Linux Network Monitoring
-
Upload
kenny-chen -
Category
Internet
-
view
251 -
download
0
description
Transcript of Linux Network Monitoring
![Page 2: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/2.jpg)
主題大綱● 必備網路基礎知識● 協定行為● 常見網路問題與防御● 網路監控與分析工具
![Page 3: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/3.jpg)
Part I
必備網路基礎知識
![Page 4: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/4.jpg)
先從封包說起 ...
![Page 5: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/5.jpg)
所謂網路連線其實就是兩個端點的連線
![Page 6: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/6.jpg)
連線兩端透過封包 (packet)傳遞資料
![Page 7: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/7.jpg)
封包基本由 header 與 payload 組成
![Page 8: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/8.jpg)
封包以封裝方式傳遞
![Page 9: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/9.jpg)
談到封裝,就得了解OSI了 ...
![Page 10: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/10.jpg)
網路設計都參考是 OSI模型來設計的
![Page 11: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/11.jpg)
●設備規格●電子信號轉換●傳輸媒體 (線材 )規範
L1 實體層
![Page 12: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/12.jpg)
●網路卡的實體地址 (Physical Address)●虛擬電路 (Virtual Circuit)連接和邏輯連結 (Logical Link) 的建立和結束● 控制框包的傳送和錯誤檢測方式● 框包的傳送及接收順序和傳遞方式● 判定框包的建立及重組分界●檢測框包的確認﹐以及在得不到回應或重複發送的情形下進行修復的程序● 處理實體層的轉換和管理● 對接收框包進行檢錯和確認●檢查發送框包的實體地址以確保資料能正確的被送抵目的地之網路層
L2資料連接層
![Page 13: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/13.jpg)
●如果封包不是屬于同一個網路的時候﹐會將之交由router處理●控制數據流量﹐當 router的緩衝區飽和的時候﹐會通
知數據傳輸設備使用其它路徑或暫停發送封包●當封包體積超過 router的MTU(Maximum Transmission Unit)的數值的時候﹐允許 router對封包進行重組後再進行傳送。 (一些所謂的增加modem上網速度的軟體﹐就是因為可以對電腦的 MTU數值進行最佳化﹐儘量減少 router的封包重組﹐以達到最高的數據傳輸效率。 ) ●負責MAC地址和網路地址 (如 IP地址﹑ IPX地址 )之間的解釋和轉換
L3網路層
![Page 14: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/14.jpg)
● “ ” “ ”接管由上層協定傳來的資料﹐並進行 分拆 和 打包 等工作。●利用點對點的方式進行資料傳送和回應的確認。●在得到接收端之資料緩衝區飽和信息之後﹐暫時停止資料發送。●能在單一位址上處理不同的程式協定 (如 ftp http﹑ ﹑telnet等 )﹐並分別進行追蹤及轉換。
L4傳送層
![Page 15: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/15.jpg)
●允許程式以電腦名稱註冊成為網路上唯一的地址。●在電腦之間建立﹑監測﹑和結束虛擬電路 (Virtual Circuit) 。●負責電腦之間的信息同步﹐監測資料溝通狀態﹐並對錯誤信息做出處理。
L5會談層
![Page 16: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/16.jpg)
●字元碼轉換﹐例如﹕ ASCII碼和 EDCDIC碼之間的轉換。●資料形態轉換﹐例如﹕ CR碼和 CR-LF碼﹑整數和浮點數之間的轉換。●對資料進行壓縮和加密﹐以提高速度和增加安全性。
L6表現層
![Page 17: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/17.jpg)
●定義的應用協定功能﹐例如 FTP HTTP TELNET﹐ ﹐ 等。●負責客戶端和伺服端的連接。
L7應用層
![Page 18: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/18.jpg)
其他網路模型跟 OSI的對應
![Page 19: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/19.jpg)
分層的功用
● 分工– 各層只負責該層協定的任務– 可針對特定協定修改而無需全部重寫– 更具彈性地擴充或開發全新協定
● 合作– 每一層都是上下層的界面– 完成的處理再往上 /往下交給另一層來處理– 網路傳輸往往需要多個層級的協定共同處理
![Page 20: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/20.jpg)
封裝 (Encapsulation)
● 封裝– ” ”傳送端先把傳送資料 裝 進上層協定的欄位– 協定加上表頭 (header) “ ”後再整個 裝 到下一層協定的負載 (payload)欄位
– 逐層的往下封裝成封包後再送出
● 解封裝– 接收段把封包收進來之後根據最外層的表頭先交給底層協定處理
– 完成後移除已處理的表頭交給上層協定– 逐層移除表頭一直往上處理獲得最終資料
![Page 21: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/21.jpg)
![Page 22: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/22.jpg)
TCP/IP協定的封裝
![Page 23: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/23.jpg)
