tranalyzer netflow extension
play

Tranalyzer Netflow extension It's the network go fix it! 2 - PowerPoint PPT Presentation

Dec 20, 2022 •265 likes •395 views

Tranalyzer Netflow extension It's the network go fix it! 2 Features Command-line based GUI: Traviz Extendable by plugins Fast and simple Practitioners: Anomaly and security related flags Researchers: Full

  1. Tranalyzer – Netflow extension

  2. “It's the network – go fix it!” 2

  3. Features ● Command-line based → GUI: Traviz ● Extendable by plugins ● Fast and simple ● Practitioners: Anomaly and security related flags ● Researchers: Full Statistical and Packet Signal Analysis support ● Interfaces: Matlab, GnuPlot, SPSS, Excel etc.

  4. For the Practitioners ● Known Netflow information (L2/L3/L4 information + VLAN, direction, time, number of packets or bytes, etc.) ● Min/max statistics of L3 and L4, packet and byte stream asymmetry ● Full TCP state-machine including malicious packet detection and flag aggregation with anomaly support ● ICMP aggregated type and code bitfields ● Number of distinct connections to neighbors ● Number of traffic channels between two hosts

  5. Applications for practitioners ● Machine load indication by IPID differences ● Flow quality: via TCP window size signal behavior ● IP and TCP aggregated option information ● Routing anomalies: via TTL ● Transmitted/Received bytes via TCP sequence and acknowledge number differences

  6. Applications for practitioners Detect bottlenecks by finding top talkers ● Helping to improve load balancing ● Detect packet flow asymmetries (Traffic loops) ● Detect network misconfiguration, such as packet filtering ●

  7. For the Researchers ● Min/Max packet length, Mean packet length ● Lower quartile/Median/Upper quartile of packet lengths ● Inter quartile distance ● Packet length standard deviation/Robust standard deviation ● Packet length skewness and excess ● Min/Max/Mean inter arrival times ● Inter arrival times standard deviation/Robust standard deviation ● N-first packet statistics ● Packet size inter arrival time two-dimensional statistics

  8. Applications for Researchers ● n-first packet byte length signal: ● Quick application profiling ● State machine reverse engineering Packet Length time

  9. Packet size inter arrival time two- dimensional statistics

  10. User profiling ● Identify abnormal User: Warez (0.8% of users, 42% Traffic) P2P Traffic Average Users Machines Percentil User Normal Traffic

  11. Questions? Want to contribute? http://tranalyzer.sourceforge.net stefan.burschka@swisscom.com torben.ruehl@swisscom.com florian.buehlmann@swisscom.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NetFlow Ne t wor k M a na g e me nt W or k s h op APRI COT 2010 Kua l a Lumpur Contents

NetFlow Ne t wor k M a na g e me nt W or k s h op APRI COT 2010 Kua l a Lumpur Contents

NetFlow Ne t wor k M a na g e me nt W or k s h op APRI COT 2010 Kua l a Lumpur Contents Netflow What it is and how it works Uses and Applications Vendor Configurations/Implementation Cisco and Juniper NetFlow tools

1.24k views • 62 slides
Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network

Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network

Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What t is NetFlow? Network protocol originally developed by Cisco

560 views • 21 slides
Using of time characteristic in Netflow data for improvement of protocol detection P. Piska,

Using of time characteristic in Netflow data for improvement of protocol detection P. Piska,

Using of time characteristic in Netflow data for improvement of protocol detection P. Piska, J. Novotn, {piskac|novotny}@ics.muni.cz 3rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management July 30, 2010, Maastricht, The Netherlands

479 views • 26 slides
NetFlow Analysis Jonzy Data Security Analysis, Sr. Information Security Office NetFlow Analysis

NetFlow Analysis Jonzy Data Security Analysis, Sr. Information Security Office NetFlow Analysis

NetFlow Analysis Jonzy Data Security Analysis, Sr. Information Security Office NetFlow Analysis Intrusion Detection, Protection, and Usage Reporting NetFlow is a cornucopia of information that allows for: Intrusion Detection, Bandwidth usage,

665 views • 17 slides
NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using NetFlow data By: Joey Dreijer, Student OS3 5-07-14 1 NetFlow Analysis: Detecting covert channels on the network Gathering NetFlow data

346 views • 16 slides
nProbe: an Open Source NetFlow Probe for Gigabit Networks Luca Deri <deri@ntop.org>

nProbe: an Open Source NetFlow Probe for Gigabit Networks Luca Deri <deri@ntop.org>

nProbe: an Open Source NetFlow Probe for Gigabit Networks Luca Deri <deri@ntop.org> NetFlow Traffic Monitoring Cisco NetFlow is a commercial standard for network monitoring and accounting Many companies (e.g. Cisco, Juniper,

430 views • 14 slides
Malware Detection From The Network Perspective Using NetFlow Data P. eleda, J. Vykopal, T.

Malware Detection From The Network Perspective Using NetFlow Data P. eleda, J. Vykopal, T.

