Okuqukethwe
fihla
ADVANTECH Router App Net Flow Pfix
Ulwazi Lomkhiqizo
Imininingwane
- Umkhiqizi: I-Advantech Czech sro
- Ikheli: I-Sokolska 71, 562 04 Usti nad Orlici, Czech Republic
- Idokhumenti Inombolo yomthetho: APP-0085-EN
- Buyekeza Idethi: 19 Okthoba, 2023
Incazelo Yemojuli
- Imojula ye-NetFlow/IPFIX wuhlelo lokusebenza lwerutha olwakhiwe yi-Advantech Czech s.r.o. Ayifakiwe ku-firmware yerutha ejwayelekile futhi idinga ukulayishwa ngokuhlukana.
- Imojula yakhelwe ukuqapha ithrafikhi yenethiwekhi. Isebenza ngokuqoqa imininingwane yethrafikhi ye-IP kusetshenziswa i-probe efakwe kumarutha anikwe amandla yi-NetFlow.
- Lolu lwazi lube seluthunyelwa kumqoqi we-NetFlow kanye nomhlaziyi ukuze kuhlaziywe okwengeziwe.
Web Isixhumi esibonakalayo
Uma imojuli isifakiwe, ungakwazi ukufinyelela yayo web isixhumi esibonakalayo ngokuchofoza igama lemojuli ekhasini lezinhlelo zokusebenza ze-router lerutha yakho web esibonakalayo. I web interface iqukethe imenyu enezigaba ezahlukene:
Ukucushwa
Isigaba sokucushwa sikuvumela ukuthi ulungiselele izilungiselelo ezahlukahlukene zohlelo lokusebenza lwerutha ye-NetFlow/IPFIX. Ukuze ufinyelele izilungiselelo zokucushwa, chofoza entweni ethi “Global” kumenyu enkulu yemojuli web esibonakalayo. Izinto ezilungisekayo zihlanganisa:
- Nika amandla i-Probe: Le nketho iqala ukuthumela ulwazi lwe-NetFlow kumqoqi wesilawuli kude (uma kuchaziwe) noma kumqoqi wasendaweni (uma kunikwe amandla).
- Protocol: Le nketho ikuvumela ukuthi ukhethe iphrothokholi ezosetshenziselwa ukuhanjiswa kolwazi lwe-NetFlow. Ungakhetha ku-NetFlow v5, NetFlow v9, noma i-IPFIX (NetFlow v10).
- I-ID yenjini: Le nketho ikuvumela ukuthi usethe i-Observation Domain ID (ye-IPFIX), i-ID yomthombo (ye-NetFlow v9), noma i-ID yenjini (ye-NetFlow v5). Lokhu kusiza umqoqi ukuthi ahlukanise phakathi kwabathekelisi abaningi. Ukuze uthole ulwazi olwengeziwe, bheka isigaba esithi Ukusebenzisana Kwe-ID Yenjini.
Ulwazi
Isigaba Solwazi sihlinzeka ngemininingwane mayelana nemojuli namalayisensi ayo. Ungafinyelela lesi sigaba ngokuchofoza into ethi “Ulwazi” kumenyu enkulu yemojuli web esibonakalayo.
Imiyalo yokusebenzisa
Ulwazi Oluqoqiwe
- Imojula ye-NetFlow/IPFIX iqoqa imininingwane yethrafikhi ye-IP kusuka kuphenyo lomzila. Lokhu kufaka imininingwane efana namakheli e-IP omthombo nendawo okuyiwa kuyo, ukubalwa kwamaphakethe, ukubalwa kwebhayithi, nolwazi lwephrothokholi.
Ukuthola Ulwazi Olugciniwe
- Ukuthola ulwazi olugciniwe, udinga ukufinyelela kumqoqi we-NetFlow kanye nomhlaziyi lapho imojula ihambisa khona idatha. Umqoqi kanye nomhlaziyi bazohlinzeka ngamathuluzi nemibiko yokuhlaziya nokubona ngeso lengqondo ulwazi oluqoqiwe.
Ukusebenzisana kwe-ID yenjini
- Ukulungiselelwa kwe-ID Yenjini ekucushweni kukuvumela ukuthi ucacise isihlonzi esiyingqayizivele somthumeli wakho. Lokhu kuyasiza uma unabathekelisi abaningi abathumela idatha kumqoqi ofanayo.
- Ngokusetha ama-ID Enjini ahlukene, umqoqi angakwazi ukuhlukanisa phakathi kwedatha etholwe kubathumelisi abahlukahlukene.
