Measurement artifacts in netflow data

  • Authors:

  • Rick Hofstede;Idilio Drago;Anna Sperotto;Ramin Sadre;Aiko Pras

  • Affiliations:

  • Centre for Telematics and Information Technology, Design and Analysis of Communications Systems (DACS), University of Twente, Enschede, The Netherlands;Centre for Telematics and Information Technology, Design and Analysis of Communications Systems (DACS), University of Twente, Enschede, The Netherlands;Centre for Telematics and Information Technology, Design and Analysis of Communications Systems (DACS), University of Twente, Enschede, The Netherlands;Centre for Telematics and Information Technology, Design and Analysis of Communications Systems (DACS), University of Twente, Enschede, The Netherlands;Centre for Telematics and Information Technology, Design and Analysis of Communications Systems (DACS), University of Twente, Enschede, The Netherlands

  • Venue:
  • PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

Flows provide an aggregated view of network traffic by grouping streams of packets. The resulting scalability gain usually excuses the coarser data granularity, as long as the flow data reflects the actual network traffic faithfully. However, it is known that the flow export process may introduce artifacts in the exported data. This paper extends the set of known artifacts by explaining which implementation decisions are causing them. In addition, we verify the artifacts' presence in data from a set of widely-used devices. Our results show that the revealed artifacts are widely spread among different devices from various vendors. We believe that these results provide researchers and operators with important insights for developing robust analysis applications.