Network Flow Analysis and over 2 million other books are available for Amazon Kindle . Learn more
FREE Delivery in the UK.
Only 3 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Trade in your item
Get a £4.86
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Network Flow Analysis Paperback – 8 Jul 2010

See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
"Please retry"
£12.14 £12.07

Frequently Bought Together

Network Flow Analysis + Cisco Routers for the Desperate: Router and Switch Management, the Easy Way (Cicso Routers for the Desperae) + SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys
Price For All Three: £54.03

Buy the selected items together

Trade In this Item for up to £4.86
Trade in Network Flow Analysis for an Amazon Gift Card of up to £4.86, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Product details

  • Paperback: 224 pages
  • Publisher: No Starch Press; 1 edition (8 July 2010)
  • Language: English
  • ISBN-10: 1593272030
  • ISBN-13: 978-1593272036
  • Product Dimensions: 17.8 x 1.5 x 22.9 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 891,457 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Authors

Discover books, learn about writers, and more.

Product Description

About the Author

Michael W. Lucas is a network/security engineer who keeps getting stuck with network problems nobody else wants to touch. He is the author of the critically acclaimed Absolute FreeBSD, Absolute OpenBSD, Cisco Routers for the Desperate, and PGP & GPG, all from No Starch Press.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See both customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

2 of 2 people found the following review helpful By Azrael on 13 Dec 2011
Format: Paperback Verified Purchase
This is a very good manual, follow the guidance ( with the usual caveats of updates, patches, and general Linux fiddling - unavoidable when a book can't be constantly updated ) and you will end up with an excellent Network Flow Analyser. My only criticism is, that having followed the book so far, I find that the applications and examples given for visual representation don't meet my rather picky standards for pictoral quality, so I've had to learn Python & motplotlib to be able to represent the massive amount of data that has suddenly become available to process !

Put it this way, I have both the Kindle and the paper version of this, and it is immensely useful !
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Henrik Lund Kramshøj on 19 Aug 2010
Format: Paperback
This book is a easy guide to the world of netflow logging and analysis. The content ranges from basic configuration of flow logging and easy customer friendly graphing methods to detailed custom reporting features in the software presented.

While this book does not cover each and every netflow tool available it has a complete walk through allowing you to get started and immediately produce important information for decision makers and troubleshooting.

This book also cover some details that a lot of beginning network people haven't noticed yet, but which are critical for doing netflow analysis. Things like ICMP types and codes and defining what a flow is. Michael also presents filtering and does so while showing you how to build these from simple primitives into fully working and usable examples that you can reuse in production.

The chapters about reporting both show textual representations, hard numbers, and nice graphing tools - suitable for management and others not needing the same level of detail. While showing reporting he not only show the reference, which options are available, but does interpretation of the sample reports.

The book finishes strong by listing common use cases for netflow analysis and if you reach this level in your own network you will have improved things a lot.

Target audience
Focus in this book is on making use of data available from network devices and thus the network administrator is the one doing the actual work. If you are a decision maker you should buy this book for your network guy and benefit from the awesome output he will generate.

You will need a bit of effort if you are not skilled in running tools from the command line, and setting up the tools can seem hard.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 14 reviews
10 of 10 people found the following review helpful
An enjoyable technical read 26 July 2010
By Justin Sherrill - Published on
Format: Paperback
I had initially expected to read a sort of agglomeration of tips; tools like Cacti or Munin for monitoring hardware; Wireshark or tcpdump for monitoring traffic, and so on. Instead, it goes very specifically into Netflow. Producing Netflow data, saving it, and making sense of it are the majority of the book.

People administering any sort of larger network, usually as part of the day job, are the target audience. Netflow appears to be supported by many network equipment vendors, and software tools exist to read it on *BSD.

(For the uninitiated, Netflow tracks network activity in terms of protocol, port, and so on - everything short of the actual data. It can describe what was happening at any point in time between hosts on a tracked network.)

As described in the book, it's useful for both tracking down active issues and for analyzing the health of a network that otherwise could be hidden by averaged graphs, or seen only by direct reads at the problem site. The book covers the protocol and various tools involved with it, and branches off into other related topics, like the use of gnuplot to create ad-hoc representations.

The book is enjoyable, with a touch of a conspiratorial Bastard Operator From Hell-like attitude between the author and the reader. It's a directed narrative going through install, analysis, and reporting, different enough from a man page review that there's value in proceeding from chapter to chapter. There's also enough detail in the center of the book that it can serve as a reference source for Netflow collector setup.

It was valuable enough that I found myself planning ways to implement this at my workplace. Remarkable, considering how dry network analysis can be.

(pasted from a review I wrote elsewhere)
2 of 2 people found the following review helpful
Technical & Interesting Network Flow Analysis Reference 13 Sep 2010
By Joshua Brower - Published on
Format: Paperback
This is the second book of Lucas's that I have read. I read Absolute FreeBSD: The Complete Guide to FreeBSD, 2nd Edition, and thoroughly enjoyed it--So I went into this book with high expectations. Overall, I feel like this is a solid read for those network administrators that want to go deeper, and have the time to go deeper into network flow analyses.

NFA is a very technical book, which can make for a very boring read, but like Absolute FreeBSD, Lucas is able to maintain a light, interesting tone, even while discussing the configuration of gnuplot. (!)

From a technical perspective, NFA is very useful for getting your (open source) network flow analysis system up and going--But be aware that it will take time, especially if you want the flexibility of what FlowTracker/FlowGrapher can offer, versus the less flexible, but easier to use/learn CUFlow.

