Network Flow Analysis (Anglais) Broché – 28 juin 2010
|Neuf à partir de||Occasion à partir de|
Produits fréquemment achetés ensemble
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Dans ce livre(En savoir plus)
Quels sont les autres articles que les clients achètent après avoir regardé cet article?
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta)
People administering any sort of larger network, usually as part of the day job, are the target audience. Netflow appears to be supported by many network equipment vendors, and software tools exist to read it on *BSD.
(For the uninitiated, Netflow tracks network activity in terms of protocol, port, and so on - everything short of the actual data. It can describe what was happening at any point in time between hosts on a tracked network.)
As described in the book, it's useful for both tracking down active issues and for analyzing the health of a network that otherwise could be hidden by averaged graphs, or seen only by direct reads at the problem site. The book covers the protocol and various tools involved with it, and branches off into other related topics, like the use of gnuplot to create ad-hoc representations.
The book is enjoyable, with a touch of a conspiratorial Bastard Operator From Hell-like attitude between the author and the reader. It's a directed narrative going through install, analysis, and reporting, different enough from a man page review that there's value in proceeding from chapter to chapter. There's also enough detail in the center of the book that it can serve as a reference source for Netflow collector setup.
It was valuable enough that I found myself planning ways to implement this at my workplace. Remarkable, considering how dry network analysis can be.
(pasted from a review I wrote elsewhere)
NFA is a very technical book, which can make for a very boring read, but like Absolute FreeBSD, Lucas is able to maintain a light, interesting tone, even while discussing the configuration of gnuplot. (!)
From a technical perspective, NFA is very useful for getting your (open source) network flow analysis system up and going--But be aware that it will take time, especially if you want the flexibility of what FlowTracker/FlowGrapher can offer, versus the less flexible, but easier to use/learn CUFlow.
Lucas gives great practical examples of using flows to monitor & troubleshoot issues on your network. The examples are sprinkled through the book, and then a few case studies take up the last 7 pages of the book.
I found it interesting that the back cover claimed that you will learn how to:
-Identify network, server, router, and firewall problems before they become critical
-Find defective and mis-configured software
-Quickly find virus-spewing machines, even if they are on a different continent
These scenarios were covered, but in appallingly anemic sections--For instance, the "Quickly find virus-spewing machines, even if they are on a different continent" scenario was covered on 1 page. (186-187)
I guess I was thinking that since the above scenarios was a fairly large point in the description of the book, that they would be covered in a bit more detail.
One more nitpick: Lucas describes Conficker as both a Virus and a Worm--It is most definitely a worm, not a virus--There is a difference...
The above nitpicks are not enough to diminish the 5 star rating I am giving NFA: I found it to be a great addition to my reference bookshelf, and I'm sure it will be creased and dogeared as I attempt to implement my own NetFlow analysis system this next year.
Lucas promotes his subject by motivating the imagination, not the intellect. As he writes in his introduction, "Network administrators all share an abiding and passionate desire for just one thing. We want our users to shut up." I for one can tell you where I was working and the problems I was dealing with when I first felt exactly that. And from that point on, the book flows neatly from one point to the next. The topic sequence, consistent tone and focus kept me engaged and confident that I could go as far as I'd like, with this book as a start.
To achieve that effect for me, a book has to look and feel manageable in a reasonable amount of time. Network Flow Analysis is about two hundred pages long, but it is hardly thin. The pace of discussion is deliberate but covers a lot of ground. As for continuity, I can't recall a passage that wasn't supported by earlier discussion or wasn't detailed soon after. Lucas narrates in a straightforward manner that does not succumb easily to distraction or concern for losing the reader. Where most authors tackle the subject with a compendium of summations or mostly-digested specifications, Lucas exhibits the guileless courage of someone who spends every day on a roof or under a sink. And he does something most network admin writers could learn to do for all our sakes: he uses a reference book for all the detail.
The only surprise I found in this book came in Chapter 8, "Ad Hoc Flow Visualization," where Lucas writes, "gnuplot ... has a notoriously steep learning curve and a reputation for complexity." Even though the rest of the paragraph softens this claim a bit, I bought and read a book on gnuplot to make sure I hadn't missed something.
Network Flow Analysis is not a book that would inspire a Dummies-identifying reader to have a go, I don't think. No such book will ever be written. But if troubleshooting the network becomes your job, and you need more than a kickstart, and you do want to shut people up, you need a friend. You could do far worse than start here.
There are sections I don't happen to need (such as implementing netflow on the network in the first place, since my network already has this implemented) but the structure and lay-out of the book makes it easy to find and pull the info *I* need out of it. I've only had the book 48 hours or so, and it's already dominated the spot to the left of my PC at work.
Hide it, if you must, if you don't want to sully your reputation as THE alpha geek at work, but get it. Go get it now. There's plenty in here for both novice and guru alike.
"Network administrators all share an abiding and passionate desire for one thing: We want our users to shut up."
The guy backs his bark with bite. I feel he makes the reader feel like a plains indian if netflow were a buffalo. He will show you specifically how to go about setting up a netflow collector, how to install analysis tools, how to use them to determine all sorts of stuff, to how to use gnuplot to graph it. It covers host-level to bgp. I didn't know port numbers were used a different way for ICMP netflow packets, or that netflow v7 is actually useful for routers.
That said, the point of publishing is 2 years ago and I don't know how dated the material is. The author refers to very specific versions of software, which may have been perfectly useful on the day of publishing. That said, netflow itself does not change much (until IPFIX and IP6 roll out).
Oh, and this review is for the Kindle version. Somewhat perversely, I chose to run this entire book through text to speech while driving. While it was painful to hear a robotic man read out a full page of 5-tuple data, it worked out. Kudos to the publisher for not disabling text to speech.