A. Bobyshev (FERMILAB)
Network flow data gathered on border routers and core network switch/routers is used at Fermilab for statistical analysis of traffic patterns, passive network monitoring, and estimation of network performance characteristics. Flow data is also a critical tool in the investigation of computer security incidents. Development and enhancement of flow- based tools is on-going effort. The current state of flow analysis is based on the open source Flow-Tools package. This paper describes the most recent developments in flow analysis at Fermilab. Our goal is to provide a multidimensional view of network traffic patterns, with a detailed breakdown based on site, experiment, domain, subnet, hosts, protocol, or application. The latest analysis tool provides a descriptive and graphical representation of network traffic broken down by combinations of experiment and DNS domain. The tool can be utilized in real-time mode, as well as to provide a historical view. Another tool analyzes flow data to provide performance characteristics of completed multistream GridFTP data transfers. The current prototype provides a web interface for dynamic administration of the flow reports. We will describe and discuss the new features that we plan on developing in future enhancements to our flow analysis tool set.