netflow: what happens in your network? (@ mum ljubljana...
TRANSCRIPT
![Page 1: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/1.jpg)
NetFlow:whathappensinyournetwork?
byLorenzoBusatti
1MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy
![Page 2: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/2.jpg)
LorenzoBusatti
• FounderofGrifonline S.r.l.(1997)
• FounderofLinkwave (2006)
• MikroTik Trainer(2010)
• MemberofRIPE,AMS-IX,MIX-IT
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 2
Aboutme
![Page 3: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/3.jpg)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 3
Aboutme
![Page 4: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/4.jpg)
I'maMikroTik enthusiast
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 4
![Page 5: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/5.jpg)
I'maMikroTik enthusiast
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 5
I'maMikroTik evangelist
![Page 6: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/6.jpg)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 6
Aboutme• Founder(2016)ofthe
NonProfitOrganizationforHighQualityTrainingPartners
![Page 7: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/7.jpg)
Advertisingtime!
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 7
MyfriendAndrewCoxbookedtoolateforthisMUM,sothepresentationsslotswasalreadyfull.
Ipromisedhimtoquickadvertisehisfantasticproduct(andforfreeJ):
![Page 8: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/8.jpg)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 8
![Page 9: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/9.jpg)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 9
![Page 10: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/10.jpg)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 10
![Page 11: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/11.jpg)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 11
![Page 12: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/12.jpg)
DedicatedtoMax
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 12
![Page 13: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/13.jpg)
Thetrafficofyournetwork
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 13
![Page 14: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/14.jpg)
Thetrafficofyournetwork
Isoneofthemostimportants “things”.
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 14
![Page 15: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/15.jpg)
Thetrafficofyournetwork
Whatdoyouknowaboutit?
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 15
![Page 16: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/16.jpg)
Thetrafficofyournetwork
WhatisthegrowthofyourcustomertraffictoNetflix?
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 16
![Page 17: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/17.jpg)
Thetrafficofyournetwork
WhatarethetopASyoushouldpeerwith?
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 17
![Page 18: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/18.jpg)
Thetrafficofyournetwork
Whoisthetopbandwidthdrawer?
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 18
![Page 19: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/19.jpg)
Thetrafficofyournetwork
WithfewtoolsyoucanknowmorethanyoucanImagineJ
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 19
![Page 20: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/20.jpg)
NetFlow inpills
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 20
• Isa“common”router’sfeature• Collect IPtrafficstatistics• Laterwillexport themto aNetFlow Collector• They’recalled:flowrecord• Theformatistemplatebased(sincethe
Version9):expandableforthefuture
![Page 21: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/21.jpg)
NetFlow inRouterOS
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 21
• Yes,issupported!• Iscalled:TrafficFlow(NetFlow it’saCisconaming….)
• He’s“living”there:/ip traffic-flow
• ExistsinceROSv.2.9• TodaysupporttheVersions1,5,9• Checkthewikiforthedifferences….J
![Page 22: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/22.jpg)
TrafficFlowinaction
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 22
NetFlowCollector
(andAnalyzer)
YOURWAN
YOURLAN
TheClient
The“Flows”
![Page 23: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/23.jpg)
TwoIngredients
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 23
ANetFlowCollector
(andAnalyzer)
The“Flows”
![Page 24: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/24.jpg)
TrafficFlowlimitations
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 24
• UptoRouterOS v.6.0willexportonly RXtrafficofaninterface• CurrentlyRouterOS doesnotexportBGPAS
numbersL• Hopetoseeimplementedsoon….J
![Page 25: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/25.jpg)
The“boring”part
(butveryshort….)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 25
![Page 26: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/26.jpg)
Packettransportprotocol
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 26
• Therecords areexported using UDP• Thestandardport is the2055(user defined)• Therouterdoes not keep track offlow
records already exported• If aNetFlow packet is dropped all contained
records arelost forever• Doesn’t exportthe“payloads”• Thecontent isn’t encrypted
![Page 27: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/27.jpg)
Generalstructure(v9)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 27
NetFlow Packet header– Template• NetFlow Record 1• NetFlow Record 2• NetFlow Record n– Template• NetFlow Record n +1• NetFlow Record n +2• NetFlow Record n +n
![Page 28: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/28.jpg)
Thepacketheader
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 28
• Versionnumber (v1�v5,v7�v8,v9)• Sequence number• Timestamp• Number ofrecords (v5orv8)orlistof
templates andrecords (v9)
![Page 29: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/29.jpg)
TheTemplateformat
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 29
• ID• length• FieldCount• Field1Type• Field1Length• Field2Type• Field2Length• FieldN Type• FieldN Length
![Page 30: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/30.jpg)
(some)v9Fields
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 30
IN_BYTESOUT_BYTESIN_PKTSOUT_PKTSPROTOCOLSRC_TOSTCP_FLAGSL4_SRC_PORTL4_DST_PORTIPV4_SRC_ADDRIPV4_DST_ADDR
DIRECTIONIPV4_NEXT_HOPIPV6_SRC_ADDRIPV6_DST_ADDRICMP_TYPEIN_SRC_MACIN_DST_MACOUT_DST_MACOUT_SRC_MACSRC_VLANDST_VLAN
SRC_ASDST_ASBGP_IPV4_NEXT_HOPIP_PROTOCOL_VERSIONMPLS_LABEL_(1-10)IF_NAMEIF_DESC
FORWARDINGSTATUS(lots ofsubcodes!!!)
