What is the methodology of passive measurements?
observation of existing traffic using monitor probes in the network
measurement of
traffic volume
traffic composition
packet inter-arrival times
granularity:
packet level
flow level
link level
What are some applications for pasisve measurements?
traffic analysis
traffic engineering
anomaly detection
accouting
resource utilization
accounting and charchign
security
intrusion detection
detecion of prohibited data transfers (P2P (pirate bay))
research
What are some issues with passive measuremetns?
protecion of measurement data agains illegitimate use required (e.g. enctryption)
applicable law (lawful interception, privacy laws…)
How can one do passive measurements on the flow level?
netwok devices create flow data
=> export to central collector
=> evaluate communication patterns…
How can one trigger flow expiratoin (automated exports)?
inactive timeout
-> export at end of flow
active timeout
-> export periodically for long-lived flows
timeouts can be configured…
What do flows describe?
packets which belong together
-> e.g. all packets in TCP connection (i.e. using 5-tuple…)
Src IP
Dst IP
Proto
Src Port
Dst Port
=> metrics describing the flow are various
number of packets
number of bytes
duration
What is IPFIX?
IP Flow Informaiton eXport
=> protocol to export flow data
standardized in RFCs
What formats are differentiated in IPFIX?
template records
data records
What is the basic design approach of IPFIX?
separate the flow metric definition from teh actual data
-> compact data format
What is the IPFIX approach for flow definition? How does it compare to netflow?
IPFIX & Flexible netflow
-> flows can have arbitrary flow keys
netflow
-> flows always represented by IP-5 tuple
How often are statistics updated in IPFIX?
statistic couters are updated with each arriving packet…
When are records exported in
Last changed2 years ago