Network Traffic Analysis
Hashan Wickramasingha Wadanambi (H.W.W)
IT Infrastructure Specialist | IT Infrastructure Services Management | IT Project Management | Cybersecurity | ISO/IEC 27001 Information Security Internal Auditor | Scrum Master | Strategy Implementation Professional
With the complexity of the IT Infrastructure, the networks have become more vulnerable, and it has a huge impact on organizational operations. ?Performing a network analysis is a mandatory task for IT administrators, IT Infrastructure Engineers, and Network Engineers. Just performing network analysis using a tool will create an unwanted network bottleneck due to a high load of traffic. This article intends to provide a detailed insight into Network Traffic Analysis and the NTA process with more than 10 years of experience of the author in managing global networks in on-prem and Cloud Infrastructure.
It is the process of analyzing the network traffic to identify ports, and protocol usage in the network to create baselines for the organization and monitor to identify threats in the network and provide the best visibility of the organization’s IT network.
?Why do we need Network Traffic Analysis?
?There are different terms used for describing the phases of the NTA (Network Traffic Analysis) in many resources. But when practically performing the task, the below phases are essential.
1.??Capturing traffic: Start capturing network traffic.
2.??Reduce Noice: When capturing it will generate huge traffic, so it is vital to manage without any performance hindrance to the network.
3.??Analyze and discover: Inspection of ports, protocols, and communication to discover network anomalies.
4.? Find the root cause: Figure out the sources for the problem.
?
There are many approaches to conducting NTA. Below are some of the methods.
Most of the time the IT administrators/ Infrastructure engineers perform these tasks in an ad hoc manner by using the above-mentioned approaches and because of that the production infrastructure performance is impacted heavily. Therefore, the NTA should be done as a proper process.
?There are several steps in performing the Network Traffic Analysis (NTA) Process and they are as below.
1.????? Determining the scope.
2.????? Collecting data.
3.????? Prepare the data.
4.????? Analyze the data.
领英推荐
5.????? Report and act.
?
Determining the scope
Within this step, it is required to identify the goal and objectives of the analysis. Further, it is required to figure out the network segment or device cluster that is required to be analyzed to accomplish the objectives. In this step, it is required to identify at which time or frequency the analysis should be operational. Before performing these steps, it is vital to have a better understanding of the internal domain as it is important to plan without making any operational hindrance when performing the analysis.
Collecting data
Within this step, it is required to identify and collect the appropriate data to accomplish the objectives within the specified period without any operational hindrance. Further setting up the data collection process such as configuring necessary tools and establishing protocols for capturing and storing data.
?
Prepare data
Within this step, it performs the cleaning of data by removing any duplications, normalizing the data, and formatting data into usable form.
?
Analyze data
Within this step, it uses statistical analysis, machine learning, or visualization tools to identify patterns and trends in data. Further, the validation of data is performed by comparing them to other sources of data or using analysis techniques.
??
Report and Act
Within this step, it presents the results of the analysis clearly and concisely using visualization tools as required. Then based on the finding the actions are executed.
?
In practical scenarios such as a major security breach, these steps should be performed in a very quick manner. Therefore it is vital to prepare the NTA Process prior and having knowledge sharing among the key stakeholders to reduce tense situations in real-life scenarios.