Skip to main content
Springer Nature Link
Log in

Measurement Artifacts in NetFlow Data

  • Conference paper
Passive and Active Measurement (PAM 2013)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7799))

Included in the following conference series:

Abstract

Flows provide an aggregated view of network traffic by grouping streams of packets. The resulting scalability gain usually excuses the coarser data granularity, as long as the flow data reflects the actual network traffic faithfully. However, it is known that the flow export process may introduce artifacts in the exported data. This paper extends the set of known artifacts by explaining which implementation decisions are causing them. In addition, we verify the artifacts’ presence in data from a set of widely-used devices. Our results show that the revealed artifacts are widely spread among different devices from various vendors. We believe that these results provide researchers and operators with important insights for developing robust analysis applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Cisco Systems, Inc.: Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide (2009), http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/122sxscg.pdf (accessed on December 14, 2012)

  2. Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (2004)

    Google Scholar 

  3. Cunha, ĂŤ., Silveira, F., Oliveira, R., Teixeira, R., Diot, C.: Uncovering Artifacts of Flow Measurement Tools. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 187–196. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. de Oliveira Schmidt, R., Sperotto, A., Sadre, R., Pras, A.: Towards Bandwidth Estimation Using Flow-Level Measurements. In: Sadre, R., NovotnĂ˝, J., ÄŚeleda, P., Waldburger, M., Stiller, B. (eds.) AIMS 2012. LNCS, vol. 7279, pp. 127–138. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Duffield, N., Lund, C., Thorup, M.: Properties and Prediction of Flow Statistics from Sampled Packet Streams. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 159–171 (2002)

    Google Scholar 

  6. Duffield, N., Lund, C., Thorup, M.: Estimating Flow Distributions from Sampled Flow Statistics. IEEE/ACM Transactions on Networking 13(5), 933–946 (2005)

    Article  MathSciNet  Google Scholar 

  7. Follett, J.H.: Cisco: Catalyst 6500 The Most Successful Switch Ever (2006), http://www.crn.com/news/networking/189500982/cisco-catalyst-6500-the-most-successful-switch-ever.htm (accessed on December 14, 2012)

  8. Gu, Y., Breslau, L., Duffield, N.G., Sen, S.: On Passive One-Way Loss Measurements Using Sampled Flow Statistics. In: INFOCOM 2009, pp. 2946–2950 (2009)

    Google Scholar 

  9. Kögel, J.: One-way Delay Measurement based on Flow Data: Quantification and Compensation of Errors by Exporter Profiling. In: Proceedings of the 25th International Conference on Information Networking (ICOIN 2011), pp. 25–30 (2011)

    Google Scholar 

  10. Kompella, R.R., Estan, C.: The Power of Slicing in Internet Flow Measurement. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC 2005), pp. 105–118 (2005)

    Google Scholar 

  11. Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Architecture for IP Flow Information Export. RFC 5470 (Informational) (2009)

    Google Scholar 

  12. Sommer, R., Feldmann, A.: NetFlow: Information loss or win? In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 173–174 (2002)

    Google Scholar 

  13. Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-Based Intrusion Detection. IEEE Communications Surveys & Tutorials 12(3), 343–356 (2010)

    Article  Google Scholar 

  14. Trammell, B., Tellenbach, B., Schatzmann, D., Burkhart, M.: Peeling Away Timing Error in NetFlow Data. In: Spring, N., Riley, G.F. (eds.) PAM 2011. LNCS, vol. 6579, pp. 194–203. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Telematics and Information Technology, Design and Analysis of Communications Systems (DACS), University of Twente, Enschede, The Netherlands

    Rick Hofstede, Idilio Drago, Anna Sperotto, Ramin Sadre & Aiko Pras

Authors
  1. Rick Hofstede
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Idilio Drago
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anna Sperotto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ramin Sadre
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Aiko Pras
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematical Sciences, University of Adelaide, Innova21 Building, 5005, Adelaide, SA, Australia

    Matthew Roughan

  2. Department of Computing, The Hong Kong Polytechnic University, Hunghom, Kowloon, Hong Kong SAR, China

    Rocky Chang

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hofstede, R., Drago, I., Sperotto, A., Sadre, R., Pras, A. (2013). Measurement Artifacts in NetFlow Data. In: Roughan, M., Chang, R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36516-4_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36516-4_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36515-7

  • Online ISBN: 978-3-642-36516-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics