Network Flow Analysis

Network Flow Analysis

by Michael W. Lucas
June 2010, 224 pp.
ISBN-13: 
978-1-59327-203-6

You know that servers have log files and performance measuring tools and that traditional network devices have LEDs that blink when a port does something. You may have tools that tell you how busy an interface is, but mostly a network device is a black box. Network Flow Analysis opens that black box, demonstrating how to use industry-standard software and your existing hardware to assess, analyze, and debug your network.

Unlike packet sniffers that require you to reproduce network problems in order to analyze them, flow analysis lets you turn back time as you analyze your network. You'll learn how to use open source software to build a flow-based network awareness system and how to use network analysis and auditing to address problems and improve network reliability. You'll also learn how to use a flow analysis system; collect flow records; view, filter, and report flows; present flow records graphically; and use flow records to proactively improve your network. Network Flow Analysis will show you how to:

  • Identify network, server, router, and firewall problems before they become critical
  • Find defective and misconfigured software
  • Quickly find virus-spewing machines, even if they’re on a different continent
  • Determine whether your problem stems from the network or a server
  • Automatically graph the most useful data

And much more. Stop asking your users to reproduce problems. Network Flow Analysis gives you the tools and real-world examples you need to effectively analyze your network flow data. Now you can determine what the network problem is long before your customers report it, and you can make that silly phone stop ringing.

Author Bio 

Michael W. Lucas is a network/security engineer who keeps getting stuck with network problems nobody else wants to touch. He is the author of the critically acclaimed Absolute FreeBSD, Absolute OpenBSD, Cisco Routers for the Desperate, and PGP & GPG, all from No Starch Press.

Table of contents 

Introduction

Chapter 1: Flow Fundamentals
Chapter 2: Collectors and Sensors
Chapter 3: Viewing Flows
Chapter 4: Filtering Flows
Chapter 5: Reporting and Follow-up Analysis
Chapter 6: Perl, Flowscan, and Cflow.pm
Chapter 7: FlowViewer
Chapter 8: Ad-Hoc Flow Visualization
Chapter 9: Edges & Analysis

Index

View the detailed Table of Contents (PDF)
View the Index (PDF)

Reviews 

"Why do I like Network Flow Analysis? As I've said before, Michael W. Lucas is probably my favorite technical author. He is complete, accurate, and entertaining like no one else."
Richard Bejtlich, TaoSecurity (Read More)

"A crystal clear technical guide into a subject every network administrator and network security practitioner should understand. This is simply a must-read book for anyone in those fields. It may well prove to be the only book on the subject that you ever need to read."
InfoSec Reviews (Read More)

Network Flow Analysis "was valuable enough that I found myself planning ways to implement [it] at my workplace."
DragonFly BSD Digest (Read More)

"The sequence of topics and the consistent tone and focus kept me engaged and confident that I could go as far as I'd like, with this book as a start."
Michael Ernest, JavaRanch (Read More)

"This book is mandatory reading for network people, even if they already use netflow. There are sure to be tips and hints that you will enjoy."
Henrik Kramshoj, Kramses Blog (Read More)

"A thorough and well-presented coverage of network flow analysis intended for professional network administrators/managers."
Linux Users of Victoria (Read More)

"This book is worth its weight in gold, especially if you have to deal with a shoddy ISP who always blames things on your network."
Utahcon.com (Read More)

"I found it to be a great addition to my reference bookshelf, and I’m sure it will be creased and dog-eared as I attempt to implement my own NetFlow analysis system this next year."
To the Last Tribe Consulting (Read More)

"The book is a comparatively quick read and will come in handy when troubleshooting and analyzing network problems."
Mike Riley, Dr. Dobbs (Read More)

"Combining a great writing style with lots of technical info, this book provides a learning experience that's both fun and interesting. Not too many technical books can claim that."
;login: Magazine, October 2010 (Read More)

"If you are a network administrator and you want some practical assistance in quieting the complaints from your network's users, grab yourself a copy of Network Flow Analysis."
Left-Brain Bookstore (Read More)

Extra Stuff 

Listen to Michael Lucas's BSD Talk interview about his latest book:

https://ia600607.us.archive.org/27/items/bsdtalk190/bsdtalk190.ogg

Listen to Michael Lucas's TechBytes interview about Network Flow Analysis:

Part 1: http://www.ronnutter.com/a018-network-flow-analysis-part-1-michael-w-lucas/
Part 2: http://www.ronnutter.com/a019-network-flow-analysis-part-2-michael-w-lucas/

Updates 

Pages 15 & 17:
The "server" and "client" labels on the diagrams on these pages are reversed.

Page 26:
The flow-capture example should read:
flow-capture -p /var/run/flow-capture.pid -n 287 -w /var/db/flos -S 5 192.0.2.10/192.0.2.1/5678