SlideShare ist ein Scribd-Unternehmen logo

Flow Monitoring Tools, What do we have, What do we need?

CSUC - Consorci de Serveis Universitaris de Catalunya
CSUC - Consorci de Serveis Universitaris de Catalunya

Network flow monitoring tools provide essential network visibility functions beyond simple flow monitoring. They offer features like DDoS mitigation, SNMP integration, API access and reporting. Popular open source tools include Argus, NFDUMP/NFSEN, pmacct, and NTOP/NTOPNG. Commercial tools like Nimbus, NetVizura, Arbor Networks, and Fastnetmon provide additional capabilities like threat intelligence feeds, machine learning, and cloud-based solutions. Most tools collect NetFlow/IPFIX and can analyze traffic trends, top applications/protocols, and detect anomalies.

Technologie
1 von 30
Downloaden Sie, um offline zu lesen
Maria Isabel Gandía Carriedo 9th SIG-NOC Meeting ARNES, Ljubljana, 08-04-2019 Flow Monitoring Tools: What do We Have? What do we need?
Disclaimer ü I’m neither a developer nor an expert on Network Flow Monitoring Tools. I’m a user of some of the following tools and I have put together the information I got as a user with what I have searched about some other popular tools and the input from Jisc, NORDUnet and AMRES. ü The idea is to offer SIG-NOC an abstract with useful information about currently used flow monitoring tools.
Nework Flow Monitoring Tools… Just Monitoring? üSome functionalities go far beyond pure flow monitoring: • DDoS mitigation (blackholing, scrubbing centre, Flowspec…). • SNMP support to sync flows with actual traffic volumes. • BGP-peering with the core to do forward-path analysis. • Open APIs to integrate towards other tools (NSO, Nagios, Stats) • Trend reports to do Capacity Planning • Segregated logins to give filtered views to different users. • Report generation. • …
A Common Path for Many Network Flow Monitoring Tools ü There are good Network Flow monitoring Open Source tools, but they are hard to manage (no GUI, different programs for different actions…). ü A Research Group works on a great monitoring user-friendly Open source or not very expensive tool. ü They create a Company / They develop a different flavour for commercial use / They are bought by another company.
Some Network Flow Monitoring Tools ü Argus ü NFSEN / NFDUMP ü Nimbus (formerly FlowSonar (Team Cymru)) ü SILK / FlowBAT ü PMACCT ü NetVizura - NetFlow Analyzer (formerly ICmynet ü Talaia (Formerly SMARTxAC, now Auvik) ü NTOP/NTOPNG ü Fastnetmon Community / Advanced ü DDPS ü Arbor Networks SP (formerly Peakflow) (+TMS?) (from Netscout)
Argus (Audit Record Generation and Usage System) ü https://qosient.com/argus/ ü GPLv3, with other licensing agreements available for commercial, governmental and educational users. No public Git-like repository. ü Status: Last versions argus-3.0.8.2 and argus-clients-3.0.8.2 (from 2016), Mailing list is active, ArgusPro (with commercial hardware and software versions of argus) is under development ü Threat intelligence: No ü Machine learning: No ü Supported protocols/inputs: Netflow (1-8, support for v9 is not clear), Flow-Tools, (Sflow and Jflow, maybe on demand), Port mirroring ü Users: Gloriad
Argus (Audit Record Generation and Usage System) ü Argus is a bidirectional network flow generator and aggregator It’s structured as a server and a suite of supporting clients. ü The server (Argus) retrieves packets, it assembles them into binary data (representing flows) and writes this binary data to disk and/or a network socket (argus data stream). ü The argus-clients package provides a set of more than 30 binaries and scripts that read flow data from files of binary flow data and do actions like printing, processing, sorting, aggregating, tallying, collecting, distributing, archiving, and anonymizing data. ü Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, IPsec, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP detection), host flow control indications, etc...
NFDUMP/NFSEN ü https://github.com/phaag/nfdump, http://nfsen.sourceforge.net/ ü BSD ü Status: updated ü Threat intelligence: No ü Machine-learning: No ü Supported protocols/inputs: netflow v1, v5/v7,v9,IPFIX and SFLOW ü Users: Uninett, SURFsara, GARR, SWITCH, BelWü, PIONIER, DeIC
NFDUMP/NFSEN ü nfdump is a toolset: • nfcapd collects the data, sent from exporters and stores the flow records into files. Multiple netflow streams can be collected by a single collector. • nfdump reads the netflow data from one or many files stored by nfcapd and displays it and/or creates top N statistics of flows, bytes, packets. All data is stored to disk, before it gets analyzed. • nfanon (for anonymization), • nfexpire (for data expiration), • nfreply (to export the files stores by nfcapd), • sfcapd (for sflow collection), • etc. ü NfSen (NetFlow Sensor) is a graphical web based front end for the nfdump netflow tools. It allows users to display flows, packets and bytes using RRD (Round Robin Database).
Nimbus (formerly FlowSonar, (Team Cymru)) ü http://www.team-cymru.com/nimbus.html ü Type: commercial, cloud-based ü Threat intelligence feeds: yes (IP reputation and Botnet controllers) ü “Price”: access to participant's information (NDA required) ü Users: CSUC (FlowSonar)
Nimbus (formerly FlowSonar, (Team Cymru)) ü Flowsonar is based on nfdump/NfSen and it works on-premises. ü Flowsonar offers graphs for flows, packets and bits/s, per-protocol graphs, alerts and customized filters. ü Nimbus is a cloud-based netflow collection, analysis, and reporting platform. The partner exports their flows to a private IP and port over an encrypted tunnel. ü Nimbus uses a Kibana-based portal and provides with XML versions of the threat intelligence feeds. It is focused on real-time threat monitoring.
SiLK (System for Internet-Level Knowledge) / FlowBAT ü https://tools.netsa.cert.org/silk/, http://www.flowbat.com/ ü Type: GPLv2 & Government Purpose License Rights (GPLR). However, there is no public Git-like repository for the project, all patches should be sent to the CMU team. ü Status: updated. Last version, silk-3.18.1 (March 2019) ü Threat intelligence feeds: No ü Machine learning: No ü Supported protocols/inputs: IPFIX (from yaf software, not from routers), NetFlow (v5, v9) and sFlow v5, or PDUs from a router ü Users: JISC
SiLK (System for Internet-Level Knowledge) ü SiLK is a tool suite with two categories of applications: • The SiLK Packing System: daemon applications that collect flow data and convert them into a more space efficient format, storing the packed records into service-specific hourly binary flat files. • The SiLK Analysis Suite is a collection of command-line tools that read binary files containing SiLK Flow records and partition, sort, and count these records. The analysis tools interoperate using pipes, allowing a user to develop relatively sophisticated queries. ü It is suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP. However, it has not been designed for real-time flow analysis. ü Analysis Pipeline is a separate suite which works along with real-time analysing of flow data records. It can take flow records from SiLK files as they are created or IPFIX data from any application. ü FlowBAT is a graphical flow-based analysis tool designed to work with a SiLK-based NetFlow system as a back-end. Other third-party GUI are SiLKWeb and iSiLK.
pmacct ü http://www.pmacct.net/ ü Type: GPLv2 ü Status: Updated, ü Threat intelligence: No ü Machine learning: No ü Supported protocols/inputs: libpcap, Netlink/NFLOG, NetFlow v1/v5/v7/v8/v9, sFlow v2/v4/v5 and IPFIX. -It also Collects Streaming Telemetry data ü Users: PSNC http://uowits.github.io/herbert-gui/index.html
pmacct ü pmacct is a set of multi-purpose passive network monitoring tools. It can account, classify, aggregate, replicate and export forwarding-plane data, collect and correlate control-plane data via BGP and BMP; collect infrastructure data via Streaming Telemetry. ü Each component works both as a standalone daemon and as a thread of execution for correlation purposes (ie. enrich NetFlow with BGP data). ü pmacct can save data to many types of backends (relational DB, non- SQL DB, flat files, etc). ü It’s able to tag, filter, redirect, aggregate and split captured data. ü It has a BGP daemon for visibility of BGP multi-path routes. ü It does Packet classification via nDPI . ü You can use tools like Project Herber (http://uowits.github.io/herbert- gui/index.html) to print graphs with the data.