![Page 31: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/31.jpg)
Liveview
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 31
Thepacket Header
![Page 32: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/32.jpg)
Liveview
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 32
TheTemplate
![Page 33: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/33.jpg)
Liveview
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 33
One Flow
![Page 34: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/34.jpg)
Summary
TheTrafficFlowwill“export”almost“everything”excepttheeffective“payload”
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 34
![Page 35: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/35.jpg)
Settingup(therouter)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 35
![Page 36: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/36.jpg)
IP–>TrafficFlow
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 36
![Page 37: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/37.jpg)
IP–>TrafficFlow- Targets
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 37
![Page 38: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/38.jpg)
IP–>TrafficFlow->Status
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 38
![Page 39: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/39.jpg)
Howmuchresourceswilltake(theflows)?
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 39
![Page 40: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/40.jpg)
TrafficFlow“traffic”
Thereisnotanexact formulatocalculatetheexported“flows”,butI’llshowyoua”live”example.
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 40
![Page 41: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/41.jpg)
TrafficFlow“traffic”
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 41
The“Flows”
Theroutertraffic
Thesessions
![Page 42: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/42.jpg)
TheNetFlow Collectors(andAnalyzer)
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 42
![Page 43: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/43.jpg)
WhatIneednow?• ACollectorwillcollecttheflowsexportedbyyourrouter.
• AnAnalyzer willmakethesedatareadableandusabletoyou.
• MostoftheCollectorsareAnalyzeralso.
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 43
![Page 44: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/44.jpg)
Whichone?• Opensource;• Closedsource;• ForWindows;• ForLinux;• OntheCloud;• PaidVsFree;
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 44
![Page 45: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/45.jpg)
Examples
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 45
![Page 46: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/46.jpg)
Whichone?I’mnotaresellerorasalesrepresentativeofthesebrands.
Searchontheweband“trybeforebuy”(whenpossible).
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 46
![Page 47: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/47.jpg)
Whichone?InthispresentationI’llshowyouanexampleusingthecloudservicesprovidedby:
http://polygraph.io
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 47
![Page 48: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/48.jpg)
Themostinterestingpart:WhatcanIsee?????
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 48
![Page 49: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/49.jpg)
Whichtraffic?Justfewexamples:• Bandwidthmonitoring• ApplicationsUsed• Identifyvisiteddomains• Toptalkers(customersandhost)• Geolocate traffic.• Attacksdetection.
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 49
![Page 50: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/50.jpg)
Whichtraffic?• AndsinceRouterOS 6.33the fastpath
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 50
![Page 51: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/51.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 51
![Page 52: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/52.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 52
![Page 53: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/53.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 53
![Page 54: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/54.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 54
![Page 55: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/55.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 55
![Page 56: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/56.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 56
![Page 57: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/57.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 57
![Page 58: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/58.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 58
![Page 59: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/59.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 59
![Page 60: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/60.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 60
![Page 61: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/61.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 61
![Page 62: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/62.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 62
![Page 63: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/63.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 63
![Page 64: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/64.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 64
![Page 65: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/65.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 65
![Page 66: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/66.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 66
![Page 67: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/67.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 67
Youcanalsomakereports,watchandexportthestoreflows,and….....
![Page 68: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/68.jpg)
“Live”demo
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 68
![Page 69: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/69.jpg)
Security
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 69
ThesecurityisanotherapplicationoftheTrafficFlow.
Mycontentswillstophere,hopeyou’llenjoyadedicatedpresentationthisevening.
![Page 70: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/70.jpg)
Wrapup
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 70
üWiththeTrafficFlowandaNetFlowAnalyzeryoucanknowwhathappeninyournetworkandthekindoftrafficexchangedbyyourcustomers
üFromthisprivilegedpointofviewyoucanmanage,planandpreventthe“things”ofyournetwork.
![Page 71: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/71.jpg)
Wrapup
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 71
üIhopeyou’lldeploysoonyourprivileged“pointofobservation”J
![Page 72: NetFlow: what happens in your network? (@ MUM Ljubljana 2016)mum.mikrotik.com/presentations/EU16/presentation... · üWith the Traffic Flow and a NetFlow Analyzer you can know what](https://reader034.vdocuments.mx/reader034/viewer/2022050300/5f6937c9930d1925ac02760c/html5/thumbnails/72.jpg)
Thankyou!
Q&A
http://[email protected]
MUM Ljubljana 2016 © Lorenzo Busatti, http://routing.wireless.academy 72