Network Monitoring Based on IP Data Flows

Monitoring, Security @G√ČANT Best Practice Documents

Do you monitor your network? Try to answer the following questions. Which users and which services use the most network bandwidth, and do they exceed authorised limits? Do users use only the permitted services, or do they occasionally “chat” with friends during work hours? Is my network scanned or assaulted by attackers? NetFlow will answer these and other questions.
In the network world, NetFlow is synonymous with monitoring IP data flows. A flow is generally defined as a sequence of packets which share a common feature and pass through an observation point. In the NetFlow terminology this definition is narrowed down to a one-way packet sequence with identical source and destination IP addresses, source and destination ports and protocol number. Various indicators are monitored for each such quintuple, for instance, the duration or the amount of data transferred for a flow.

Martin ZadnikNetwork Monitoring Based on IP Data Flows