| Summary: | 碩士 === 銘傳大學 === 電腦與通訊工程學系碩士班 === 106 === Traditionally, Tcpdump or WireShark are widely used to analyze network traffic. However, as network bandwidth increases, the amount of network traffic passed through also increases. Thus, the computation resources and time required to accomplish network traffic analysis within a certain time may even more increases. By using NetFlow technology, it may reduce the time and resources required for analysis. But as network bandwidth grows, the time it takes to analysis network traffic also even more increases. When time and resources are limited, by applying sampling techniques to the generation of NetFlow may dramatically reduce the amount of NetFlow data, and the time and resources required for traffic analysis may be highly reduced. Since NetFlow data are generally used to generate many types of statistical ranking reports, it needs to be clarified how sampling techniques may alter the rank order of these statistic reports before decisions are made based on the rank of these reports. In this study, the NetFlow data of 28 days in a network area of Taiwan academic network were analyzed. In the case of statistical time length and different sampling ratios, the difference in the IP address, the total number of Byte and the total number of Packet were different. The results show that the sampling of NetFlow does affect the IP address retention rate of the statistical table, as well as the ranking of the total number of Byte and Packet, and the higher the sampling ratio, the greater the impact.
|
|---|
