Publication details
Hardware Accelerated FlowMon Probe
| Authors | |
|---|---|
| Year of publication | 2007 |
| Type | R&D Presentation |
| MU Faculty or unit | |
| Citation | |
| Description | The presentation describes the monitoring principles in high-speed networks. The monitoring is based on collecting IP flows. In general, IP flows are a set of packets which share a common property. The most important such properties are the flow's endpoints. The simplest type of flow is a 5-tuple, with all its packets having the same source and destination IP addresses, port numbers and protocol. Flows are unidirectional and all their packets travel in the same direction. A flow begins when its first packet is observed. A flow ends when no new traffic for existing flow is observed or connection terminates. Statistics on IP traffic flows provide information about who communicates with whom, when, how long, using what protocol and service and also how much data was transferred. The FlowMon probe parameters are discussed and compared to other commercial off-the-shelf solutions. The authors describe open-source flow monitoring system based on FlowMon probes and NfSen collector. Practical experiences from deploying probes in campus network and collecting of network statistics are shown. |