NetVizura - NetFlow Analyzer (formerly ICmynet) ü References: https://www.netvizura.com/netflow-analyzer ü Type: Research/commercial, on-premises ü Status: updated ü Threat inteligence feeds: Yes, through in-depth forensics ü Machine learning: No ü Supported protocols/inputs: NetFlow, IPFIX, NSEL, sFlow and compatible netflow-like protocols. ü Users: AMRES
NetVizura - NetFlow Analyzer (formerly ICmynet) ü Netvizura NetFlow Analyzer helps net admins with bandwidth monitoring, network traffic investigation, analyses and reporting. It supports the following features: • Device Traffic Analysis - traffic distribution analysis per interface, device or subnet, used network planning • Custom Traffic Analysis - analysis per flow type, subnet, organization unit, etc. • End User Traffic Analysis - analysis per end user, apps and protocols used, throughput, etc. • In-Depth Forensics - through raw data analysis and queries • Traffic Reports - PDF traffic report • Threshold Alarms - throughput and volume threshold and alarms, notifications via email • Dashboard Overview - realtime alarm prioritization and presentation • Powerful Settings - Flow sampling and filtering, Top N analysis, managing data and archives • Flexible Data Collection - multi-vendor support
TALAIA (evolution of SMARTxAC, now Auvik) ü https://www.talaia.io/, https://es.slideshare.net/CSUC_info/1127-smar- tx-ac-network-polygraph-catnix-publicable, https://www.auvik.com/ ü Type: commercial, on-premises and Cloud-based ü Status: deprecated as it was (bought by Auvik) ü Threat intelligence feeds: No ü Machine learning: yes ü Supported protocols: Netflow, IPFIX ü Users: CSUC, RedIRIS
TALAIA (evolution of SMARTxAC, now Auvik) ü Talaia was a spin-off of Universitat Politècnica de Catalunya (UPC / BarcelonaTech) for their former project SMARTxAC (Traffic Monitoring System for Anella Científica) and it was bought by Auvik. ü Talaia gets Netflow information, it analyzes it using Deep Packet Inspection information taken from capture linecards in the main connection lines and shows this information in a graphical interface. ü It is a multi-tenant solution (each institution only sees the information associated with its IP addresses). ü It has views for applications, protocols, top N, autozoom, geolocation, anomalies, flows and reports. ü The platform is able to authenticate federated users. ü Auvik offers an integrated solution for Managed Service Providers (MSP), offering several tools in a single platform (Configuration Management, Service Monitoring, IPAM, Inventory Management, Password Management...). Flow monitoring is one of the functionalities, although they don't offer the on-premises solution nor the federated access and it's still work-in-progress to integrate Talia with their platform.
NTOP/NTOPNG ü https://www.ntop.org/ ü Type: GPLv3 & commercial (but free for Education) ü Status: Updated ü Threat intelligence feeds: No ü Machine learning: No ü Users: TSSG/WIT ü Supported protocols/inputs: sFlow, NetFlow (v5 & v9) and IPFIX support through nProbe
NTOP/NTOPNG ü NTOP-NG is a web-based traffic analysis and flow collection software that provides a web GUI to access monitoring data. It provides detailed views on active hosts, flows, IP addresses, Mac addresses, Autonomous systems. ü It can be used to monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted. ü It requires to install nProbe as an intermediate flow collector, a probe to install in the middle for detailed L7 application dissection or per- packet realtime analysis. This intermediate step is needed as ntopng does not understand Netflow, so nProbe acts like a translator. ü NTOPNG can listen to a SPAN port directly.
Fastnetmon Community / Advanced ü https://github.com/pavel-odintsov/fastnetmon, https://fastnetmon.com/ ü Type: Community edition Open source (GPLv2), Advanced edition commercial (free one-month trial license available) ü Status: Both editions updated, more development on Advanced edition. ü Threat intelligence: No ü Machine-learning: No ü Supported protocols/inputs: NetFlow (v5, v9), IPFIX, sFlow (v4, v5), Port mirror/SPAN capture with PF_RING, SnabbSwitch, NETMAP and PCAP. Commercial version offers support for more protocols ü Users: DeiC (for DDPS) https://fastnetmon.com/screenshoots-fastnetmon-advanced/
Fastnetmon Community / Advanced ü FastNetMon is a volumetric DDoS detector able to perform a configurable action when defined thresholds are exceeded (notifying, blackholing, sending BGP Flowspec rules, switching off a server…) . ü The blocked IPs are announced via BGP with ExaBGP. ü It has support for the most popular attack types (syn_flood, udp_flood, icmp flood, ip_fragmentation_flood, DNS amplification, NTP amplification, SSDP amplification, SNMP amplification). ü It includes an API and a JSON based database for configuration/attacks. It can be integrated with Graphite and InfluxDB. ü The advanced FastNetMon includes bundled support for Grafana, using InfluxDB or ClickHouse. It can expose total bandwidth, per host bandwidth, per network bandwidth and arbitrary traffic reports from traffic persistency database (peering reports, per prefix reports). Some pre-created dashboards are available. ü More differences at https://fastnetmon.com/compare-community-and- advanced/
DDPS (DeiC DDoS Protection Service) ü https://github.com/deic-dk/DDPS-documentation ü Type: DDPS is copyright 2015-2017 DeiC, Denmark. Licensed under the Apache License, Version 2.0 ü Status: Updated ü Threat intelligence: No ü Machine learning: No ü Users: DeIC https://github.com/deic-dk/DDPS-documentation
DDPS (DeiC DDoS Protection Service) ü DDPS relies on FastNetMon Community and it is conceived as an automated system for DDoS mitigation: it detects attacks and automatically triggers mitigation. ü Based on BGP Flowspec, it is intended to be used in a system where detection is placed as close as possible to the target (FastNetMon in the customer’s network) and mitigation is placed as close as possible to the source(s) of the attack (DeiC). ü End-users may add, edit, or cancel mitigation rules as well as view archived rules and statistical information. ü The project is split in sub-projects: • DDPS fastnetmon • DDPS database daemon • DDPS NODE • DDPS web-user interface • DDPS Customer Site Simulation • DDPS DDoS simulator
Arbor Networks SP (formerly Peakflow) (+TMS) (Netscout, formerly Arbor) ü https://www.netscout.com/arbor-ddos ü Type: commercial ü Status: on-premises, evolving to a cloud-based mitigation solution ü Threat intelligence feeds: yes ü Supported protocols/inputs: NetFlow, sFlow, J-Flow, IP FIX, ü Users: BelNET, CSUC, JISC ü Arbor offers a solution for monitoring (Peakflow/SP) and a different product for DDoS mitigation (TMS), although the front-end is in the SP. It is based on Netflow, SNMP and BGP information. It compares Netflow data to SNMP data to set the thresholds. It works with pre- defined managed objects and it has four main functions: • Monitoring (SP) • DDoS detection (SP) • DDoS mitigation (TMS) • Reports (SP)
Arbor Networks SP (formerly Peakflow) (+TMS) (Netscout, formerly Arbor) ü It offers different views, like: • Traffic (per application, AS, customer, protocol, etc) • Alerts (including Summary, Activity reports, etc) • Mitigations • Reports ü The alerts thresholds are defined by the administrators of the platform. ü There are three different types of detection: • Threshold (fixed), in bps and pps. It applies to the whole object • Profile (with different configurable multiplying factors) in bps and pps. It applies to the whole object. • Host, in bps and pps. It applies to each host inside the object. There are many types of protocols and the administrators must define a threshold for each one of them (NTP, ICMP, etc). ü There are different types of users with different permissions, although it is not exactly a multi-tenant platform. ü It has SOAP and REST APIs.
More Network Monitoring Tools ü AlienVault (AT&T Cybersecurity since February 2019) ü Insight2 (based on Argus) ü OSSIM (Open Source Security Information Management) ü Deepfield ü Kentik ü Flowmo ü Scrutinizer (plixer) ü ManageEngine ü SolarWinds NetFlow Traffic Analyzer ü ..
What do we have? What do we need? ü Does your current tool cover your needs? The Incubator subtask under the Network Technologies and Services Development in the Géant Project may propose to contribute to the development of an open source alternative to the commercial tools, from scratch or though contributions to existing open source tools. ü Let’s play with Mentimeter.
Thanks for your attention! Questions? mariaisabel.gandia@csuc.cat