TCP/IP協定家族
![Page 24: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/24.jpg)
TCP封包表頭
![Page 25: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/25.jpg)
UDP封包表頭
![Page 26: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/26.jpg)
IP封包表頭
![Page 27: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/27.jpg)
ICMP封包表頭
![Page 28: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/28.jpg)
ICMP類別
![Page 29: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/29.jpg)
ICMP錯誤碼( type 3)
![Page 30: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/30.jpg)
ARP 封包表頭
![Page 31: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/31.jpg)
封包範例
![Page 32: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/32.jpg)
Part II
協定行為
![Page 33: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/33.jpg)
FTP連線通道 (L7)
![Page 34: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/34.jpg)
![Page 35: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/35.jpg)
![Page 36: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/36.jpg)
TCP連線建立 (L4)
![Page 37: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/37.jpg)
TCP連線結束
![Page 38: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/38.jpg)
TCP連線狀態
![Page 39: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/39.jpg)
TCP連線確認
![Page 40: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/40.jpg)
![Page 41: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/41.jpg)
NAT工作原理 (L3)
![Page 42: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/42.jpg)
PING工作原理 (L3)
● 發送端送出 Echo Request (ICMP Type 8)● 回應端傳回 Echo Reply (ICMP Type 0)● 兩者成功再進行下一輪傳送,并增加序號
![Page 43: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/43.jpg)
Traceroute工作原理 (L3)
● 發送端出第一個封包之 TTL為 1● 第一個 router扣掉 1之後 TTL為 0 ,則送出
Time Exceeded (ICMP Type 11)回發送端,發送端得知第一個 Router 之 IP
● 發送下一個封包并 TTL增量 1,如此到達第二個 router的時候 TTL為 0,再送 ICMP回來則知道第二個 router的 IP
● 重復上述步驟直到封包送達目的地就可以得出每個站 router的 IP
![Page 44: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/44.jpg)
ARP協定 (L2)
![Page 45: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/45.jpg)
Part III
常見網路問題與防御
![Page 46: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/46.jpg)
實體線路 (L1)
● 佈線系統– 接頭鬆脫– 線路損毀– 訊號干擾
● 設備問題– 電力故障– 設備掛點– 錯誤配置
![Page 47: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/47.jpg)
資料連接層 (L2)
● ARP– ARP Caching
– ARP Poisoning
– ARP Spoofing
– MAC Conflict
● 架構問題– Loop
– SPT
– VLAN
![Page 48: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/48.jpg)
IP連接層 (L3)
● IP Conflict● IP Block
– ACL
– Firewall
● Routing– Static
– Dynamic
– NAT
![Page 49: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/49.jpg)
NAT問題
![Page 50: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/50.jpg)
名稱解析問題
● DNS系統漏洞– DNS cache poisoning
– 假的 DNS server
– Men in the middle attack
– Domain hijacking
– DNS指向被竄改
![Page 51: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/51.jpg)
服務層級問題● 服務未啟動
– Stand Along
– Super Deamon
● 服務受阻擋
– Firewall
– Super Deamon
– TCP Wrapper
– PAM
– ACL
● 服務異常
– Over Loading
– DOS
![Page 52: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/52.jpg)
其他
● 機房– 冷卻、電力、配線
● 天災– 水災、火災、地震、海嘯、火山、殞石 ...