Ukuphela kwesikhathi kwethrafikhi
- Imojula ayinikezi ulwazi oluthile mayelana nokuphelelwa yisikhathi kwethrafikhi. Sicela ubheke imibhalo ehlobene noma uthinte i-Advantech Czech s.r.o. ukuze uthole imininingwane eyengeziwe.
Imibhalo Ehlobene
- Ukuze uthole ulwazi olwengeziwe kanye nemiyalelo enemininingwane, sicela ubheke amadokhumenti alandelayo:
- Imanuwali yokucushwa
- Amanye amadokhumenti ahlobene anikezwe i-Advantech Czech s.r.o.
FAQ
Q: Ubani umkhiqizi we-NetFlow/IPFIX?
- A: Umkhiqizi we-NetFlow/IPFIX yi-Advantech Czech s.r.o.
Q: Iyini inhloso ye-NetFlow/IPFIX?
- A: I-NetFlow/IPFIX yakhelwe ukuqapha ithrafikhi yenethiwekhi ngokuqoqa ulwazi lwethrafikhi ye-IP kumarutha anikwe amandla i-NetFlow futhi ilithumele kumqoqi we-NetFlow nomhlaziyi.
Q: Ngingafinyelela kanjani izilungiselelo zokucushwa zemojuli?
- A: Ukuze ufinyelele izilungiselelo zokucushwa, chofoza entweni ethi “Global” kumenyu enkulu yemojuli web esibonakalayo.
Q: Isetshenziselwa ini isilungiselelo se-ID Yenjini?
- A: Isilungiselelo se-ID Yenjini sikuvumela ukuthi ucacise isihlonzi esiyingqayizivele somthumeli wakho ngaphandle, usize umqoqi ukuthi ahlukanise phakathi kwabathekelisi abaningi.
- © 2023 Advantech Czech sro Ayikho ingxenye yalolu shicilelo engaphinda ikhiqizwe noma idluliselwe nganoma iyiphi indlela noma nganoma iyiphi indlela, ngogesi noma ngomshini, okuhlanganisa ukuthwebula izithombe, ukurekhoda, nanoma yiluphi uhlobo lokugcinwa kolwazi kanye nohlelo lokubuyisa ngaphandle kwemvume ebhaliwe.
- Ulwazi olukule manuwali lungashintsha ngaphandle kwesaziso, futhi alimele ukuzibophezela ngasohlangothini lwe-Advantech.
- I-Advantech Czech sro ngeke ibophezeleke ngomonakalo wengozi noma owumphumela ngenxa yokuhlinzekwa kwempahla, ukusebenza, noma ukusetshenziswa kwaleli bhukwana.
- Wonke amagama emikhiqizo asetshenziswe kule manuwali yizimpawu zokuthengisa ezibhalisiwe zabanikazi bazo. Ukusetshenziswa kwezimpawu zokuhweba noma okunye okuqokiwe kulokhu kushicilelwa ngokwezinjongo zereferensi kuphela futhi akuhlanganisi ubunikazi bomnikazi wophawu.
Izimpawu ezisetshenzisiwe
Ingozi - Ulwazi olumayelana nokuphepha komsebenzisi noma ukulimala okungenzeka ku-router.
Ukunaka – Izinkinga ezingavela ezimeni ezithile.
Ulwazi - Amathiphu awusizo noma ulwazi oluthakaselayo ngokukhethekile.
Example – Example yomsebenzi, umyalo noma iskripthi.
I-Changelog
I-NetFlow/IPFIX Changelog
- v1.0.0 (2020-04-15)
- Ukukhishwa kokuqala.
- v1.1.0 (2020-10-01)
- I-CSS ebuyekeziwe nekhodi ye-HTML ukuze ifane ne-firmware 6.2.0+.
Incazelo yemojuli
- Uhlelo lokusebenza lomzila i-NetFlow/IPFIX aluqukethwe ku-firmware yerutha evamile. Ukulayishwa kwalolu hlelo lokusebenza lwerutha kuchazwe kubhukwana Lokucupha (bona Amadokhumenti Ahlobene Nesahluko).
- Uhlelo lokusebenza lomzila i-NetFlow/IPFIX inqunyelwe ukuqapha ithrafikhi yenethiwekhi. Amarutha anikwe amandla e-NetFlow anophenyo oluqoqa ulwazi lwethrafikhi ye-IP futhi luyihambise kumqoqi we-NetFlow nomhlaziyi.
Lolu hlelo lokusebenza lwe-router luqukethe:
- I-NetFlow probe engathumela imininingwane kumqoqi wenethiwekhi ehambisanayo nomhlaziyi, isib. g. i httsp://www.paessler.com/prtg.
