Charging from sampled network usage
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
MRTG: The Multi Router Traffic Grapher
LISA '98 Proceedings of the 12th Conference on Systems Administration
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
The Spinning Cube of Potential Doom
Communications of the ACM - Wireless sensor networks
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
More Netflow Tools for Performance and Security
LISA '04 Proceedings of the 18th USENIX conference on System administration
Driving by the rear-view mirror: managing a network with cricket
NETA'99 Proceedings of the 1st conference on Conference on Network Administration - Volume 1
A heuristic method of finding heavy hitter prefix pairs in IP traffic
IEEE Communications Letters
A unified approach to network traffic and network security visualisation
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Hi-index | 0.00 |
Monitoring traffic on important links allows network administrators to get insights into how their networks are used or misused. Traffic analysis based on NetFlow records or packet header traces can reveal floods, aggressive worms, large (unauthorized) servers, spam relays, and many other phenomena of interest. Existing tools can plot time series of pre-defined traffic aggregates, or perform (hierarchical) "heavy hitter" analysis of the traffic. Wisconsin Netpy is a software package that goes beyond the capabilities of other existing tools through its support for interactive analysis and novel powerful visualization of the traffic data. Adaptive sampling of flow records ensures that the performance is good enough for interactive use, while the results of the analyses stay close to the results based on exact data. Among the salient features of the package are: hierarchical analyses of source addresses, destination addresses, or applications within aggregates identified by user-defined filters; time series plots that separate the traffic into categories specified with ACL-like syntax at run time; interactive drill-down into analyses of components of the traffic mix; "heatmap" visualization of traffic that describes how two "dimensions" of the traffic relate to each other (e.g., which sources send to which destinations, or which sources use which service, etc.).