Abstract
Internet traffic is often summarized by collecting NetFlow/IPFIX flow records. Several tools exist to filter or to search for specific flows in a collection of flow records. However, there is a need for a framework (filter language) which allows certain types of traffic patterns to be defined and matched in a collection of flow records. The goal of this project is to research the various filter/query languages used by tools or proposed in the literature and to extract a common basis for a new orthogonal flow record query language. We present research motivation and state of the art in this paper.
Chapter PDF
Similar content being viewed by others
References
Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (October 2004)
Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101 (January 2008)
Nickless, B.: Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics. In: Proc. of LISA 2000, pp. 285–290. USENIX Association (2000)
Babcock, B., Babu, S., Datar, M., Motwani, R., Widom, J.: Models and issues in Data Stream Systems. In: Proc. of PODS 2002, pp. 1–16. ACM, New York (2002)
Cranor, C., Johnson, T., Spataschek, O., Shkapenyuk, V.: Gigascope: A Stream Database for Network Applications. In: Proc. of SIGMOD 2003, pp. 647–651. ACM, New York (2003)
Sullivan, M., Heybey, A.: Tribeca: a System for Managing Large Databases of Network Traffic. In: Proc. of ATEC 1998, pp. 13–24. USENIX Association (1998)
McCanne, S., Jacobson, V.: The BSD Packet Filter: A New Architecture for User-level Packet Capture. In: Proc. of USENIX 1993, pp. 259–270. USENIX Association (1993)
Nfdump, http://nfdump.sourceforge.net/
Moore, D., Keys, K., Koga, R., Lagache, E., Claffy, K.: The Coral Reef Software Suite as a Tool for System and Network Administration. In: Proc. of LISA XV, pp. 133–144. USENIX Association (2001)
Keys, K., Moore, D., Koga, R., Lagache, E., Tesch, M., Claffy, K.: The Architecture of CoralReef: an Internet Traffic Monitoring Software Suite. In: Proc. of PAM 2001, CAIDA, RIPE NCC (April 2001)
Kornexl, S., Paxson, V., Dreger, H., Feldmann, A., Sommer, R.: Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic. In: Proc. of IMC 2005, USENIX Association (2005)
Flow-tools, http://www.splintered.net/sw/flow-tools/
Plonka, D.: FlowScan: A Network Traffic Flow Reporting and Visualization Tool. In: Proc. of LISA 2000, pp. 305–318. USENIX Association (2000)
Rrdtool, http://oss.oetiker.ch/rrdtool/
Estan, C., Savage, S., Varghese, G.: Automatically Inferring Patterns of Resource Consumption in Network Traffic. In: Proc. of SIGCOMM 2003, pp. 137–148. ACM, New York (2003)
Collins, M., Kompanek, A., Shimeall, T.: Analysts Handbook: Using SiLK for Network Traffic Analysis. CERT. 0.10.3 edn. (November 2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Marinov, V., Schönwälder, J. (2008). Design of an IP Flow Record Query Language. In: Hausheer, D., Schönwälder, J. (eds) Resilient Networks and Services. AIMS 2008. Lecture Notes in Computer Science, vol 5127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70587-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-70587-1_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70586-4
Online ISBN: 978-3-540-70587-1
eBook Packages: Computer ScienceComputer Science (R0)