The development of trusted NetFlow packet capturing system / Ahmad Fuad Mat Som

Today, with the growing of new applications and software, network managers are keen to know what kind of traffic that flows in their network infrastructure everyday. Many protocols are available such as Simple Network Management Protocol (SNMP), packet sniffing and flow-based technology (NetFlow, JFlow and SFlow) can be used to obtain information about IP traffic. Security measure must be taken into consideration when deploying these protocols especially the traffic comes from remote sites through public or unsecured channel. The challenge now is how secure this data can be sent to the monitoring server. In this dissertation we propose IPsec transport mode to be used to protect NetFlow packet sent from a Flow Probe to a Flow Collector. Flow Probe will be tested to run on single machine. Analysis wilL be carried out to investigate the effect and performance. Test bed lab has been set-up to experiment the proposed method. The test bed consist of a Flow Probe, a Flow Collector, a Linux router, three network switches and two units of PC acting as sender and receiver which installed each with traffic generator. To ensure that the proposed architecture will work and achieve the highest security computing, some tests are conducted. The traffic will be sniffed to show that the content of the packet is encrypted securely between Flow Probe and Flow Collector.