Network Flow Analysis demonstrates "… how to use industry-standard software and your existing hardware to assess, analyse, and debug your network". The introduction is well worth reading by anyone with an interest in network administration and network management; it is a good discussion that does not require a technical background in networking. The author says, "This book will take network administrators through building a flow-based network management system out of any free Unix-like operating system, freely available software, and existing network hardware". That is a fair description.

Even though the subject is dealt with in technical depth the material is clearly presented. I found it quite engaging, and the annotation of example data printouts and reports informative and helpful. The author's experience as a network/security engineer enables him to discuss real-world network management problems and to focus on practical issues.

There are many network management tools, both open source and commercial, that the author declares to have shortcomings.
"MRTG, Cricket, and Cacti use SNMP to generate graphs of network traffic … and store the results in a fixed-size database. Knowing how much traffic crosses your network at any time is an absolute necessity …".
"… RTG [also] uses SNMP to measure network traffic crossing device interfaces and graphs the data. … the presence of a database means you must either know something about databases or have an infinite amount of disk space. … MTG can't show the contents of the traffic, only how much there was".
"Nagios and Big Brother … check the health of your network gear. [However, while] knowing that your hardware is operating correctly is vital, … the fact that a switch is operating correctly doesn't mean that the traffic passing through it isn't having trouble."
In respect of "… commercial network management suites … what most people don't realise is that by the time you've set up these software suites to work the way you need, you've done just as much work as you would through building your own flow analysis system".

The answer to those shortcomings is, "record the traffic that passes across your network. … Fortunately, you don't have to record the entire contents of every transaction". The concept is to be able "to prove that packets arrived at their destination and were accepted". That is, to monitor the flow—in network-speak "a series of packets that share the same source and destination IP addresses, source and destination ports, and IP protocol".

A chapter of the book discusses and describes Flow-Tools, "the standard freely available flow management and analysis tool kit". Note the description, tool kit; Flow-Tools contains or enables a number of tools that present users with customisable analysis options. An example is FlowViewer, which includes three separate components: FlowViewer, FlowTracker, and FlowGrapher. The suite is described, component by component, and detailed information provided about installation, configuration, and use. A comparison is made with similar products, FlowScan and CUFlow.

Another chapter, Ad Hoc Flow Visualisation, discusses the application of gnuplot. The author admits that gnuplot has "a notoriously steep learning curve and a reputation for complexity. [However,] … gnuplot's power and efficiency more than make up for its challenges … [and] you can quickly learn enough to create impressive graphs of your network data". An excellent detailed discussion-cum-tutorial is provided.

A thorough and well-presented coverage of network flow analysis intended for professional network administrators/managers. However, it is also recommended to anyone with a reasonable grasp of networking and who wants to get a handle on network flow analysis as a network management tool.

