Loading...
Please wait, while we are loading the content...
Similar Documents
NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows
| Content Provider | Semantic Scholar |
|---|---|
| Author | Bearavolu, Ratna Lakkaraju, Kiran Yurcik, William |
| Copyright Year | 2005 |
| Abstract | this paper, we describe a NetFlow visualization tool, NVisionIP, which provides network administrators increased situational awareness of the state of networked devices within an IP address space. It does this by providing three increasingly detailed views of the state of devices in an entire IP address space to subnets to individual machines. Operators may use NVisionIP to transparently view NetFlow traffic without filtering or may selectively filter and interactively query NVisionIP for unique views given experience or relevant clues. I. INTRODUCTION What is the state of devices on your large and complex network? This is a question management commonly poses to network administrators and up to now the answer has been problematic. IDS sensors give binary alarms for signature-matches or anomalous traffic, if no alarms then there is no state information about the devices on the network. Scans test for software vulnerabilities but this is more about predicting posture to future attacks than knowledge of current state. Network device monitoring devices like MRTG 1 and the Flowscan 2 may display traffic levels by service as well as aggregate traffic load levels – while this is certainly useful for managing traffic congestion and detecting high volume events, there are no details about device state and small events are obscured. While NetFlows provide an excellent source of information concerning the behavior of the network, the sheer magnitude of NetFlow logs often makes it difficult to gain an understanding of that behavior. In this paper we present a tool, NVisionIP [1,3-5,9-11], that uses NetFlows to visually represent activity on an entire IP address space. NVisionIP presents information at three different levels allowing operators to select which level to use. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://www.cert.org/flocon/2005/presentations/Bearavolu-NVisionIP-FloCon2005.pdf |
| Alternate Webpage(s) | http://www.cert.org/flocon/2005/presentations/NVisionIPFlocon2005.pdf |
| Alternate Webpage(s) | https://resources.sei.cmu.edu/asset_files/Presentation/2005_017_001_43517.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