Empfohlen

Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
Pinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ UberPinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ UberXiang Fu
 
NETCONF YANG tutorial
NETCONF YANG tutorialNETCONF YANG tutorial
NETCONF YANG tutorialTail-f Systems
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
Tracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracing
Tracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracingTracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracing
Tracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracingYuri Shkuro
 
How to run P4 BMv2
How to run P4 BMv2How to run P4 BMv2
How to run P4 BMv2Kentaro Ebisawa
 
Mobile Gateway for ROS2 Systems with Zenoh
Mobile Gateway for ROS2 Systems with ZenohMobile Gateway for ROS2 Systems with Zenoh
Mobile Gateway for ROS2 Systems with ZenohGergely Kis
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud Hidetsugu Sugiyama
 

Empfohlen

Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
Pinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ UberPinot: Near Realtime Analytics @ Uber
Pinot: Near Realtime Analytics @ UberXiang Fu
 
NETCONF YANG tutorial
NETCONF YANG tutorialNETCONF YANG tutorial
NETCONF YANG tutorialTail-f Systems
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
Tracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracing
Tracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracingTracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracing
Tracing 2000+ polyglot microservices at Uber with Jaeger and OpenTracingYuri Shkuro
 
How to run P4 BMv2
How to run P4 BMv2How to run P4 BMv2
How to run P4 BMv2Kentaro Ebisawa
 
