User login

Weekly Report 15/06/2015

15

Jun

2015

Switched from using Netflow to sFlow since it turns out it is the most convenient way to get the information I need with the equipment available. Brad gave me some info on the switch which is exporting me traffic so I can differentiate between incoming and outgoing flows. I am having to manually check the interfaces in my parser program to get direction information. This isn't the most flexible way of doing it but the versions of Netflow and sFlow that are available do not support direction information and only handle incoming packets, not outgoing ones. I plan on making a configuration file which will contain the interface on which packets are sent to the Internet for the network on which my application is being installed. My parser program will use this to ascertain which flows are outgoing.

Currently I maintain 2 databases; one for ingress flows and one for egress. This is a result of me having to coordinate the individual flows which sFlow exports for each ingress interface. To reduce the amount of entries in my databases, I will only collect information from a couple of incoming interfaces on the local network. I will listen to all incoming packets on the uplink interface to the Internet.

Shane said altering lpicollector to export MAC addresses would be too much trouble so I skipped that idea. I still plan on using it later on to get application layer information and associate them with the flow exports produced by sFlow.

This week I will do as much of the application as possible with the data I have.