NetFlow Data Visualization Based on Graphs

  • Pavel Minarik
  • Tomas Dymacek
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5210)

Abstract

We present an innovative approach to NetFlow data processing and visualization developed at Masaryk University in Brno. Our visualization method based on graphs bridges the gap between highly aggregated information visualization represented by charts and too much detailed information represented by the log files. In our visualization method the graph nodes stand for network devices and oriented edges represent communication between these devices. We also present the utilization of external data sources (DNS, port names, etc.), which helps to present NetFlow data in more intuitive way. Hence this approach is very natural one for both network administrators and non-specialists. Based on these methods a proof-of-concept tool called NetFlow Visualizer has been developed and is now offered as an plug-in for the NetFlow probes.

Keywords

visualization visual analytics NetFlow data graphs 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cisco Systems: Cisco IOS NetFlow (2007), http://www.cisco.com/go/netflow
  2. 2.
    Haag, P.: NfSen - NetFlow Sensor (2007), http://nfsen.sourceforge.net
  3. 3.
    Robinson, N., Scaparra, J.: Interactive Network Active-traffic Visualization (INAV), http://inav.scaparra.com/docs/whitePapers/INAV.pdf
  4. 4.
    Cornell University, Department of Computer Science: Netview, http://netview.gforge.cis.cornell.edu/index.php
  5. 5.
    Jcap project team: jpcap – a network packet capture library, http://jpcap.sourceforge.net/
  6. 6.
    Chinchor, N., Hanrahan, P., Robertson, G., Rose, R.: Illuminating the Path: The Research and Development Agenda for Visual Analytics. National Visualization and Analytics Center (2006)Google Scholar
  7. 7.
    Berkeley Institute of Design: The Prefuse Visualization Toolkit, http://www.prefuse.org
  8. 8.
    Mycroft Mind Inc.: Mycroft Mind Inc. Company Profile, http://www.mycroftmind.com
  9. 9.
    Mycroft Mind Inc.: NetFlow Visualizer, http://www.mycroftmind.com/products:nfvis
  10. 10.
    INVEA-TECH Inc.: INVEA-TECH Inc. Company Profile, http://www.invea.cz/main/home
  11. 11.
    Čeleda, P., Kováčik, M., Koníř, T., Krmíček, V., Špringl, P., Žádník, M.: FlowMon Probe. Technical Report 31/2006, CESNET, z. s. p. o. (2006) http://www.cesnet.cz/doc/techzpravy/2006/flowmon-probe
  12. 12.
    Haag, P.: NFDUMP - NetFlow processing tools (2007), http://nfdump.sourceforge.net
  13. 13.
    Graph Drawing Steering Committee: GraphML format, http://graphml.graphdrawing.org
  14. 14.
    Agent Technology Group, Gerstner Laboratory, Czech Technical University in Prague and Institute of Computer Science, Masaryk University in Brno: CAMNEP (Cooperative Adaptive Mechanism for NEtwork Protection) project web page, http://agents.felk.cvut.cz/projects/camnep

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Pavel Minarik
    • 1
  • Tomas Dymacek
    • 2
  1. 1.Institute of Computer ScienceMasaryk UniversityBrnoCzech Republic
  2. 2.Mycroft Mind, Inc.BrnoCzech Republic

Personalised recommendations