- Umqoqi weNetFlow ogcina imininingwane eqoqiwe ku- file. Ingase futhi ithole futhi igcine ithrafikhi ye-NetFlow evela kwamanye amadivaysi.
Web Isixhumi esibonakalayo
- Uma ukufakwa kwemojula sekuqediwe, i-GUI yemojuli ingacelwa ngokuchofoza igama lemojuli ekhasini lezinhlelo zokusebenza ze-Router le-router. web esibonakalayo.
- Ingxenye engakwesokunxele yale GUI iqukethe imenyu enesigaba semenyu yokuhlela kanye nesigaba semenyu yolwazi.
- Isigaba semenyu yokwenza ngendlela oyifisayo siqukethe kuphela into ethi Buyisela, eshintsha isuke kumojula web ikhasi ku-router web amakhasi okumisa. Imenyu eyinhloko ye-GUI yemojuli iboniswa kuMfanekiso 2.
Ukucushwa
Umhlaba jikelele
- Zonke izilungiselelo zohlelo lokusebenza lwerutha ye-NetFlow/IPIX zingahlelwa ngokuchofoza into ye-Global kumenyu enkulu yemojula. web esibonakalayo. Kuphelileview yezinto ezilungisekayo inikezwe ngezansi.
| Into | Incazelo |
| Nika amandla i-Probe | Qala ukuhambisa ulwazi lwe-NetFlow kumqoqi oqhelile (uma kuchaziwe), noma kumqoqi Wasendaweni (uma kuvunyelwe). |
| Iphrothokholi | Iphrothokholi ezosetshenziswa: I-NetFlow v5, I-Netflow v9, IPFIX (Net- Flow v10) |
| I-ID yenjini | I-Observation Domain ID (ku-IPFIX, Source Id ku-NetFlow v9, noma I-Id Yenjini ku-NetFlow v5) ivelu. Lokhu kungasiza umqoqi wakho ukuthi ahlukanise phakathi kwabathekelisi abaningi. Bheka futhi isigaba esithi Ukusebenzisana Kwe-ID Yenjini. |
| Into | Incazelo |
| Sampler | (Engenalutho): hambisa konke ukugeleza okubhekiwe; i-deterministic: hambisa ukugeleza okubhekiwe kwe-N-th ngakunye; okungahleliwe: khetha ngokungahleliwe okukodwa kokugeleza okungu-N; hashi: khetha i-hash-ngokungahleliwe eyodwa kokugeleza kuka-N. |
| Sampleer Rate | Inani eliphakeme kakhulu lama-N. |
| Isikhathi Sokuphela Kwethrafikhi Engasebenzi | Thumela ukugeleza ngemva kokungasebenzi imizuzwana engu-15. Inani elizenzakalelayo lingu-15. |
| Isikhathi sokuvala sethrafikhi esisebenzayo | Thumela ukugeleza ngemva kokuba isebenze imizuzwana engu-1800 (imizuzu engu-30). Inani elizenzakalelayo lingu-1800. Bheka futhi isigaba sokuvala isikhathi sethrafikhi. |
| Isilawuli kude | Ikheli lasesizindeni se-inthanethi lomqoqi noma umhlaziyi we-NetFlow, lapho kufanele uthumele khona ulwazi lwethrafikhi ye-NetFlow eqoqiwe. Imbobo iyakhethwa, izenzakalelayo 2055. Indawo lapho kufanele iqukathe uhlu oluhlukaniswe ngokhefana lwamakheli e-IP amaningi (nezimbobo) ukuze kufane i-NetFlow kubaqoqi/abahlaziyi ababili noma ngaphezulu. |
| Nika amandla Umqoqi Wasendaweni | Qala ukuthola ulwazi lwe-NetFlow olusuka ku-Probe yasendaweni (uma inikwe amandla) noma ku-probe eyirimothi. |
| Isikhathi Sokugcina | Icacisa isikhawu sesikhathi ngamasekhondi ukuze sizungeziswe files. Inani elizenzakalelayo lingama-300s (5min). |
| Ukuphelelwa yisikhathi kwesitoreji | Isetha isikhathi esiphezulu sempilo files ohlwini lwemibhalo. Inani elingu-0 likhubaza umkhawulo wempilo yonke. |
| Gcina Izinombolo ze-SNMP ze-Interface | Hlola ukugcina inkomba ye-SNMP yesixhumi esibonakalayo sokufaka/sokukhiphayo (%in, %out) ngaphezu kwesethi evamile yolwazi, bheka ngezansi. |
| Gcina Ikheli Le-IP Elilandelayo Le-Hop | Hlola ukugcina ikheli le-IP le-hop elandelayo yethrafikhi ephumayo (%nh). |
| Ikheli le-IP elithumela ngaphandle | Hlola ukugcina ikheli le-IP lerutha ethumelayo (%ra). |
| I-ID Yenjini Yokuthumela Isitolo | Hlola ukugcina I-ID Yenjini yomzila othumelayo (%eng). |
| Isikhathi Sokwamukela Ukugeleza Kwesitolo | Hlola izikhathi zokugcinaamp ngenkathi kutholwa ulwazi lokugeleza (%tr). |
Ithebula 1: Incazelo yezinto zokucushwa
Ulwazi
amalayisensi Ifingqa amalayisensi e-Open-Source Software (OSS) asetshenziswa yile mojula
Imiyalo yokusebenzisa
Idatha ye-NetFlow akufanele ithunyelwe nge-WAN, ngaphandle uma kusetshenziswa i-VPN. Idatha ayibethelwe ngokwemvelo noma i-obfuscated, ngakho-ke umuntu ongagunyaziwe angase avimbele futhi view ulwazi.
