Monitoring technologies are widely implemented by networks of varying sizes and complexity to gain crucial understanding of traffic patterns. One popular method is NetFlow. We chose this to be the tool of choice when analyzing network traffic behavior across interfaces on AMPATH’s production network. NetFlow by itself cannot be easily parsed to produced the comprehensive data analysis we sought during our research; however, another widely used open source tool, Flow Tools, was the primary parser for NetFlow data being streamed from the multiple network elements which we chose to investigate.
The integration of the parsed NetFlow data is a key tool in making the information readily available in a distributed format and incorporating a historical component as well as a real-time understanding of data being received from the network components being monitored and analyzed. We identified monALISA (Monitoring Agents using a Large Integrated Services Architecture) as a promising tool that could fit our needs due to its design architecture (JAVA / JINI based) and overall philosophy to provide monitoring information from large as well as distributed systems. MonALISA’s ability to gather, store and distribute network data collected was crucial to the success of our investigation.
Another technology we intended to explore was that of the National Laboratory for Applied Network Research (NLANR)’s PMA (Passive Monitoring Agent). There are key differences between PMA data and NetFlow data, which are worthwhile mentioning during this presentation. This talk will focus on the theory and implementation of this particular tool and how it can be adapted to other networks and case studies emanating from data gathered.