Flow Monitoring Explained: From Packet Capture to Data Analysis
With NetFlow and IPFIX

J 2014

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX

HOFSTEDE, Rick, Pavel ČELEDA, Brian TRAMMELL, Idilio DRAGO, Ramin SADRE et. al.

Základní údaje

Originální název

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX

Autoři

HOFSTEDE, Rick (528 Nizozemské království), Pavel ČELEDA (203 Česká republika, garant, domácí), Brian TRAMMELL (840 Spojené státy), Idilio DRAGO (76 Brazílie), Ramin SADRE (528 Nizozemské království), Anna SPEROTTO (380 Itálie) a Aiko PRAS (528 Nizozemské království)

Vydání

IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, PISCATAWAY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2014, 1553-877X

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Impakt faktor

Impact factor: 6.806

Kód RIV

RIV/00216224:14610/14:00073220

Organizační jednotka

Ústav výpočetní techniky

DOI

http://dx.doi.org/10.1109/COMST.2014.2321898

UT WoS

000345570200013

Klíčová slova anglicky

Flow export; network monitoring; Internet measurements; NetFlow; IPFIX

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 22. 5. 2015 15:14, Mgr. Marta Novotná Buršíková

Anotace

V originále

Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks. By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis. Flow monitoring embraces the complete chain of packet observation, flow export using protocols such as NetFlow and IPFIX, data collection, and data analysis. In contrast to what is often assumed, all stages of flow monitoring are closely intertwined. Each of these stages therefore has to be thoroughly understood, before being able to perform sound flow measurements. Otherwise, flow data artifacts and data loss can be the consequence, potentially without being observed. This paper is the first of its kind to provide an integrated tutorial on all stages of a flow monitoring setup. As shown throughout this paper, flow monitoring has evolved from the early 1990s into a powerful tool, and additional functionality will certainly be added in the future. We show, for example, how the previously opposing approaches of deep packet inspection and flow monitoring have been united into novel monitoring approaches.

Návaznosti

VG20132015103, projekt VaV

Název: Kybernetický polygon (Akronym: KYPO)

Investor: Ministerstvo vnitra ČR, Kybernetický polygon

Přiložené soubory

flow-monitoring-explained-paper.pdf

Vyhledat podobné dokumenty

Citovat

HOFSTEDE, Rick, Pavel ČELEDA, Brian TRAMMELL, Idilio DRAGO, Ramin SADRE, Anna SPEROTTO a Aiko PRAS. Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS. PISCATAWAY: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2014, roč. 16, č. 4, s. 2037-2064. ISSN 1553-877X. Dostupné z: https://dx.doi.org/10.1109/COMST.2014.2321898.

@article{1181098,
   author = {Hofstede, Rick and Čeleda, Pavel and Trammell, Brian and Drago, Idilio and Sadre, Ramin and Sperotto, Anna and Pras, Aiko},
   article_location = {PISCATAWAY},
   article_number = {4},
   doi = {http://dx.doi.org/10.1109/COMST.2014.2321898},
   keywords = {Flow export; network monitoring; Internet measurements; NetFlow; IPFIX},
   language = {eng},
   issn = {1553-877X},
   journal = {IEEE COMMUNICATIONS SURVEYS AND TUTORIALS},
   title = {Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX},
   url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814316},
   volume = {16},
   year = {2014}
}

TY  - JOUR
ID  - 1181098
AU  - Hofstede, Rick - Čeleda, Pavel - Trammell, Brian - Drago, Idilio - Sadre, Ramin - Sperotto, Anna - Pras, Aiko
PY  - 2014
TI  - Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX
JF  - IEEE COMMUNICATIONS SURVEYS AND TUTORIALS
VL  - 16
IS  - 4
SP  - 2037-2064
EP  - 2037-2064
PB  - IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
SN  - 1553877X
KW  - Flow export
KW  - network monitoring
KW  - Internet measurements
KW  - NetFlow
KW  - IPFIX
UR  - http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814316
L2  - http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814316
N2  - Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks. By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis. Flow monitoring embraces the complete chain of packet observation, flow export using protocols such as NetFlow and IPFIX, data collection, and data analysis. In contrast to what is often assumed, all stages of flow monitoring are closely intertwined. Each of these stages therefore has to be thoroughly understood, before being able to perform sound flow measurements. Otherwise, flow data artifacts and data loss can be the consequence, potentially without being observed. This paper is the first of its kind to provide an integrated tutorial on all stages of a flow monitoring setup. As shown throughout this paper, flow monitoring has evolved from the early 1990s into a powerful tool, and additional functionality will certainly be added in the future. We show, for example, how the previously opposing approaches of deep packet inspection and flow monitoring have been united into novel monitoring approaches.
ER  -

HOFSTEDE, Rick, Pavel ČELEDA, Brian TRAMMELL, Idilio DRAGO, Ramin SADRE, Anna SPEROTTO a Aiko PRAS. Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX. \textit{IEEE COMMUNICATIONS SURVEYS AND TUTORIALS}. PISCATAWAY: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2014, roč.~16, č.~4, s.~2037-2064. ISSN~1553-877X. Dostupné z: https://dx.doi.org/10.1109/COMST.2014.2321898.

Podrobný výpis o publikaci