Question

I'm developing Network Behavior Anomaly Detection and I'm using Cisco protocol NetFlow for collecting traffic information. I want to collect information about layer 7 of ISO OSI Reference Model, especially https protocol. What is the best way to achieve this?

Was it helpful?

Solution

Maybe someone find it helpful:

In my opinion you should try sFlow or Flexible NetFlow.

SFlow uses a sampling to achieve scalability. System architecture consists receiving devices getting two types of samples: -randomly sampling packets -basis of sampling counters at certain time intervals Sampled packets are sent as sFlow datagrams to a central server running the software for the analysis and reporting of network traffic, sFlow collector.

SFlow may be implemented in hardware or software, and while the name "sFlow" means that this is flow technology, however, this technology is not flow at all, and represents the transmission image on the basis of samples.

NetFlow is a real flow technology. Entries for the flow generated in the network devices and combined into packages. Flexible NetFlow allows customers to export almost everything that passes through the router, including the entire package and doing it in real time, like sFlow.

In my opinion Flexible NetFlow is much better and if you're afraid of DDoS attack choose it. If FNF is better why use sFlow? Cause many switches today only supports sFlow, and if we don't have possibility of use FNF and want to get real-time data sFlow is best option.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top