Traffic Analysis
When we talk about activity over a network we are thinking of the movement of packets of data which we often term as "traffic." When we engage in traffic analysis we are seeking to determine the overall health of the network:
In the first situation we have a security hat on and are looking to detect and respond to these incidents by "eavesdropping" on the network, gathering data about what is happening and where it is coming from/going to. In the second situation, we have more of a management hat on. Much like a roading engineer tries to design a physical road to allow vehicles to move as smoothly as possible - especially during busy times - as network managers we want our packets to move smoothly. To optimise network traffic we engage in traffic shaping, load balancing, and try to plan for the future with capacity planning. It's important to remember that whilst security experts will engage with these activities in order to make a network safer and more secure, hackers (of various types) will do the same in order to figure out how best to infiltrate and disrupt the network. Task: In your own words, give a basic summary (50-100 words) of what traffic analysis means and what the purpose of it is. |
Main Activities in Traffic Analysis
1) Packet Capture and Inspection
Similar to inspecting a vehicle to diagnose a problem, packet capture and inspection involves observing individual packets and checking the details about things like its source, destination, size, and the type of data. Doing this can help us to identify the cause of packet loss, delays, and errors in data transmission. It can also allow us to reveal malicious activities so that we can respond to them and prevent them.
2) Flow Analysis
Much like we might observe the flow of cars on different roads to understand patterns in traffic, we can analyse the flow of data between different parts of a network to help us understand overall patterns, and also identify unusual behaviour that could indicate problems.
3) Anomaly Detection
As talked about in the section on network optimisation, we can use statistical methods and machine learning to detect unusual patterns that could signal security threats or network issues.
4) Traffic Shaping
On the road at busy times (e.g. on a motorway in Auckland, or around roadworks) we need to slow traffic and sometimes adjust the number of lanes in order to manage the flow of traffic, in order to manage congestion and allow cars to still pass through (even if a bit more slowly). This is similar in a digital network where we might need to do things like slow down the transmission rate, or limit the volume of traffic in a network during a particular time.
5) Load Balancing
Think about this as using multiple bridges across a body of water to more evenly distribute the cars (and their weight) more evenly to prevent a particular bridge from being overloaded. When we use load balancing in a digital network we distribute the traffic across multiple servers/routers to avoid overloading any single one. Doing this helps us to make the network more reliable with better performance.
6) Capacity Planning
Much like a city planner needs to consider future growth in a city and have the road networks to manage them, a network engineer needs to have plans for future growth and plans for upgrades to servers/addition of extra servers and pathways. For example, often the launch of a video game will involve a large number of sign-ons all at once. Sometimes this will continue and even grow, but sometimes this will fall away and be a smaller number going forward. In this situation a network engineer would need to determine whether their current capacity will be sufficient, or whether they will need to do increase the number of servers/routers that they currently have.
Task:
a) Write notes to explain each of the above methods of traffic analysis. Memorise your notes. Write them out.
b) Imagine that you have been put in charge of the network at some small to medium-sized business. You are in charge of the internal network, as well as the website. Internally the workers Internet connection tends to be more than adequate, however, on the odd day for an hour or so things suddenly start running very slowly. The website tends to run smoothly, but sometimes has slow periods that coincide with the slowness of your network.
Your boss is tired of it and needs you to get to the bottom of this, and wants to know what your plan is to look into the matter.
Using your knowledge of network optimisation and traffic analysis, write an email to your boss (at least 300 words) explaining what you are going to do to investigate, and what solutions you are planning to put in place to attempt to fix the problem.
1) Packet Capture and Inspection
Similar to inspecting a vehicle to diagnose a problem, packet capture and inspection involves observing individual packets and checking the details about things like its source, destination, size, and the type of data. Doing this can help us to identify the cause of packet loss, delays, and errors in data transmission. It can also allow us to reveal malicious activities so that we can respond to them and prevent them.
2) Flow Analysis
Much like we might observe the flow of cars on different roads to understand patterns in traffic, we can analyse the flow of data between different parts of a network to help us understand overall patterns, and also identify unusual behaviour that could indicate problems.
3) Anomaly Detection
As talked about in the section on network optimisation, we can use statistical methods and machine learning to detect unusual patterns that could signal security threats or network issues.
4) Traffic Shaping
On the road at busy times (e.g. on a motorway in Auckland, or around roadworks) we need to slow traffic and sometimes adjust the number of lanes in order to manage the flow of traffic, in order to manage congestion and allow cars to still pass through (even if a bit more slowly). This is similar in a digital network where we might need to do things like slow down the transmission rate, or limit the volume of traffic in a network during a particular time.
5) Load Balancing
Think about this as using multiple bridges across a body of water to more evenly distribute the cars (and their weight) more evenly to prevent a particular bridge from being overloaded. When we use load balancing in a digital network we distribute the traffic across multiple servers/routers to avoid overloading any single one. Doing this helps us to make the network more reliable with better performance.
6) Capacity Planning
Much like a city planner needs to consider future growth in a city and have the road networks to manage them, a network engineer needs to have plans for future growth and plans for upgrades to servers/addition of extra servers and pathways. For example, often the launch of a video game will involve a large number of sign-ons all at once. Sometimes this will continue and even grow, but sometimes this will fall away and be a smaller number going forward. In this situation a network engineer would need to determine whether their current capacity will be sufficient, or whether they will need to do increase the number of servers/routers that they currently have.
Task:
a) Write notes to explain each of the above methods of traffic analysis. Memorise your notes. Write them out.
b) Imagine that you have been put in charge of the network at some small to medium-sized business. You are in charge of the internal network, as well as the website. Internally the workers Internet connection tends to be more than adequate, however, on the odd day for an hour or so things suddenly start running very slowly. The website tends to run smoothly, but sometimes has slow periods that coincide with the slowness of your network.
Your boss is tired of it and needs you to get to the bottom of this, and wants to know what your plan is to look into the matter.
Using your knowledge of network optimisation and traffic analysis, write an email to your boss (at least 300 words) explaining what you are going to do to investigate, and what solutions you are planning to put in place to attempt to fix the problem.