FlowScan is a freely-available network traffic analysis and
visualization tool which uses IP flow data to provide a continuous near
real-time view of a network's IP traffic.
The sites that run FlowScan form a widely-deployed, but informal,
measurement infrastructure. In this session, we will explore FlowScan
analysis and visualization using data from the University of
Wisconsin-Madison and other FlowScan sites.
We will discuss how the flow-based metrics that FlowScan tracks can be
used to perform traffic workload characterization and detection of
anomalies such as Denial-of-Service attacks and other network abuse.
We will discuss FlowScan's building blocks and how the tools can be
deployed in both WAN and LAN environments. Most existing FlowScan
sites leverage the "flow export" reporting features of modern IP
routers for ease of deployment. In such a scenario, the network
essentially _is_ the instrumenation. Alternatively, the FlowScan user
can simply tap an ethernet as the source for IP flow data.
Copyright. All Rights Reserved.