Thursday, 19 August 2010
Network flow analysis by Michael W. Lucas, review
« IPv6 is coming, except in Denmark? | Main | Junos Security, book review »Network Flow Analysis by Michael W. Lucas
ISBN: 978-1-59327-203-6
Paperback: 224 pages
Publisher: No Starch Press June 2010
August 2010
Fantastic and very complete information about network flows
Content
This book is a easy guide to the world of netflow logging and analysis. The content ranges from basic configuration of flow logging and easy customer friendly graphing methods to detailed custom reporting features in the software presented.
While this book does not cover each and every netflow tool available it has a complete walk through allowing you to get started and immediately produce important information for decision makers and troubleshooting.
This book also cover some details that a lot of beginning network people haven't noticed yet, but which are critical for doing netflow analysis. Things like ICMP types and codes and defining what a flow is. Michael also presents filtering and does so while showing you how to build these from simple primitives into fully working and usable examples that you can reuse in production.
The chapters about reporting both show textual representations, hard numbers, and nice graphing tools - suitable for management and others not needing the same level of detail. While showing reporting he not only show the reference, which options are available, but does interpretation of the sample reports.
The book finishes strong by listing common use cases for netflow analysis and if you reach this level in your own network you will have improved things a lot.
Target audience
Focus in this book is on making use of data available from network devices and thus the network administrator is the one doing the actual work. If you are a decision maker you should buy this book for your network guy and benefit from the awesome output he will generate.
You will need a bit of effort if you are not skilled in running tools from the command line, and setting up the tools can seem hard. Fortunately Michael Lucas has already selected a fine list of tools and how to install those.
The strategy of the book is to get you up and running with netflow easily which really works. Then later when you have seen the benefit from netflow you can dig deeper and deeper into reporting and advanced filtering of the data collected.
To summarize the Good stuff
- Short - this book is easy to read and short
- Practical - if you follow the strategy and layout you will get going quickly
- Very advanced and complete - given the length of the book it really has a lot of links and references
The Bad stuff about this book
The subject of netflow is hard to ease into and there are some great tools not described. If possible I would enjoy a follow up book that would connect netflow, intrusion detection, syslogging and monitoring with the same detail - using some selected tools.
Conclusion
This book is mandatory reading for network people, even if they already use netflow. There are sure to be tips and hints that you will enjoy. I read this book in a few days, but I will use the knowledge gained for years to come.
Links
- http://nostarch.com/networkflow.htm book web page and links to more resources
Posted by at CEST 09:08 19/08/2010 in Books
[Trackback URL for this entry]