Mobile Gateway for ROS2 Systems with Zenoh
Mobile Gateway for ROS2 Systems with ZenohMobile Gateway for ROS2 Systems with Zenoh
Mobile Gateway for ROS2 Systems with ZenohGergely Kis
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud Hidetsugu Sugiyama
 
VPP事始め
VPP事始めVPP事始め
VPP事始めnpsg
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
NETCONFとYANGの話
NETCONFとYANGの話NETCONFとYANGの話
NETCONFとYANGの話Masakazu Asama
 
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...HostedbyConfluent
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Routercarlbaldwin
 
Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Sho Shimizu
 
Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Flink Forward
 
Linux Linux Traffic Control
Linux Linux Traffic ControlLinux Linux Traffic Control
Linux Linux Traffic ControlSUSE Labs Taipei
 
大規模DCのネットワークデザイン
大規模DCのネットワークデザイン大規模DCのネットワークデザイン
大規模DCのネットワークデザインMasayuki Kobayashi
 
Apache Kafka at LinkedIn
Apache Kafka at LinkedInApache Kafka at LinkedIn
Apache Kafka at LinkedInGuozhang Wang
 
How to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
How to Utilize MLflow and Kubernetes to Build an Enterprise ML PlatformHow to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
How to Utilize MLflow and Kubernetes to Build an Enterprise ML PlatformDatabricks
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...LINE Corporation
 
A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)David Ayoub
 
IP/LDP fast protection schemes
IP/LDP fast protection schemesIP/LDP fast protection schemes
IP/LDP fast protection schemesSkillFactory
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentationEmin Abdul Azeez
 
Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihomingee38sp
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
Coscup2021 open source network os for datacenter
Coscup2021 open source network os for datacenterCoscup2021 open source network os for datacenter
Coscup2021 open source network os for datacenterDung-Ru Tsai
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutronrktidwell
 
OSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
OSMC 2013 | Monitoring network traffic using ntopng by Luca DeriOSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
OSMC 2013 | Monitoring network traffic using ntopng by Luca DeriNETWAYS
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol AnalyzerSourav Roy
 

Weitere ähnliche Inhalte

Was ist angesagt?

VPP事始め
VPP事始めVPP事始め
VPP事始めnpsg
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...HostedbyConfluent
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Routercarlbaldwin
 
Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Sho Shimizu
 
Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Flink Forward
 
Linux Linux Traffic Control
Linux Linux Traffic ControlLinux Linux Traffic Control
Linux Linux Traffic ControlSUSE Labs Taipei
 
大規模DCのネットワークデザイン
大規模DCのネットワークデザイン大規模DCのネットワークデザイン
大規模DCのネットワークデザインMasayuki Kobayashi
 
Apache Kafka at LinkedIn
Apache Kafka at LinkedInApache Kafka at LinkedIn
Apache Kafka at LinkedInGuozhang Wang
 
How to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
How to Utilize MLflow and Kubernetes to Build an Enterprise ML PlatformHow to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
How to Utilize MLflow and Kubernetes to Build an Enterprise ML PlatformDatabricks
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...LINE Corporation
 
A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)David Ayoub
 
IP/LDP fast protection schemes
IP/LDP fast protection schemesIP/LDP fast protection schemes
IP/LDP fast protection schemesSkillFactory
 
Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihomingee38sp
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
Coscup2021 open source network os for datacenter
Coscup2021 open source network os for datacenterCoscup2021 open source network os for datacenter
Coscup2021 open source network os for datacenterDung-Ru Tsai
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutronrktidwell
 

Was ist angesagt? (20)

VPP事始め
VPP事始めVPP事始め
VPP事始め
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
NETCONFとYANGの話
NETCONFとYANGの話NETCONFとYANGの話
NETCONFとYANGの話
 
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
Monitoring Kafka without instrumentation using eBPF with Antón Rodríguez | Ka...
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
 
Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像
 
Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...
 
Linux Linux Traffic Control
Linux Linux Traffic ControlLinux Linux Traffic Control
Linux Linux Traffic Control
 
大規模DCのネットワークデザイン
大規模DCのネットワークデザイン大規模DCのネットワークデザイン
大規模DCのネットワークデザイン
 
Apache Kafka at LinkedIn
Apache Kafka at LinkedInApache Kafka at LinkedIn
Apache Kafka at LinkedIn
 
How to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
How to Utilize MLflow and Kubernetes to Build an Enterprise ML PlatformHow to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
How to Utilize MLflow and Kubernetes to Build an Enterprise ML Platform
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
 
A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)
 
IP/LDP fast protection schemes
IP/LDP fast protection schemesIP/LDP fast protection schemes
IP/LDP fast protection schemes
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihoming
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
Coscup2021 open source network os for datacenter
Coscup2021 open source network os for datacenterCoscup2021 open source network os for datacenter
Coscup2021 open source network os for datacenter
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutron
 

Ähnlich wie Flow Monitoring Tools, What do we have, What do we need?

OSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
OSMC 2013 | Monitoring network traffic using ntopng by Luca DeriOSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
OSMC 2013 | Monitoring network traffic using ntopng by Luca DeriNETWAYS
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol AnalyzerSourav Roy
 
Current and Future of Apache Kafka
Current and Future of Apache KafkaCurrent and Future of Apache Kafka
Current and Future of Apache KafkaJoe Stein
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
Cytoscape and External Data Analysis Tools
Cytoscape and External Data Analysis ToolsCytoscape and External Data Analysis Tools
Cytoscape and External Data Analysis ToolsKeiichiro Ono
 
Tim eberhard bajug3_talk
Tim eberhard bajug3_talkTim eberhard bajug3_talk
Tim eberhard bajug3_talkTim Eberhard
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 
CS8091_BDA_Unit_IV_Stream_Computing
CS8091_BDA_Unit_IV_Stream_ComputingCS8091_BDA_Unit_IV_Stream_Computing
CS8091_BDA_Unit_IV_Stream_ComputingPalani Kumar
 
Best practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at RenaultBest practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at RenaultDataWorks Summit
 