Lucas gives great practical examples of using flows to monitor & troubleshoot issues on your network. The examples are sprinkled through the book, and then a few case studies take up the last 7 pages of the book.

I found it interesting that the back cover claimed that you will learn how to:

-Identify network, server, router, and firewall problems before they become critical

-Find defective and mis-configured software

-Quickly find virus-spewing machines, even if they are on a different continent

These scenarios were covered, but in appallingly anemic sections--For instance, the "Quickly find virus-spewing machines, even if they are on a different continent" scenario was covered on 1 page. (186-187)

I guess I was thinking that since the above scenarios was a fairly large point in the description of the book, that they would be covered in a bit more detail.

One more nitpick: Lucas describes Conficker as both a Virus and a Worm--It is most definitely a worm, not a virus--There is a difference...

The above nitpicks are not enough to diminish the 5 star rating I am giving NFA: I found it to be a great addition to my reference bookshelf, and I'm sure it will be creased and dogeared as I attempt to implement my own NetFlow analysis system this next year.

-Josh Brower
2 of 2 people found the following review helpful
Thin book on a thick subject, but it works well. 24 Aug 2010
By Michael Ernest - Published on
Format: Paperback
Network administration, never mind troubleshooting, is a dry, sometimes airless subject. As the cliche goes, computer networks may be more than the sum of their parts, but the only people who fully appreciate that have handled all the parts. Communication protocols, command protocols, wire protocols, internet protocols, data link management, router configuration, IP traffic management, firewall administration....Where mathematics or intricate programming techniques daze the disinclined mind, computer networking bludgeons it.

Lucas promotes his subject by motivating the imagination, not the intellect. As he writes in his introduction, "Network administrators all share an abiding and passionate desire for just one thing. We want our users to shut up." I for one can tell you where I was working and the problems I was dealing with when I first felt exactly that. And from that point on, the book flows neatly from one point to the next. The topic sequence, consistent tone and focus kept me engaged and confident that I could go as far as I'd like, with this book as a start.

To achieve that effect for me, a book has to look and feel manageable in a reasonable amount of time. Network Flow Analysis is about two hundred pages long, but it is hardly thin. The pace of discussion is deliberate but covers a lot of ground. As for continuity, I can't recall a passage that wasn't supported by earlier discussion or wasn't detailed soon after. Lucas narrates in a straightforward manner that does not succumb easily to distraction or concern for losing the reader. Where most authors tackle the subject with a compendium of summations or mostly-digested specifications, Lucas exhibits the guileless courage of someone who spends every day on a roof or under a sink. And he does something most network admin writers could learn to do for all our sakes: he uses a reference book for all the detail.

The only surprise I found in this book came in Chapter 8, "Ad Hoc Flow Visualization," where Lucas writes, "gnuplot ... has a notoriously steep learning curve and a reputation for complexity." Even though the rest of the paragraph softens this claim a bit, I bought and read a book on gnuplot to make sure I hadn't missed something.

Network Flow Analysis is not a book that would inspire a Dummies-identifying reader to have a go, I don't think. No such book will ever be written. But if troubleshooting the network becomes your job, and you need more than a kickstart, and you do want to shut people up, you need a friend. You could do far worse than start here.
2 of 2 people found the following review helpful
Damn Handy Book!! 20 Feb 2012
By Christian Klaver - Published on
Format: Paperback
As someone moving from strictly perimeter security to admin of a vast network, I needed a leg up to learning the intricacies of routing and Network Flow Analysis has turned out to be that book. Lucas clearly knows his subject far better than I could ever ask. The info and clear and *relevant*. That last part is critical, and the failing of many tech books I've read before this.

There are sections I don't happen to need (such as implementing netflow on the network in the first place, since my network already has this implemented) but the structure and lay-out of the book makes it easy to find and pull the info *I* need out of it. I've only had the book 48 hours or so, and it's already dominated the spot to the left of my PC at work.

Hide it, if you must, if you don't want to sully your reputation as THE alpha geek at work, but get it. Go get it now. There's plenty in here for both novice and guru alike.
1 of 1 people found the following review helpful
rollicking good read 17 May 2012
By shog - Published on
Format: Kindle Edition Verified Purchase
Suprisingly lacking in dryness considering the subject matter. Author is a cunsummate smart-arse, highly conversant in the subject matter and often dropping interesting related facts, all the while flaunting a cocky sense of humor. A line in the first paragraph sums up the book:

"Network administrators all share an abiding and passionate desire for one thing: We want our users to shut up."

The guy backs his bark with bite. I feel he makes the reader feel like a plains indian if netflow were a buffalo. He will show you specifically how to go about setting up a netflow collector, how to install analysis tools, how to use them to determine all sorts of stuff, to how to use gnuplot to graph it. It covers host-level to bgp. I didn't know port numbers were used a different way for ICMP netflow packets, or that netflow v7 is actually useful for routers.

That said, the point of publishing is 2 years ago and I don't know how dated the material is. The author refers to very specific versions of software, which may have been perfectly useful on the day of publishing. That said, netflow itself does not change much (until IPFIX and IP6 roll out).

Oh, and this review is for the Kindle version. Somewhat perversely, I chose to run this entire book through text to speech while driving. While it was painful to hear a robotic man read out a full page of 5-tuple data, it worked out. Kudos to the publisher for not disabling text to speech.
Were these reviews helpful? Let us know