Secdocs

Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

sFlow

General Info
Type
Paper
Tags
Netflow
Authors
Elisa Jasinska
Event
Chaos Communication Congress 23th (23C3) 2006
Indexed on
Mar 27, 2013
File details
URL
http://events.ccc.de/congress/2006/Fahrplan/attachments/1137-sFlowPaper.pdf
File name
1137-sFlowPaper.pdf
File size
257.2 KB
MD5
997e26ea92f531eeb42d038a8bb44450
SHA1
2445232a73bd47dcce46a80455197f6263b5c7c8
Abstract

The explosion of internet traffic is leading to higher bandwidths and an increased need for high speed networks. To analyze and optimize such networks an efficient monitoring system is required. The sFlow standard describes a mechanism to capture traffic data in switched or routed networks. It uses a sampling technology to collect statistics from the device and is for this reason applicable to high speed connections (at gigabit speeds or higher). sFlow is a sampling mechanism suitable for collecting traffic data of high speed networks. A relative small stream of sFlow datagrams provides enough information for statistical analysis of traffic flows. An Internet Exchange (IX) interconnects various network providers, for example ISP's. The Amsterdam Internet Exchange (AMS-IX) is by its amount of traffic the biggest Internet Exchange in the world. To give the AMS-IX members more insight into their peering traffic and provide information to optimize the network structure, AMS-IX is using sFlow for its traffic analysis. A throughput average of more then 100 Gb/s gets analyzed by an open source software developed in perl. Due to sFlow providing a whole captured packet (layer 2 - 7) AMS-IX also provides information for example on the growth (or lack off) of IPv6. Information about the sort of traffic might be misunderstood and politically misused therefore AMS-IX restrains itself to layer 2 and the developed software doesn't decode the provided packets above L2. This topic will contain an introduction to the sFlow sampling mechanism, the information provided by the sFlow datagrams and how they can get analyzed. Besides that, existing tools and the software developed and used at AMS-IX will be presented, and some results of the analysis will be shown. The software will be hopefully also deployed at the 23C3, and finally we will also see statistics about the network traffic of the conference.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !