Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX
Top Cited Papers
Open Access
- 12 May 2014
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Communications Surveys & Tutorials
- Vol. 16 (4), 2037-2064
- https://doi.org/10.1109/comst.2014.2321898
Abstract
Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks. By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis. Flow monitoring embraces the complete chain of packet observation, flow export using protocols such as NetFlow and IPFIX, data collection, and data analysis. In contrast to what is often assumed, all stages of flow monitoring are closely intertwined. Each of these stages therefore has to be thoroughly understood, before being able to perform sound flow measurements. Otherwise, flow data artifacts and data loss can be the consequence, potentially without being observed. This paper is the first of its kind to provide an integrated tutorial on all stages of a flow monitoring setup. As shown throughout this paper, flow monitoring has evolved from the early 1990s into a powerful tool, and additional functionality will certainly be added in the future. We show, for example, how the previously opposing approaches of deep packet inspection and flow monitoring have been united into novel monitoring approaches.Keywords
Funding Information
- European Commission Seventh Framework Programme through the Network of Excellence project FLAMINGO (ICT-318488)
This publication has 37 references indexed in Scilit:
- Network Innovation using OpenFlow: A SurveyIEEE Communications Surveys & Tutorials, 2013
- High-Performance Network Traffic Processing Systems Using Commodity HardwareLecture Notes in Computer Science, 2013
- Survey of Network Metrology PlatformsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- LibtraceACM SIGCOMM Computer Communication Review, 2012
- High speed network traffic analysis with commodity multi-core systemsPublished by Association for Computing Machinery (ACM) ,2010
- Comparing and improving current packet capturing solutions based on commodity hardwarePublished by Association for Computing Machinery (ACM) ,2010
- OpenFlowACM SIGCOMM Computer Communication Review, 2008
- Traffic Trace Artifacts due to Monitoring Via Port MirroringPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Introducing scalability in network measurementPublished by Association for Computing Machinery (ACM) ,2004
- Management of sampled real-time network measurementsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003