Ulwazi Oluqoqiwe
Isethi ejwayelekile yolwazi ihlale ithunyelwa uphenyo futhi igcinwe ngumqoqi:
- Isikhathiamp lapho ithrafikhi iqala ukubonakala (%ts) futhi yagcina ukubonakala (%te), kusetshenziswa iwashi lophenyo
- Inombolo yamabhayithi (%byt) namaphakethe (%pkt)
- Iphrothokholi esetshenzisiwe (%pr)
- I-TOS (%tos)
- Amafulegi e-TCP (%flg)
- Ikheli le-IP eliwumthombo (%sa, %sap) kanye nembobo (%sp)
- Ikheli le-IP lendawo (%da, %dap) kanye nembobo (%dp)
- Uhlobo lwe-ICMP (%it)
Okulandelayo kuthunyelwa futhi, kodwa kugcinwa kuphela uma kuceliwe (bona ukuhlela ngenhla):
- Inkomba ye-SNMP ye-interface okokufaka/yokukhiphayo (%in, %out)
- Ikheli le-IP le-hop elandelayo yethrafikhi ephumayo (%nh)
- Ikheli lasesizindeni se-inthanethi (%ra) kanye ne-ID Yenjini (%eng) yomzila othumelayo (probe)
- Isikhathiamp lapho kutholwa ulwazi lokugeleza (%tr), kusetshenziswa iwashi lomqoqi
- Inani elikubakaki (%xx) libonisa ifomethi ezosetshenziswa ne-nfdump ukuze kuboniswe leli nani (bona isahluko esilandelayo).
Ukuthola Ulwazi Olugciniwe
- Idatha igcinwa kokuthi /tmp/netflow/nfcapd.yyyymmddHHMM, lapho yyyymmddHHMM kuyisikhathi sokudala. Uhla lwemibhalo luhlanganisa ne-.nfstat file, esetshenziselwa ukuqapha isikhathi sokuphelelwa yisikhathi.
- Ungakushintshi lokhu file. Ukuze ulungiselele ukuphela kwesikhathi sebenzisa i-GUI yomqondisi.
- I files ingafundwa kusetshenziswa umyalo we-nfdump. nfdump [izinketho] [isihlungi]
Bonisa amaphakethe e-UDP athunyelwe ngu-192.168.88.100:
- nfdump -r nfcapd.202006011625 ‘proto udp kanye ne-src ip 192.168.88.100’
- Bonisa konke ukugeleza okuphakathi kuka-16:25 no-17:25, ukuhlanganisa ukugeleza kwezinhlangothi ezimbili (-B):
- nfdump -R /tmp/netflow/nfcapd.202006011625:nfcapd.202006011725 -B
- Bonisa Uhlobo/I-ID Yenjini, ikheli lomthombo+imbobo kanye nekheli lendawo+por kukho konke ukugeleza:
- nfdump -r /tmp/netflow/nfcapd.202006011625 -o “fmt:%eng %sap %dap”
Ukusebenzisana kwe-ID yenjini
- I-Netflow v5 ichaza izihlonzi ezimbili ze-8-bit: Uhlobo Lwenjini kanye ne-ID Yenjini. I-Probe kumarutha e-Advantech ithumela kuphela i-ID Yenjini (0..255). Uhlobo Lwenjini luzohlala luziro (0). Ngakho, ukugeleza okuthunyelwa nge-ID Yenjini = 513 (0x201) kuzotholwa Njengohlobo Lwenjini/ID = 0/1.
