Traffic Flow Analysis
Traffic flow analysis depends on exported Flow Information. A comprehensive document about Netflow could be found on Cisco's webpage. So I think, there is no need to copy and paste all that document. In a system view, there are a number of exporter / emitters sending flows over UDP to a collector and reports are generated for all kind of purposes. If you are interested in IP Flow Information Export (IPFIX) Entities, here is the link to IANA
Application and network usage
Network productivity and utilization of network resources
The impact of changes to the network
Network anomaly and security vulnerabilities
Long term compliance issues
Host Conversation Pairs
Flow Information can be delivered from different devices, like
3COM (NetStream)
Alcatel-Lucent (cflowd)
Cisco Router and IOS based Switches (Netflow, IPFIX)
Enterasys (Netflow)
HP (sFlow)
Huawei (NetStream)
Juniper (JFlow, cflowd)
Nortel (IPFIX)
PacketShaper (Netflow-5 & Flow Detail Records)
Hardware based Flow Generators, like NetFPGA
Some basic configuration examples can be found here:
How to enabling NetFlow on a Cisco Router (or switch running IOS)
How to enable NetFlow on Enterasys X-Pedition SmartSwitch Routers
Reference Charts for IPFIX: IP Flow Information Export Information Elements
3COM
# 3COM 6000 series and MSR series Router
#
ip netstream timeout active 1
ip netstream export source interface Ethernet0/0/1
ip netstream export host
[ip
of Flow Collector] 9996
#
# 3COM
Switch 8800
#
ip netstream
template timeout 1
ip netstream template refresh 10
ip netstream timeout active 5
ip netstream export source [ip
of Source IP to be used]
ip netstream export host [ip
of Flow Collector] 9995
ip netstream enable slot [slot number of the NMM]
#
Cisco IOS
router(config)#
ip cef
router(config)# interface
<interface>
router(config-if)# ip route-cache flow
router(config)# ip flow-export version 5
router(config)# ip flow-export destination
[ip
of Flow Collector]
9996
router(config)# ip flow-export source FastEthernet0
router(config)# ip flow-cache timeout active 1
router(config)# ip flow-cache timeout inactive 15
router(config)#
end
Juniper M-Series Switches
set forwarding-options sampling input family inet rate [sampling rate]
set forwarding-options sampling output cflowd
[ip
of Flow Collector]
port 9995
set forwarding-options sampling output cflowd
[ip
of Flow Collector]
source-address [SourceAddress]
set forwarding-options sampling output cflowd
[ip
of Flow Collector]
version 5
set forwarding-options sampling output flow-active-timeout 60
set firewall filter [filter name] term sample then sample
set firewall filter [filter name] term sample then accept
set forwarding-options family inet filter input [filter name]
Juniper E-Series Router
ip flow statistics
ip flow-sampling-mod packet-interval [number of packets to obtain 1 sample]
ip flow-cache timeout active 1
ip flow-cache timeout inactive 60
ip flow-export source [interface]
ip flow-export [IP of Harvester] 9995 version 5 peer-as
HP 3500, 5400, and 6200 Devices
sflow
[sFlowReceiverInstance] destination [ip of Flow Collector] 9995
sflow [sFlowReceiverInstance] polling [ethernet] [portNumber,
portNumber, ...] 60
sflow [sFlowReceiverInstance] sampling [ethernet] [portNumber,
portNumber, ...] 50
Nortel 5500 PassPort Switch
In global configuration:
ip ipfix enable
ip ipfix slot [slotNumber] aging-interval 60 export-interval 60
template-refresh-interval 600
ip ipfix collector 1 [harvesterIP]
on each Port:
ip ipfix port [portNumber,portNumber,...]
on each Interface:
ip ipfix enable
Nortel
8600 PassPort Switch
config ip ipfix
state enable
config ip ipfix slot [slotNumber] active-timeout 1 aging-interval 60
export-interval 60 exporter-state enable template-refresh 800
config ip ipfix slot [slotNumber] collector add
[ip
of Flow Collector]
protocol udp dest-port 9995 exporter-ip [PassPortSwitchIPAddress]
protocol-version ipfix enable true
On each Port:
config ip ipfix
port [slotNumber/portNumber] all-traffic enable
HP 9300 and 9400 Devices
int e [start port] to [end port]
sflow forwarding
sflow destination
[ip
of Flow Collector]
9995
sflow sample [sampling rate]
sflow polling-interval [polling rate]
sflow enable
Enterasys Matrix N-Series
set netflow
export-interval
set netflow export-destination
[ip
of Flow Collector]
9995
set netflow port [port name or link aggregator name] enable
set netflow port [ethernet module].[port name or list] enable
set netflow cache enable
Enterasys X-Pedition SmartSwitch Routers
netflow set interval 1
netflow set memory 8000
netflow set ports all-ports
netflow set priority low
netflow set collector
[ip
of Flow Collector]
flow-destination-port 9995
netflow enable
Logon to the PacketShaper - click on Setup and chose Flow Detail Records from the Setup Page