23 May
2017
23 May
'17
10:48 a.m.
On busy routers, the network manager may have chosen to sample the data
at intervals instead of every packet, but amprgw isn't all that busy so
I'm analyzing every packet that goes through it. Sampling is done so
that the amount of data generated by the router netflow statistics
reporting isn't greater than the capacity of the host that has to store
and analyze it, and so that the router itself doesn't contribute to the
congestion on its links.
Netflow does not save the payload content of packets. It does account for
it statistically, as the total size of the packet is included in the
statistics gathered.
Depends on your definition of privacy: encryption only obscures the
content of the packets. The who-called-who and traffic size and duration
data is in the clear. This is one of the reasons for the rise in vendors
offering VPN services, and for the TOR network.
With the recent change in US law, I realize that my ISP is now probably
gathering my call graph data in order to sell that data to advertisers
who will target my address. However, neither my employer (who currently
is the ISP for most of my internet traffic) nor amprnet are interested
in that aspect of the data flows.
- Brian
On Tue, May 23, 2017 at 10:30:03AM -0400, Craig Brauckmiller wrote:
From my understanding of netflow, it is based on a
sample rate and only 1
out of X packets is actually scanned and reported by netflow. Is that
correct? Netflow is not the same as running a TCP DUMP on the network.
Additionally, I don't think NETFLOW includes payload data either. Correct?
Unless you are using SSL based connections, there is no such thing as
privacy on the internet. The sooner people come to grips with that, the
better.