Linux IT Monitoring tools - An Overview
Linux IT Monitoring tools - An Overview Linux IT Monitoring tools - An Overview
Linux IT Monitoring tools - An Overview viswesvaran d
 
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeekLogging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeekvivekrajan
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
What sorts of network monitoring tools are available to network admi.pdf
What sorts of network monitoring tools are available to network admi.pdfWhat sorts of network monitoring tools are available to network admi.pdf
What sorts of network monitoring tools are available to network admi.pdfarchanenterprises
 
RedSplice_Network_Traffic_Examiner_Datasheet
RedSplice_Network_Traffic_Examiner_DatasheetRedSplice_Network_Traffic_Examiner_Datasheet
RedSplice_Network_Traffic_Examiner_DatasheetLaurentiu Nicula
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...Nagios
 

Ähnlich wie Flow Monitoring Tools, What do we have, What do we need? (20)

OSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
OSMC 2013 | Monitoring network traffic using ntopng by Luca DeriOSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
OSMC 2013 | Monitoring network traffic using ntopng by Luca Deri
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol Analyzer
 
Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'
 
Current and Future of Apache Kafka
Current and Future of Apache KafkaCurrent and Future of Apache Kafka
Current and Future of Apache Kafka
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
Cytoscape and External Data Analysis Tools
Cytoscape and External Data Analysis ToolsCytoscape and External Data Analysis Tools
Cytoscape and External Data Analysis Tools
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East Workshop
 
Tim eberhard bajug3_talk
Tim eberhard bajug3_talkTim eberhard bajug3_talk
Tim eberhard bajug3_talk
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
 
CS8091_BDA_Unit_IV_Stream_Computing
CS8091_BDA_Unit_IV_Stream_ComputingCS8091_BDA_Unit_IV_Stream_Computing
CS8091_BDA_Unit_IV_Stream_Computing
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
Best practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at RenaultBest practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at Renault
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Linux IT Monitoring tools - An Overview
Linux IT Monitoring tools - An Overview Linux IT Monitoring tools - An Overview
Linux IT Monitoring tools - An Overview
 
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeekLogging : How much is too much? Network Security Monitoring Talk @ hasgeek
Logging : How much is too much? Network Security Monitoring Talk @ hasgeek
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco Stealtwatch
 
What sorts of network monitoring tools are available to network admi.pdf
What sorts of network monitoring tools are available to network admi.pdfWhat sorts of network monitoring tools are available to network admi.pdf
What sorts of network monitoring tools are available to network admi.pdf
 
RedSplice_Network_Traffic_Examiner_Datasheet
RedSplice_Network_Traffic_Examiner_DatasheetRedSplice_Network_Traffic_Examiner_Datasheet
RedSplice_Network_Traffic_Examiner_Datasheet
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Incident Manager ...
 

Mehr von CSUC - Consorci de Serveis Universitaris de Catalunya

Mehr von CSUC - Consorci de Serveis Universitaris de Catalunya (20)

Tendencias en herramientas de monitorización de redes y modelo de madurez en ...
Tendencias en herramientas de monitorización de redes y modelo de madurez en ...Tendencias en herramientas de monitorización de redes y modelo de madurez en ...
Tendencias en herramientas de monitorización de redes y modelo de madurez en ...
 
Quantum Computing Master Class 2024 (Quantum Day)
Quantum Computing Master Class 2024 (Quantum Day)Quantum Computing Master Class 2024 (Quantum Day)
Quantum Computing Master Class 2024 (Quantum Day)
 
Publicar dades de recerca amb el Repositori de Dades de Recerca
Publicar dades de recerca amb el Repositori de Dades de RecercaPublicar dades de recerca amb el Repositori de Dades de Recerca
Publicar dades de recerca amb el Repositori de Dades de Recerca
 
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
 
Formació RDM: com fer un pla de gestió de dades amb l’eiNa DMP?
Formació RDM: com fer un pla de gestió de dades amb l’eiNa DMP?Formació RDM: com fer un pla de gestió de dades amb l’eiNa DMP?
Formació RDM: com fer un pla de gestió de dades amb l’eiNa DMP?
 
Com pot ajudar la gestió de les dades de recerca a posar en pràctica la ciènc...
Com pot ajudar la gestió de les dades de recerca a posar en pràctica la ciènc...Com pot ajudar la gestió de les dades de recerca a posar en pràctica la ciènc...
Com pot ajudar la gestió de les dades de recerca a posar en pràctica la ciènc...
 
Security Human Factor Sustainable Outputs: The Network eAcademy
Security Human Factor Sustainable Outputs: The Network eAcademySecurity Human Factor Sustainable Outputs: The Network eAcademy
Security Human Factor Sustainable Outputs: The Network eAcademy
 
The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
 
Facilitar la gestión, visibilidad y reutilización de los datos de investigaci...
Facilitar la gestión, visibilidad y reutilización de los datos de investigaci...Facilitar la gestión, visibilidad y reutilización de los datos de investigaci...
Facilitar la gestión, visibilidad y reutilización de los datos de investigaci...
 
La gestión de datos de investigación en las bibliotecas universitarias españolas
La gestión de datos de investigación en las bibliotecas universitarias españolasLa gestión de datos de investigación en las bibliotecas universitarias españolas
La gestión de datos de investigación en las bibliotecas universitarias españolas
 
Disposes de recursos il·limitats? Prioritza estratègicament els teus projecte...
Disposes de recursos il·limitats? Prioritza estratègicament els teus projecte...Disposes de recursos il·limitats? Prioritza estratègicament els teus projecte...
Disposes de recursos il·limitats? Prioritza estratègicament els teus projecte...
 
Les persones i les seves capacitats en el nucli de la transformació digital. ...
Les persones i les seves capacitats en el nucli de la transformació digital. ...Les persones i les seves capacitats en el nucli de la transformació digital. ...
Les persones i les seves capacitats en el nucli de la transformació digital. ...
 