● 人禍– 拔錯電源、網路線、誤關設備– 施工不慎– 恐怖攻擊
![Page 53: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/53.jpg)
入侵行為
● 利用程式漏洞– Web Application
– Service
– Operating System
● 蠻力破解● 竊聽● MIM(Man In the Middle)● 社交工程
![Page 54: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/54.jpg)
竊聽行為
● 竊聽設備– Hub v.s. Switch
– Wireless
– Mirror Port
● ARP Poisoning● MIM(Man In the Middle)
![Page 55: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/55.jpg)
服務阻斷攻擊
● Flooding– TCP
– UDP
– ICMP
– Application
● 弱點利用– Buffer Overflow
– Format String
– Injection
![Page 56: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/56.jpg)
問題防御
● 網路連線可用度提升● 依循標準 / SOP
● 偵測設備 /機制● 加密連線● 更新漏洞● 應災計劃
![Page 57: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/57.jpg)
SSH封裝非加密連線
● ssh -L 10110:10.0.0.1:110 4.3.2.1
![Page 58: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/58.jpg)
Part IV
網路監控與分析工具
![Page 59: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/59.jpg)
tcpdump
![Page 60: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/60.jpg)
tcpdump
● http://www.tcpdump.org/● CLI 模式的封包截取工具● 使用 libpcap 作為封包處理函式庫● 大多數 Unix-based 作業系統均內建
![Page 61: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/61.jpg)
Wireshark
![Page 62: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/62.jpg)
Wireshark
● http://www.wireshark.org/● 早期名稱為 ethereal
● 可作為 sniffer 截取封包來分析● 亦可重組封包取出資料區● 提供圖形界面
![Page 63: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/63.jpg)
Wireshark● 選擇網路界面
![Page 64: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/64.jpg)
Wireshark● 側錄封包
![Page 65: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/65.jpg)
Wireshark● 封包重組
![Page 66: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/66.jpg)
ntop
![Page 67: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/67.jpg)
ntop● http://www.ntop.org/● 即時的流量分析 /統計工具● 可接受
– Mirror Traffic
– NetFlow/sFlow
– In-Line Analysis
![Page 68: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/68.jpg)
mrtg
![Page 69: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/69.jpg)
mrtg● http://www.mrtg.org/● Multi Router Traffic Grapher● 利用 SNMP、或客製指令抓取資料,並產生趨勢圖表
● 可產生日 /週 /月 / 年下之平均數據● 常用來紀錄
– 網路界面流量– 主機負載 (CPU/Memory/ … etc)
– 磁碟使用率
![Page 70: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/70.jpg)
mrtg
![Page 71: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/71.jpg)
![Page 72: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/72.jpg)
Nagios
![Page 73: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/73.jpg)
Nagios
● http://www.nagios.org/● Open Source / Free 的監控工具● 網路狀態監控工具● 可發出即時 Alert
● 常用於觀察– 主機服務– 網路節點狀態
![Page 74: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/74.jpg)
Nagios
![Page 75: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/75.jpg)
Nagios
![Page 76: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/76.jpg)
Nagios
![Page 77: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/77.jpg)
Zabbix
![Page 78: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/78.jpg)
Zabbix
● http://www.zabbix.com/● Open Source / Free 的監控工具● 網路狀態監控工具● 支援許多作業系統● 可即時發出 Alert
![Page 79: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/79.jpg)
Zabbix
![Page 80: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/80.jpg)
Zabbix
![Page 81: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/81.jpg)
Zabbix
![Page 82: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/82.jpg)
OpenNMS
![Page 83: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/83.jpg)
OpenNMS
● http://www.opennms.org/● Open Source / Free 的網管工具 (NMS)
● 運作於 Java+Tomcat● Demo Site● http://demo.opennms.org/
![Page 84: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/84.jpg)
OpenNMS
![Page 85: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/85.jpg)
OpenNMS
![Page 86: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/86.jpg)
cacti
![Page 87: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/87.jpg)
cacti● http://www.cacti.net/● 利用 php + mysql + rrdtool 畫出各種圖表的網管軟體
● 常用來取代傳統的 mrtg
● 可為各常用設備定義 template,套用方便
![Page 88: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/88.jpg)
cacti
![Page 89: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/89.jpg)
![Page 90: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/90.jpg)
![Page 91: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/91.jpg)
NetFlow / sFlow
![Page 92: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/92.jpg)
NetFlow / sFlow● NetFlow● 由網路設備將通過之封包資訊匯出至接收機● –封包資訊
– Source IP
– Destination IP
– Source Port
– Destination Port
– Protocol
– Interface
– ToS
![Page 93: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/93.jpg)
NetFlow / sFlow 架構
![Page 94: Linux Network Monitoring](https://reader034.fdocuments.net/reader034/viewer/2022052400/559adcdb1a28abe4138b45e2/html5/thumbnails/94.jpg)
Q & A