Thursday, August 12, 2010

Book Review: Network Flow Analysis


Book Review: Network Flow Analysis
Author: Michael W.Lucas
Published By: no starch press
ISBN: 1593272030

"Stop asking your users to reproduce problems. Network Flow Analysis gives you the tools and real-world examples you need to effectively analyze your network flow data."

If you have ever read any of Michael W.Lucas' other books, you will know you are in for a humorous and entertaining read.

Network Flow Analysis has a good introduction to flow, what it is, how records are made up and what its actually used for.

"Knowing who talked to whom, when they talked, and how much each party said is terribly valuable"
Flow is not new, and there are many commercial products out there, and a few open source tools also.

Lucas has based the book on the open source Flow-tools

"Analyzing flow data from your internal network will quickly expose problems, mis-configurations, and performance issues."

The book covers how to configure flow, on differing vendors kit, and also how to configure hardware and software flow sensors, like softflowd. (Softflowd is flow-based network traffic analyser capable of Cisco NetFlow™ data export. Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow™ to a collecting host) 

Once you have your devices sending flow, and your open source collector set up, Lucas then demonstrates with a variety of tools, on how to manipulate the data.

"the flow-report program reads flows and produces totals, rankings, per-second and per-interface counts, and other reports"

There are also lots of warnings and help tips, to assist with troublesome installs, "Correct Cflow.pm installation seems to be the single most common reason flow management projects fail"....."do not proceed".."until flowdumper gives correct answers. You have been warned"

Open source tools are not everyones cup of tea, and you may actually prefer commercial tools like the excellent Lancope, which adds NBA functionality if you have budget.

But, if you have no dosh, and are happy installing say BSD, and compiling a few bits and pieces, then "Network Flow Analysis" will definitely be the book to help you every step of the way.