Enginyeria Informàtica: una cursa de fons
Enginyeria Informàtica: una cursa de fonsEnginyeria Informàtica: una cursa de fons
Enginyeria Informàtica: una cursa de fons
 
Transformació de rols i habilitats en un món ple d'IA
Transformació de rols i habilitats en un món ple d'IATransformació de rols i habilitats en un món ple d'IA
Transformació de rols i habilitats en un món ple d'IA
 
Difusió del coneixement a l'Il·lustre Col·legi de l'Advocacia de Barcelona
Difusió del coneixement a l'Il·lustre Col·legi de l'Advocacia de BarcelonaDifusió del coneixement a l'Il·lustre Col·legi de l'Advocacia de Barcelona
Difusió del coneixement a l'Il·lustre Col·legi de l'Advocacia de Barcelona
 
Fons de discos perforats de cartró
Fons de discos perforats de cartróFons de discos perforats de cartró
Fons de discos perforats de cartró
 
Biblioteca Digital Gencat
Biblioteca Digital GencatBiblioteca Digital Gencat
Biblioteca Digital Gencat
 
El fons Enrique Tierno Galván: recepció, tractament i difusió
El fons Enrique Tierno Galván: recepció, tractament i difusióEl fons Enrique Tierno Galván: recepció, tractament i difusió
El fons Enrique Tierno Galván: recepció, tractament i difusió
 
El CIDMA: més enllà dels espais físics
El CIDMA: més enllà dels espais físicsEl CIDMA: més enllà dels espais físics
El CIDMA: més enllà dels espais físics
 
Els serveis del CSUC per a la comunitat CCUC
Els serveis del CSUC per a la comunitat CCUCEls serveis del CSUC per a la comunitat CCUC
Els serveis del CSUC per a la comunitat CCUC
 

Kürzlich hochgeladen

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Kürzlich hochgeladen (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Flow Monitoring Tools, What do we have, What do we need?

