《网路流量监测与管理教学教材》由会员分享,可在线阅读,更多相关《网路流量监测与管理教学教材(58页珍藏版)》请在金锄头文库上搜索。
1、2020/7/6,1,網路流量監測與管理,台灣大學計資中心 邵喻美 madelinentu.edu.tw,2020/7/6,2,大綱,網路基礎 Network Traffic Accounting - NetFlow MRTG,2020/7/6,3,Part I,網路基礎,2020/7/6,4,網路基礎,OSI參考模型 SNMP介紹,2020/7/6,6,2020/7/6,7,2020/7/6,8,SNMP,簡單網路管理協定(Simple Network Management Protocol) 要求/回應協定:GET,SET 遠端管理TCP/IP網路上的設備 對不同網路節點進行讀取及寫入狀態
2、資訊 在UDP上執行 Port 161 : sending and receiving requests Port 162: receiving traps from managed devices,2020/7/6,9,SNMP工作原理,SNMP Manager與Agent之間的通訊形式 Get-request Get-next-request Set-request Get-response Trap,2020/7/6,10,SNMP Manager: a server running some kind of software system that can handle managem
3、ent tasks for a network SNMP Agent: a piece of software that runs on the network devices you are managing SNMP community: a logical relationship between an SNMP agent and one or more SNMP managers.,2020/7/6,11,MIB Management Information Base,定義網路設備各種資訊的儲存結構 Name (OID) Type and syntax encoding MIB-II
4、 所有網路設備皆提供的MIB標準 各家廠商也會提供proprietary MIB 其他MIB standards ATM MIB (RFC 2515) Frame Relay DTE Interface Type MIB (RFC 2115) BGP Version 4 MIB (RFC 1657) RADIUS Authentication Server MIB (RFC 2619) Mail Monitoring MIB (RFC 2249) DNS Server MIB (RFC 1611),2020/7/6,12,OID : .iso.org.dod.internet.mgmt.mib
5、-2.interface.ifNumber.0 .1.3.6.1.2.1.2.1.0,2020/7/6,13,SNMP make;make install on most platforms (FreeBSD,Linux, Solaris, BSDi, NetBSD) 下載程式: ,2020/7/6,27,Flow-tool安裝程序(以Linux系統為例) 解壓縮:zcat flow-tools-0.58.tar.gz | tar xvf 必須先安裝下列軟體: zlib gnu make 安裝: ./configure gmake gmake install,2020/7/6,28,flow-
6、tool,flow-capture: Collect NetFlow exports and stores to disk. Built in compression. Manages disk space by expiring older flow files at configurable limits. Detects lost flows by missing sequence numbers.,2020/7/6,29,flow-capture z Z n N e E p P w W Z:壓縮比例 N:每日留存份數 E:共留存幾份在硬碟中 P:埠號 W:存放路徑 Ex: flow-c
7、apture z 6 n 143 e 1500 p 9991 w /netflow,2020/7/6,30,測試 flow-receive 0/0/9991 | flow-print tcpdump n udp port 9991 tcpdump: listening on fxp0 14:17:39.491510 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.492820 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.493786 140.112.3.76.1024
8、 140.112.3.88.9991: udp 1168 14:17:39.495057 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.496298 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.496863 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.496967 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.497068 140.112
9、.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.497176 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.497279 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.497381 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.497486 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.4975
10、89 140.112.3.76.1024 140.112.3.88.9991: udp 1168 14:17:39.497694 140.112.3.76.1024 140.112.3.88.9991: udp 1168,2020/7/6,31,Newflow資料格式:flow-print f0 logfile Sif SrcIPaddress Dif DstIPaddress Pr SrcP DstP Pkts Octets 0000 195.254.117.168 0000 140.131.7.3 01 0 0 9 504 0000 205.188.248.89 0000 163.28.1
11、6.2 06 50 fdb6 5 589 0000 61.229.48.83 0000 192.192.120.18 06 454 17 12 493 0000 207.218.223.162 0000 192.83.193.2 11 35 8000 1 156 0000 207.159.149.84 0000 140.131.1.188 01 0 0 10 560 0000 202.178.164.169 0000 203.64.48.107 06 71 9e6 1 40 0000 168.95.1.1 0000 203.71.92.1 11 35 a82c 1 187 0000 210.2
12、24.163.3 0000 210.71.107.3 11 3bce 35 1 71 0000 66.207.130.76 0000 163.28.16.2 06 50 fdde 6 782 0000 168.95.1.1 0000 203.71.92.1 11 35 a809 1 60 0000 64.12.24.30 0000 163.28.16.9 06 1bb 76b5 3 120 0000 163.31.102.156 0000 192.192.122.144 06 b3c 50 5 212 0000 163.31.102.156 0000 192.192.122.144 06 12
13、83 50 3 156 0000 211.141.113.77 0000 203.71.88.240 11 fbf fa4 1 295 0000 140.117.11.100 0000 203.72.39.34 06 c38 e25d 7 3893 0000 61.139.8.11 0000 163.28.16.2 06 50 bb03 1 41 0000 140.117.11.100 0000 203.72.39.34 06 c38 e256 6 1229 0000 210.85.124.196 0000 203.64.48.107 06 28da 17 1 43 0000 140.117.
14、11.100 0000 203.72.39.34 06 c38 e261 13 4909,2020/7/6,32,統計分析程式,將收集並儲存下來的netflow資料予以統計分析產生報表 可從網路下載程式 http:/netflow.nctu.edu.tw/netflow.html 以perl撰寫 netflow.pl daily.pl 可針對網段、協定、流入/流出之IP網段進行合計或TOP統計 台大NetFlow統計網頁,2020/7/6,33,# daily.pl # Modify the following to meet your configuration. # # $dir is w
15、here you put your program and config files # $rawdir is where the raw log files kept # $outputdir is where the output files should be # $dir = /usr/NetFlow/analysis; $rawdir = /usr/NetFlow/raw; $flowprint = /usr/NetFlow/bin/flow-print; $outputdir = /usr/local/www/data/netflow/daily; $htmldir = sprin
16、tf (%s/html/%02d%02d%02d, $outputdir, $year, $mon, $mday); $rawoutput = sprintf (%s/raw, $outputdir); $TopN = 100; NET = (NTUProxy, NTUGeneral); $protfile = $dir/protocols; $servfile = $dir/services; $intranet = $dir/intranet; $DEBUG = 0; # debug info flag $SLEEP_TIME = 0; #debug $COUNT_THRESHOLD = 50; #debug,2020/7/6,34,Part III,MRTG,2020/7/6,35,MRTG,MRTG簡介 MRTG使用方式 利用MRTG監看其他系統資源,2020/7/6,36,Mul
