User login

Weekly Report

02

Feb

2015

This week I have been extending the code for gathering flow infomation, in order for it to provide a "Flow Fingerprint". This consists of the server IP address, server port, the transport protocol and the application protocol as identified by libprotoident.
I surmise that these attributes are enough to identify the majority of elephant flows such as: "TCP traffic to a port other than 80 directed toward a dropbox server using the HTTP protocol" is likely an elephant flow.

Combining this simple approach with the data gathered by the flow information scraper, and a manually set threshold (C) should be able to identify common elephant flow configurations.