  • 1. Maria Isabel Gandía Carriedo 9th SIG-NOC Meeting ARNES, Ljubljana, 08-04-2019 Flow Monitoring Tools: What do We Have? What do we need?
  • 2. Disclaimer ü I’m neither a developer nor an expert on Network Flow Monitoring Tools. I’m a user of some of the following tools and I have put together the information I got as a user with what I have searched about some other popular tools and the input from Jisc, NORDUnet and AMRES. ü The idea is to offer SIG-NOC an abstract with useful information about currently used flow monitoring tools.
  • 3. Nework Flow Monitoring Tools… Just Monitoring? üSome functionalities go far beyond pure flow monitoring: • DDoS mitigation (blackholing, scrubbing centre, Flowspec…). • SNMP support to sync flows with actual traffic volumes. • BGP-peering with the core to do forward-path analysis. • Open APIs to integrate towards other tools (NSO, Nagios, Stats) • Trend reports to do Capacity Planning • Segregated logins to give filtered views to different users. • Report generation. • …
  • 4. A Common Path for Many Network Flow Monitoring Tools ü There are good Network Flow monitoring Open Source tools, but they are hard to manage (no GUI, different programs for different actions…). ü A Research Group works on a great monitoring user-friendly Open source or not very expensive tool. ü They create a Company / They develop a different flavour for commercial use / They are bought by another company.
  • 5. Some Network Flow Monitoring Tools ü Argus ü NFSEN / NFDUMP ü Nimbus (formerly FlowSonar (Team Cymru)) ü SILK / FlowBAT ü PMACCT ü NetVizura - NetFlow Analyzer (formerly ICmynet ü Talaia (Formerly SMARTxAC, now Auvik) ü NTOP/NTOPNG ü Fastnetmon Community / Advanced ü DDPS ü Arbor Networks SP (formerly Peakflow) (+TMS?) (from Netscout)
  • 6. Argus (Audit Record Generation and Usage System) ü https://qosient.com/argus/ ü GPLv3, with other licensing agreements available for commercial, governmental and educational users. No public Git-like repository. ü Status: Last versions argus-3.0.8.2 and argus-clients-3.0.8.2 (from 2016), Mailing list is active, ArgusPro (with commercial hardware and software versions of argus) is under development ü Threat intelligence: No ü Machine learning: No ü Supported protocols/inputs: Netflow (1-8, support for v9 is not clear), Flow-Tools, (Sflow and Jflow, maybe on demand), Port mirroring ü Users: Gloriad
  • 7. Argus (Audit Record Generation and Usage System) ü Argus is a bidirectional network flow generator and aggregator It’s structured as a server and a suite of supporting clients. ü The server (Argus) retrieves packets, it assembles them into binary data (representing flows) and writes this binary data to disk and/or a network socket (argus data stream). ü The argus-clients package provides a set of more than 30 binaries and scripts that read flow data from files of binary flow data and do actions like printing, processing, sorting, aggregating, tallying, collecting, distributing, archiving, and anonymizing data. ü Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, IPsec, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP detection), host flow control indications, etc...
  • 8. NFDUMP/NFSEN ü https://github.com/phaag/nfdump, http://nfsen.sourceforge.net/ ü BSD ü Status: updated ü Threat intelligence: No ü Machine-learning: No ü Supported protocols/inputs: netflow v1, v5/v7,v9,IPFIX and SFLOW ü Users: Uninett, SURFsara, GARR, SWITCH, BelWü, PIONIER, DeIC
  • 9. NFDUMP/NFSEN ü nfdump is a toolset: • nfcapd collects the data, sent from exporters and stores the flow records into files. Multiple netflow streams can be collected by a single collector. • nfdump reads the netflow data from one or many files stored by nfcapd and displays it and/or creates top N statistics of flows, bytes, packets. All data is stored to disk, before it gets analyzed. • nfanon (for anonymization), • nfexpire (for data expiration), • nfreply (to export the files stores by nfcapd), • sfcapd (for sflow collection), • etc. ü NfSen (NetFlow Sensor) is a graphical web based front end for the nfdump netflow tools. It allows users to display flows, packets and bytes using RRD (Round Robin Database).
  • 10. Nimbus (formerly FlowSonar, (Team Cymru)) ü http://www.team-cymru.com/nimbus.html ü Type: commercial, cloud-based ü Threat intelligence feeds: yes (IP reputation and Botnet controllers) ü “Price”: access to participant's information (NDA required) ü Users: CSUC (FlowSonar)
  • 11. Nimbus (formerly FlowSonar, (Team Cymru)) ü Flowsonar is based on nfdump/NfSen and it works on-premises. ü Flowsonar offers graphs for flows, packets and bits/s, per-protocol graphs, alerts and customized filters. ü Nimbus is a cloud-based netflow collection, analysis, and reporting platform. The partner exports their flows to a private IP and port over an encrypted tunnel. ü Nimbus uses a Kibana-based portal and provides with XML versions of the threat intelligence feeds. It is focused on real-time threat monitoring.
  • 12. SiLK (System for Internet-Level Knowledge) / FlowBAT ü https://tools.netsa.cert.org/silk/, http://www.flowbat.com/ ü Type: GPLv2 & Government Purpose License Rights (GPLR). However, there is no public Git-like repository for the project, all patches should be sent to the CMU team. ü Status: updated. Last version, silk-3.18.1 (March 2019) ü Threat intelligence feeds: No ü Machine learning: No ü Supported protocols/inputs: IPFIX (from yaf software, not from routers), NetFlow (v5, v9) and sFlow v5, or PDUs from a router ü Users: JISC
  • 13. SiLK (System for Internet-Level Knowledge) ü SiLK is a tool suite with two categories of applications: • The SiLK Packing System: daemon applications that collect flow data and convert them into a more space efficient format, storing the packed records into service-specific hourly binary flat files. • The SiLK Analysis Suite is a collection of command-line tools that read binary files containing SiLK Flow records and partition, sort, and count these records. The analysis tools interoperate using pipes, allowing a user to develop relatively sophisticated queries. ü It is suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP. However, it has not been designed for real-time flow analysis. ü Analysis Pipeline is a separate suite which works along with real-time analysing of flow data records. It can take flow records from SiLK files as they are created or IPFIX data from any application. ü FlowBAT is a graphical flow-based analysis tool designed to work with a SiLK-based NetFlow system as a back-end. Other third-party GUI are SiLKWeb and iSiLK.
  • 14. pmacct ü http://www.pmacct.net/ ü Type: GPLv2 ü Status: Updated, ü Threat intelligence: No ü Machine learning: No ü Supported protocols/inputs: libpcap, Netlink/NFLOG, NetFlow v1/v5/v7/v8/v9, sFlow v2/v4/v5 and IPFIX. -It also Collects Streaming Telemetry data ü Users: PSNC http://uowits.github.io/herbert-gui/index.html
  • 15. pmacct ü pmacct is a set of multi-purpose passive network monitoring tools. It can account, classify, aggregate, replicate and export forwarding-plane data, collect and correlate control-plane data via BGP and BMP; collect infrastructure data via Streaming Telemetry. ü Each component works both as a standalone daemon and as a thread of execution for correlation purposes (ie. enrich NetFlow with BGP data). ü pmacct can save data to many types of backends (relational DB, non- SQL DB, flat files, etc). ü It’s able to tag, filter, redirect, aggregate and split captured data. ü It has a BGP daemon for visibility of BGP multi-path routes. ü It does Packet classification via nDPI . ü You can use tools like Project Herber (http://uowits.github.io/herbert- gui/index.html) to print graphs with the data.
  • 16. NetVizura - NetFlow Analyzer (formerly ICmynet) ü References: https://www.netvizura.com/netflow-analyzer ü Type: Research/commercial, on-premises ü Status: updated ü Threat inteligence feeds: Yes, through in-depth forensics ü Machine learning: No ü Supported protocols/inputs: NetFlow, IPFIX, NSEL, sFlow and compatible netflow-like protocols. ü Users: AMRES
