NetVizura

A network traffic analysis tool

Agenda

• Why NetVizura is needed• How NetVizura works• Where NetVizura is deployed• Use cases

3

Why Use NetVizura?

4

1. A flow is unidirectional2. Defined by inspecting a packet’s key fields (common properties) and

identifying the values 3. If the set of key field values is unique create a flow record or cache entry

How Does NetVizura Work?Part 1: IPFIX Flow Data

How Does NetVizura Work?Part 2: Define Traffic Patterns

• Traffic pattern = IP addresses that represent an internal and external network

5

Internal Network:128.117.0.0/16

External Network:Internet

NetVizura Deployment

6

Case 1: NCAR’s Top Hosts

7

Case 2: GladeWho does Glade exchange traffic with?

8

Case 3: MSUD Traffic SpikePort Utilization

9

Case 3: MSUD DOS AttackTop Hosts

10

Case 3: MSUD DOS AttackTop ASs

11

Questions?

12