- I-Netflow v9 ichaza isihlonzi esisodwa se-32-bit. I-Probe kumarutha e-Advantech ingathumela noma iyiphi inombolo engu-32-bit, ukuthi abanye abakhiqizi (isb. I-Cisco) bahlukanise kanjani isihlonzi sibe ngamabhayithi amabili agciniwe, kulandelwe Uhlobo Lwenjini kanye ne-ID Yenjini. Umamukeli ulandela indlela efanayo.
- Ngakho, ukugeleza okuthunyelwa nge-ID Yenjini = 513 (0x201) kuzotholwa Njengohlobo Lwenjini/ID = 2/1.
- I-IPFIX ichaza isihlonzi esisodwa esingu-32-bit. I-Probe kumarutha e-Advantech ingathumela noma iyiphi inombolo engu-32-bit, kodwa umqoqi wendawo akakaligcini leli nani okwamanje. Ngakho-ke noma yikuphi ukugeleza kuzotholwa Njengohlobo Lwenjini/ID = 0/0.
- Isincomo: Uma ufuna ukugcina i-ID Yenjini kumqoqi wasendaweni, hlola i-ID Yenjini Ethumela Isitolo ekucushweni, sebenzisa I-ID Yenjini <256 futhi ugweme ukusebenzisa iphrothokholi ye-IPFIX.
- Ukuphela kwesikhathi kwethrafikhi
- I-probe ithumela ukugeleza okuphelele, okungukuthi wonke amaphakethe ahlangene. Uma engekho amaphakethe aqashelwa isikhathi esinikeziwe (Isikhathi Sokuphela Kwethrafikhi Engasebenzi), ukugeleza kuthathwa njengokuphelele futhi uphenyo luthumela ulwazi lwethrafikhi kumqoqi.
- Ulwazi mayelana a file ukudluliswa kuzovela ngaleyo ndlela kumqoqi uma ukudlulisa sekuqediwe, okungathatha isikhathi esibalulekile. Uma ukudluliswa kusebenza isikhathi eside kakhulu (Isikhathi Se-Traffic Esisebenzayo) sizovela njengokugeleza okufushane okuningi.
- OkwesiboneloampI-le, enesikhathi sokuvala sethrafikhi esisebenzayo semizuzu engama-30, ukuxhumana kwemizuzu engama-45 kuzobonakala njengokugeleza okubili: imizuzu engama-30 eyodwa kanye nemizuzu eyi-15.
Ukuphela kwesikhathi kwethrafikhi
- I-probe ithumela ukugeleza okuphelele, okungukuthi wonke amaphakethe ahlangene. Uma engekho amaphakethe aqashelwa isikhathi esinikeziwe (Isikhathi Sokuphela Kwethrafikhi Engasebenzi), ukugeleza kuthathwa njengokuphelele futhi uphenyo luthumela ulwazi lwethrafikhi kumqoqi.
- Ulwazi mayelana a file ukudluliswa kuzovela ngaleyo ndlela kumqoqi uma ukudlulisa sekuqediwe, okungathatha isikhathi esibalulekile. Uma ukudluliswa kusebenza isikhathi eside kakhulu (Isikhathi Se-Traffic Esisebenzayo) sizovela njengokugeleza okufushane okuningi. OkwesiboneloampI-le, enesikhathi sokuvala sethrafikhi esisebenzayo semizuzu engama-30, ukuxhumana kwemizuzu engama-45 kuzobonakala njengokugeleza okubili: imizuzu engama-30 eyodwa kanye nemizuzu eyi-15.
- Ungathola imibhalo ehlobene nomkhiqizo ku-Engineering Portal ku-icr.advantech.cz ikheli.
- Ukuze uthole Igayidi Yokuqala Esheshayo yerutha, Imanuwali Yomsebenzisi, Imanuwali Yokucupha, noma I-Firmware iya ekhasini elithi Amamodeli Womzila, thola imodeli edingekayo, bese ushintshela kuthebhu ethi Imanyuwali noma I-Firmware, ngokulandelana.
- Amaphakheji wokufaka wezinhlelo zokusebenza zomzila namamanyuwali ayatholakala ekhasini lezinhlelo zokusebenza zomzila.
- Ukuze uthole Amadokhumenti Okuthuthukisa, hamba ekhasini le-DevZone.
Amadokhumenti / Izinsiza
 |
ADVANTECH Router App Net Flow Pfix [pdf] Umhlahlandlela Womsebenzisi I-Router App Net Flow Pfix, i-App Net Flow Pfix, i-Net Flow Pfix, i-Flow Pfix, i-Pfix |
