Term
| List the three reasons you want to know traffic levels |
|
Definition
Find out network loading
Determine potential to expand size / shrink bandwidth requirements
Identify bad hosts/ behaviour |
|
|
Term
| What does traffic performance give you? |
|
Definition
Further information on factors affecting the network
Insight into application behaviour |
|
|
Term
| What three things can you measure to give you an idea of traffic levels? |
|
Definition
Bits / second
Packets / second
Connections / second |
|
|
Term
| What is traffic levels good for? |
|
Definition
Evaluating network loading, spotting large scale problems
Basic level-monitoring |
|
|
Term
| What are traffic levels bad for? |
|
Definition
| Investigation beyond average / aggregate focus |
|
|
Term
| What is per-connection analysis? |
|
Definition
| Analysie based on connection |
|
|
Term
| What is per connection analysis good for? |
|
Definition
ID poor performance due to protocol / application
Everything - full packet analysis provides highest level of detail |
|
|
Term
| What is per-connection analysis bad for? |
|
Definition
Lack of advanced network expertise
Generalising results |
|
|
Term
| Pre-requisites for non-intrusive network monitoring? |
|
Definition
Monitoring Station
Tapping point
Cooperation
Remote / independent collection |
|
|
Term
| What should a monitoring station preferably have? |
|
Definition
|
|
Term
| Where should a tapping point be connected? |
|
Definition
|
|
Term
| What two ways can you analyse data? |
|
Definition
|
|
Term
| What's wireshark etc good for? |
|
Definition
| Seeing local bandwidth availability |
|
|
Term
| What kind of monitoring does netflow do? |
|
Definition
| Per-flow monitoring at a high-level |
|
|
Term
| What's a flow consist of? |
|
Definition
| SrcIP, DstIP, SrcPort, DstPort |
|
|
Term
| When netflow stuff is stored, whatd oes this allow for? |
|
Definition
Observing trends and IDing past events
Re-running of the analysis from a different perspective |
|
|
Term
| What is netflow good for? |
|
Definition
| Finding out more about application / network traffic levels, host / user traffic accounting |
|
|
Term
| What is netflow still not good for? |
|
Definition
| IDing performance end-to-end performance issues |
|
|
Term
| Does low network traffic mean a healthy network? |
|
Definition
|
|
Term
| What does netflow exporter do? |
|
Definition
| Input - > raw traffic; Output -> Netflow records; Send to a collector |
|
|
Term
| Why are some netflow collectors' so expensive? |
|
Definition
| They're designed for ISPs not home networks |
|
|
Term
| What 5 things do you use network analyser for? |
|
Definition
ISP traffic accounting
KEeping an eye on the network
Overall / per-host / per-application usage
Detecting attacks and bandwidth logs
Show due-dilligence |
|
|
Term
| What should performance analysis emulate? |
|
Definition
|
|
Term
| Who / what should analyse network performance? |
|
Definition
|
|
Term
|
Definition
Human analysis
Storage and basic processing of the output |
|
|
Term
|
Definition
| Interpreting large amounts of traffic |
|
|
Term
| What is TCPDUMP GREAT?!?!?!?!? |
|
Definition
ITS SUPER-FAST-LIKE-A-CHETAH!
It provides raw information on the captured packets |
|
|
Term
| WHY IS TCPDUMP SHIIIIIIIIIIIIIIIIT? |
|
Definition
It requires specializzzzzzzzzzzzzzed imput
It may require further piping / filtering for extracting relevant data |
|
|