  • 17. NetVizura - NetFlow Analyzer (formerly ICmynet) ü Netvizura NetFlow Analyzer helps net admins with bandwidth monitoring, network traffic investigation, analyses and reporting. It supports the following features: • Device Traffic Analysis - traffic distribution analysis per interface, device or subnet, used network planning • Custom Traffic Analysis - analysis per flow type, subnet, organization unit, etc. • End User Traffic Analysis - analysis per end user, apps and protocols used, throughput, etc. • In-Depth Forensics - through raw data analysis and queries • Traffic Reports - PDF traffic report • Threshold Alarms - throughput and volume threshold and alarms, notifications via email • Dashboard Overview - realtime alarm prioritization and presentation • Powerful Settings - Flow sampling and filtering, Top N analysis, managing data and archives • Flexible Data Collection - multi-vendor support
  • 18. TALAIA (evolution of SMARTxAC, now Auvik) ü https://www.talaia.io/, https://es.slideshare.net/CSUC_info/1127-smar- tx-ac-network-polygraph-catnix-publicable, https://www.auvik.com/ ü Type: commercial, on-premises and Cloud-based ü Status: deprecated as it was (bought by Auvik) ü Threat intelligence feeds: No ü Machine learning: yes ü Supported protocols: Netflow, IPFIX ü Users: CSUC, RedIRIS
  • 19. TALAIA (evolution of SMARTxAC, now Auvik) ü Talaia was a spin-off of Universitat Politècnica de Catalunya (UPC / BarcelonaTech) for their former project SMARTxAC (Traffic Monitoring System for Anella Científica) and it was bought by Auvik. ü Talaia gets Netflow information, it analyzes it using Deep Packet Inspection information taken from capture linecards in the main connection lines and shows this information in a graphical interface. ü It is a multi-tenant solution (each institution only sees the information associated with its IP addresses). ü It has views for applications, protocols, top N, autozoom, geolocation, anomalies, flows and reports. ü The platform is able to authenticate federated users. ü Auvik offers an integrated solution for Managed Service Providers (MSP), offering several tools in a single platform (Configuration Management, Service Monitoring, IPAM, Inventory Management, Password Management...). Flow monitoring is one of the functionalities, although they don't offer the on-premises solution nor the federated access and it's still work-in-progress to integrate Talia with their platform.
  • 20. NTOP/NTOPNG ü https://www.ntop.org/ ü Type: GPLv3 & commercial (but free for Education) ü Status: Updated ü Threat intelligence feeds: No ü Machine learning: No ü Users: TSSG/WIT ü Supported protocols/inputs: sFlow, NetFlow (v5 & v9) and IPFIX support through nProbe
  • 21. NTOP/NTOPNG ü NTOP-NG is a web-based traffic analysis and flow collection software that provides a web GUI to access monitoring data. It provides detailed views on active hosts, flows, IP addresses, Mac addresses, Autonomous systems. ü It can be used to monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted. ü It requires to install nProbe as an intermediate flow collector, a probe to install in the middle for detailed L7 application dissection or per- packet realtime analysis. This intermediate step is needed as ntopng does not understand Netflow, so nProbe acts like a translator. ü NTOPNG can listen to a SPAN port directly.
  • 22. Fastnetmon Community / Advanced ü https://github.com/pavel-odintsov/fastnetmon, https://fastnetmon.com/ ü Type: Community edition Open source (GPLv2), Advanced edition commercial (free one-month trial license available) ü Status: Both editions updated, more development on Advanced edition. ü Threat intelligence: No ü Machine-learning: No ü Supported protocols/inputs: NetFlow (v5, v9), IPFIX, sFlow (v4, v5), Port mirror/SPAN capture with PF_RING, SnabbSwitch, NETMAP and PCAP. Commercial version offers support for more protocols ü Users: DeiC (for DDPS) https://fastnetmon.com/screenshoots-fastnetmon-advanced/
  • 23. Fastnetmon Community / Advanced ü FastNetMon is a volumetric DDoS detector able to perform a configurable action when defined thresholds are exceeded (notifying, blackholing, sending BGP Flowspec rules, switching off a server…) . ü The blocked IPs are announced via BGP with ExaBGP. ü It has support for the most popular attack types (syn_flood, udp_flood, icmp flood, ip_fragmentation_flood, DNS amplification, NTP amplification, SSDP amplification, SNMP amplification). ü It includes an API and a JSON based database for configuration/attacks. It can be integrated with Graphite and InfluxDB. ü The advanced FastNetMon includes bundled support for Grafana, using InfluxDB or ClickHouse. It can expose total bandwidth, per host bandwidth, per network bandwidth and arbitrary traffic reports from traffic persistency database (peering reports, per prefix reports). Some pre-created dashboards are available. ü More differences at https://fastnetmon.com/compare-community-and- advanced/
  • 24. DDPS (DeiC DDoS Protection Service) ü https://github.com/deic-dk/DDPS-documentation ü Type: DDPS is copyright 2015-2017 DeiC, Denmark. Licensed under the Apache License, Version 2.0 ü Status: Updated ü Threat intelligence: No ü Machine learning: No ü Users: DeIC https://github.com/deic-dk/DDPS-documentation
  • 25. DDPS (DeiC DDoS Protection Service) ü DDPS relies on FastNetMon Community and it is conceived as an automated system for DDoS mitigation: it detects attacks and automatically triggers mitigation. ü Based on BGP Flowspec, it is intended to be used in a system where detection is placed as close as possible to the target (FastNetMon in the customer’s network) and mitigation is placed as close as possible to the source(s) of the attack (DeiC). ü End-users may add, edit, or cancel mitigation rules as well as view archived rules and statistical information. ü The project is split in sub-projects: • DDPS fastnetmon • DDPS database daemon • DDPS NODE • DDPS web-user interface • DDPS Customer Site Simulation • DDPS DDoS simulator
  • 26. Arbor Networks SP (formerly Peakflow) (+TMS) (Netscout, formerly Arbor) ü https://www.netscout.com/arbor-ddos ü Type: commercial ü Status: on-premises, evolving to a cloud-based mitigation solution ü Threat intelligence feeds: yes ü Supported protocols/inputs: NetFlow, sFlow, J-Flow, IP FIX, ü Users: BelNET, CSUC, JISC ü Arbor offers a solution for monitoring (Peakflow/SP) and a different product for DDoS mitigation (TMS), although the front-end is in the SP. It is based on Netflow, SNMP and BGP information. It compares Netflow data to SNMP data to set the thresholds. It works with pre- defined managed objects and it has four main functions: • Monitoring (SP) • DDoS detection (SP) • DDoS mitigation (TMS) • Reports (SP)
  • 27. Arbor Networks SP (formerly Peakflow) (+TMS) (Netscout, formerly Arbor) ü It offers different views, like: • Traffic (per application, AS, customer, protocol, etc) • Alerts (including Summary, Activity reports, etc) • Mitigations • Reports ü The alerts thresholds are defined by the administrators of the platform. ü There are three different types of detection: • Threshold (fixed), in bps and pps. It applies to the whole object • Profile (with different configurable multiplying factors) in bps and pps. It applies to the whole object. • Host, in bps and pps. It applies to each host inside the object. There are many types of protocols and the administrators must define a threshold for each one of them (NTP, ICMP, etc). ü There are different types of users with different permissions, although it is not exactly a multi-tenant platform. ü It has SOAP and REST APIs.
  • 28. More Network Monitoring Tools ü AlienVault (AT&T Cybersecurity since February 2019) ü Insight2 (based on Argus) ü OSSIM (Open Source Security Information Management) ü Deepfield ü Kentik ü Flowmo ü Scrutinizer (plixer) ü ManageEngine ü SolarWinds NetFlow Traffic Analyzer ü ..
  • 29. What do we have? What do we need? ü Does your current tool cover your needs? The Incubator subtask under the Network Technologies and Services Development in the Géant Project may propose to contribute to the development of an open source alternative to the commercial tools, from scratch or though contributions to existing open source tools. ü Let’s play with Mentimeter.
  • 30. Thanks for your attention! Questions? mariaisabel.gandia@csuc.cat