Properties and prediction of flow statistics from sampled packet streams
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
NetFlow: information loss or win?
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
The power of slicing in internet flow measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Uncovering Artifacts of Flow Measurement Tools
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Peeling away timing error in netflow data
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
An Overview of IP Flow-Based Intrusion Detection
IEEE Communications Surveys & Tutorials
Towards bandwidth estimation using flow-level measurements
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Hi-index | 0.00 |
Flows provide an aggregated view of network traffic by grouping streams of packets. The resulting scalability gain usually excuses the coarser data granularity, as long as the flow data reflects the actual network traffic faithfully. However, it is known that the flow export process may introduce artifacts in the exported data. This paper extends the set of known artifacts by explaining which implementation decisions are causing them. In addition, we verify the artifacts' presence in data from a set of widely-used devices. Our results show that the revealed artifacts are widely spread among different devices from various vendors. We believe that these results provide researchers and operators with important insights for developing robust analysis applications.