Data monitoring and data retention are vital for network management and troubleshooting. The network and provided services are expected to be seamlessly available. Administrators often collect information about the on-going traffic in the form of IP flow records to reveal potential malicious activity that might violate the network usage policy but also to meet legal requirements on providing data about electronic communication to authorized organizations. It is vital not only to collect data about traffic but also to track the identity of users who are responsible for the traffic. The deployment of IPv6 renders unique user identification quite problematic or at least a complex task in comparison with IPv4 environment. In this report, we suggest a data retention system with user identification capabilities in IPv6 as well as in IPv4 network. This is achieved by extending flow records with information obtained by monitoring state of network devices via SNMP and monitoring state of control servers such as Radius. The system has been successfully deployed in BUT network.
Do you monitor your network? Try to answer the following questions. Which users and which services use the most network bandwidth, and do they exceed authorised limits? Do users use only the permitted services, or do they occasionally “chat” with friends during work hours? Is my network scanned or assaulted by attackers? NetFlow will answer these and other questions.
In the network world, NetFlow is synonymous with monitoring IP data flows. A flow is generally defined as a sequence of packets which share a common feature and pass through an observation point. In the NetFlow terminology this definition is narrowed down to a one-way packet sequence with identical source and destination IP addresses, source and destination ports and protocol number. Various indicators are monitored for each such quintuple, for instance, the duration or the amount of data transferred for a flow.