. NetFlow collectors recive, store and pre-process flow data received from a flow exporter. Analysis of the received flow data is done by analysis console application in the context of intrusion detection or traffic profiling.

There can be an another component, NetFlow Simulator, which can generate various type of flow that a typical router can send out. It make it easier to create different conditions such as intrusion or de-duplication. The generated flows can be sent to the collector and analysis applications to make sure they can detect the issues and handle the large scale.

What are Network flows?

Network flows are defined in many different ways. There are versions of definitions, but Cisco Standard NetFlow version five defines a network flow as a unidirectional sequence of packets that shares source IP address, destination IP address, Ingress interface (SNMP index), IP protocol, IP type of service, and destination of port for UDP or TCP, and a source Port for UDP. This also applies for MPLS and enternet flows. There are other versions of NetFlow also, version 9 and 10 (IPFIX).

Why have NetFlow analyzers?

NetFlow analyzers leverage flow technologies and provide a complete traffic analytics tool. Thus giving real-time visibility into the network bandwidth performance. Thousands of networks across the globe have been optimized by Network analyzers which are primarily bandwidth monitoring tool thus giving networks and traffic patterns a holistic view. A NetFlow Analyzer is a unified solution that collects, analyzes and reports the bandwidth usage and who is using it. Having a NetFlow analyzer in a web simulator all interfaces worldwide will be optimized.

NetFlow analyzers always undergo development. Some of the new features include monitoring wireless networks along with the wired devices and all view details regarding access points and their associated clients. Also, it provides an in-depth reporting on application traffic, QoS and bandwidth consumption. This improves the quality of wireless communications with effective bandwidth management, faster troubleshooting and ensure the bandwidth business critical application is enhanced.

