Subscribe to Windows IT Pro
October 19, 2010 09:27 AM

Network Flow Analysis

Tony Stevenson
Left Brain
InstantDoc ID #128950
Rating: (0)
By: Tony Stevenson

Author: Michael W. Lucas
Publisher: No Starch Press (www.nostarch.com)
Published: June 2010
ISBN 13: 978-1-59327-203-6
ISBN 10: 1-59327-203-0
Format: Soft cover, 224 pages
Prices:
$39.95 Print Book and free EBook
$19.95 EBook (PDF, Mobi, and ePub)



Assessing, analyzing, and debugging your network


The intended readership of the book, "Network Flow Analysis", is obvious from its title – network administrators. And the purpose of the book is clearly defined in its opening sentences where the book's author, Michael W. Lucas, states that "network administrators of all backgrounds share one underlying, overwhelming desire. It doesn't matter if you manage a network with 400 separate manufacturing plants connected by a global MPLS mesh or if you're responsible for three computers and an elderly printer. Network administrators all share an abiding and passionate desire for just one thing: We want our users to shut up." And shutting them up hopefully means that users will stop erroneously blaming the network for all sorts of problems.

I'm sure that all network administrators will quickly identify with the sentiments expressed by Lucas when he says that "blaming the network is easy. The network touches everything. Businesses assume that the network will work perfectly and make decisions accordingly. A user can't open that 900 MB Excel spreadsheet on the file server on another continent from his 20th-century PC? Network problem. A web site in Farawayistan is slow? Network problem. A user can't get a faster response over a 33.6 Kbps modem? Network problem. In general, users don't care about trivialities such as the cost of bandwidth, the physical layout of transcontinental fiber, or the speed of light. They want the network to work the way they think it should."

From the few sentences quoted above from Lucas, you can probably already see that he has a sense of humor, and that can be of enormous benefit when grappling with a technically heavy topic such as the flow of data through a network. But Lucas is no network lightweight! In fact, he is described on the book's back cover as being "a network/security engineer who keeps getting stuck with network problems nobody else wants to touch." In addition to his network experience, he also has a lucid writing style that translates into a text that is easy to both follow and understand.

"Network Flow Analysis" begins with a short introduction in which Lucas immediately sets the scene by stating that "network administration sucks. The tools are all inadequate, expensive, or both." His solution, which he readily admits is a "tall order", is to "record the traffic that passes across your network." His book then proceeds to show its readers how to do just that. Examples of topics discussed in the introduction include different types of network management tools, along with flow-tools and its prerequisites. Lucas explains that "flow-tools is the standard freely available flow management and analysis toolkit. Although you can find many other tools for flow management, flow-tools has been around for the longest time and is the most widely deployed free toolkit." Lucas adds that a major advantage offered by flow-tools is that "many people have written flow analysis interfaces based on flow-tools", some of which are investigated in his book.

The remaining content of the book is comprised of nine chapters, and a brief rundown of the content of each of those chapters is as follows:

• Because the opening chapter is titled "Flow Fundamentals", you might be tempted to regard it as being too introductory in nature to bother reading it. However I recommend that you do read it anyway before attempting to tackle the more advanced topics in subsequent chapters of the book. Reading this initial chapter will provide you with a good understanding of flows – what they are, the different types of flows that exist, why you need to know about them, along with insights into how to implement and analyze them.

• The second chapter focuses on collectors and sensors, the two components that Lucas regards as being "irreplaceable" components of any flow system. Lucas defines a sensor as being "the device or program that captures flow data from your network and forwards it to the collector", while the collector is "the host that receives records from network equipment and is where you'll perform most of your work." The emphasis in this part of the book is, as Lucas points out, on "flow export and how to configure it in both hardware and software, as well as how to collect those flow records from many different network devices using the industry standard flow-tools package."

• Once you have the appropriate collector – sensors configuration in place and working, the next logical step is establish the processes needed to view the flows of data being generated. And that is the topic of the book's third chapter. Lucas cautions his readers that "flow records contain vast amounts of information, and choosing the proper viewing format will help you get the insight you need." Fortunately, he also makes the point that "flow-tools provides several programs for viewing flow data, generating statistical analysis, and generating reports."

• By this stage, you might be keen to read an extract from the book to see if its writing style, approach, and presentation appeals to you. If that's the case, the book's fourth chapter, titled "Filtering Flows", is available for download as a PDF from the site of the book's publisher, No Starch Press (www.nostarch.com). As suggested by the chapter's title, this part of the book is concerned with implementing filters so that you can limit the amount of flow data processed in order to gain the insights required. For instance, Lucas says that "you can reduce your data to include only interesting traffic, which will help you evaluate and diagnose issues. For example, if you have a large internal corporate network, you might want to view only the traffic exchanged with a particular branch office, filtering on all of its network addresses."

• The amount of data associated with data flows can be enormous. In order to cope with, and not succumb to, information overload, therefore something other than just the careful selection of particular data flows to investigate, and even the judicious use of filters, is required. Lucas recommends that sometimes "you need a tool to aggregate flow data, sort it, and display the cumulative results." As he says, "very few people can eyeball a list of 15,000 flows and identify the 10 most active hosts, identify the most commonly used ports, or even rank them by IP." So the fifth chapter of the book presents different techniques for aggregating the flow data into meaningful results.

• Instead of purely text based reports, often a graphical version of the flow data can be more appropriate. In the sixth chapter of the book, "FlowScan", a web based software application that generates traffic graphs, is introduced and discussed. The graphs produced by this particular application are designed specifically for users of a network as opposed to network administrators (the seventh chapter of the book is devoted to "FlowViewer" another web based traffic dissection tool that is more powerful and much more suited to the needs of network administrators).

• Following on from the visual-based approach to flow data analysis as discussed in the preceding two chapters, the eighth chapter of the book puts forward a more "ad hoc" approach to flow visualization. Lucas acknowledges that while the tools previously discussed in chapters 6 and 7 provide basic graphing capabilities, "they lack true ad hoc flexibility, such as the ability to choose the style of graph or whether to overlay one graph atop another." In this chapter, he provides the details of a tool that offers "unlimited flexibility."

• The ninth, and final chapter, reinforces the message conveyed right throughout the book, namely, Lucas's proposition that "you can use flow records to proactively improve your network." On the final page of the book he asserts that "flow analysis will change your problem solving capacities. You'll solve odd issues that have haunted your network for years. You'll conclusively show that problems that everyone has comfortably blamed on the network are actually server or software problems. You'll even be able to dig up a whole list of weird problems that other people are causing on the network." Those assertions alone should be enough to pique your curiosity and encourage you to pick up a copy of "Network Flow Analysis" and read it!

In conclusion, if you are a network administrator and you want some practical assistance in quieting the complaints from your network's users, grab yourself a copy of "Network Flow Analysis." The book's content has the potential to help you regardless of whether or not you are the sole IT person in a small company (with responsibility for its network), or alternatively, you are part of a traditional IT administration team – network administrator, system administrator and database administrator – typically found in larger organizations and enterprises.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.