Malware Detection From The Network Perspective Using NetFlow Data P. eleda, J. Vykopal, T. Plesnk, M. Truneka, V. Krmek {celeda|vykopal|plesnik|trunecka|vojtec}@ics.muni.cz 3rd NMRG Workshop on NetFlow/IPFIX Usage in Network

1.19k views • 36 slides
Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon

Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon

Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell Botnet Detection Methods

906 views • 63 slides
Building a better NetFlow (to appear in SIGCOMM 2004) Cristian Estan, Ken Keys, David Moore,

Building a better NetFlow (to appear in SIGCOMM 2004) Cristian Estan, Ken Keys, David Moore,

Building a better NetFlow (to appear in SIGCOMM 2004) Cristian Estan, Ken Keys, David Moore, George Varghese University of California, San Diego IETF60 Aug 4, 2004 IPFIX WG UCSD CSE Disclaimers "NetFlow" used

510 views • 26 slides
Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly

Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly

Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly Feagans | Sales Engineering September 2017 | Washington, DC Objective OBJECTIVE Learn how to use NetFlow with the Splunk Stream Forwarder for

444 views • 20 slides
Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring

Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring

A Performance Benchmark for NetFlow Data Analysis on Distributed Stream Processing Systems NOMS 2016 Wednesday 27 th April, 2016 Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring and Analysis

606 views • 23 slides
Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific

Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific

Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific Northwest National Laboratory FloCon 2016 Outline Introduction NetFlow Windows Event Log data Remote Desktop Protocol (RDP) sessions Approach

510 views • 32 slides
Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007,

Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007,

Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007, New Delhi Agenda Agenda bashing Do you want to see the labs, or want to discuss issues Netflow What it is and how it works

1.1k views • 91 slides
NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0

NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0

Advanced Registry Operations Curriculum NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) as part of the ICANN, ISOC and NSRC

1.04k views • 63 slides
On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate Professor at UPC BarcelonaTech (pbarlet@ac.upc.edu) Joint work with: Valentn Carela-Espaol, Tomasz Bujlow and Josep Sol-Pareta This project

544 views • 26 slides
Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United

Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United

Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United States Computer Emergency Readiness Team (US-CERT) Detection and Analysis January 2011 Background As the number or compromises escalates and our

182 views • 15 slides
Space Utilization & Metrics Team Number: 21 Develop key forecasts and recommendations for

Space Utilization & Metrics Team Number: 21 Develop key forecasts and recommendations for

Space Utilization & Metrics Team Number: 21 Develop key forecasts and recommendations for corporate real estate professionals as they address how the pandemic will impact space utilization and metrics going forward. Ted Heisler, Team Lead

290 views • 10 slides
HW/SW Codesign w/ FPGAs The Nature of HW/SW II ECE 522 Hardware vs. Software Choosing between

HW/SW Codesign w/ FPGAs The Nature of HW/SW II ECE 522 Hardware vs. Software Choosing between

HW/SW Codesign w/ FPGAs The Nature of HW/SW II ECE 522 Hardware vs. Software Choosing between implementing an application in HW or implementing it in SW may seem like a no-brainer -- clearly writing software is easier! Software is flexible,

369 views • 18 slides
World 2012 Monday, 23 July 12 Integration of IOS/OSX Devices into an Enterprise Environment

World 2012 Monday, 23 July 12 Integration of IOS/OSX Devices into an Enterprise Environment

World 2012 Monday, 23 July 12 Integration of IOS/OSX Devices into an Enterprise Environment Adam Ware Queensland University of Technology Technical Specialist Creative Industries Faculty XW12 Monday, 23 July 12 Who Am I ? XW12 Monday,

542 views • 32 slides
Divide and conquer Shared disk cluster file systems shipped with the Linux kernel Udo Seidel

Divide and conquer Shared disk cluster file systems shipped with the Linux kernel Udo Seidel

Divide and conquer Shared disk cluster file systems shipped with the Linux kernel Udo Seidel Shared file systems Multiple server access same data Different approaches Network based, e.g. NFS, CIFS Clustered Shared disk,

768 views • 40 slides
TRADING EDUCATORS WELCOMES YOU TO OUR TRADERS UNIVERSITY 70 0+ + D DV VD D s s

TRADING EDUCATORS WELCOMES YOU TO OUR TRADERS UNIVERSITY 70 0+ + D DV VD D s s

TRADING EDUCATORS WELCOMES YOU TO OUR TRADERS UNIVERSITY 70 0+ + D DV VD D s s F FO OR R S SA AL LE E & & E EX XC CH HA AN NG GE E 7 ww ww w. .t tr ra ad de er rs s- -s so of ft tw

1.13k views • 58 slides
CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3:

CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3:

Wave II: Review January 23 rd 2014 CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3: CoDel Team 4: Honeypots 2 Thomas Schultz Aneta Stevanovic IPv6 Firewall Testing 3 Reviewing Highlights

453 views • 27 slides
WELCOME SHAUMBRA S H O U D 7 , M A R C H 2 0 1 8 SHOUD RECAP Upcoming Shaumbra Events

WELCOME SHAUMBRA S H O U D 7 , M A R C H 2 0 1 8 SHOUD RECAP Upcoming Shaumbra Events

Relax into Enlightenment C R I M S O N C I R C L E N E T W O R K WELCOME SHAUMBRA S H O U D 7 , M A R C H 2 0 1 8 SHOUD RECAP Upcoming Shaumbra Events Hawaii April 2018 1 SPACE OPEN Kona, Hawaii April 15 - 19, 2018 T U O D L

693 views • 52 slides
Project 1: Bootloader COS 318 Fall 2013 Project 1 Schedule Design Review Monday, Sep 23

Project 1: Bootloader COS 318 Fall 2013 Project 1 Schedule Design Review Monday, Sep 23

Project 1: Bootloader COS 318 Fall 2013 Project 1 Schedule Design Review Monday, Sep 23 10-min time slots from 11am to 7:40pm Due date: Sep 29, 11:55pm General Suggestions Read assembly_example.s in start code pkg Get

413 views • 20 slides

More recommend