VELOCITY : A NetFlow Based Optimized Geo-IP Lookup Tool
Abstract
It is a challenging task for network administrators to monitor their institution's
network against undesirable behavior. While NetFlow is useful to gather flow-level data
for any Internet connection, its feature is limited to traditional flow-level information such
as source IP address, destination IP address, source port number, destination port number,
and the protocol type. Thus, if we are to understand geographic dynamics of any flow
connected to hosts at an institution from the outside world, it is not currently possible with
NetFlow. To address for geo-location information of such flows, we developed the tool,
VELOCITY. This tool allows to correlate IP addresses with geo-location information to
visualize geo-location of incoming and outgoing flows. The VELOCITY tool consists of
four different methods, with increasing order of efficiency of the methods. We found that
Method 3 outperforms Methods 1 and 2 in case of filling database with geographical data
for the first time. Method 4, which is an extension of Method 3, finds geographical information
for IP addresses that are not present in the currently populated database, thereby providing a more optimized approach than Method 3 for incremental flow data. Furthermore, for visualization and near real time experience, we also developed a
web application that displays geographical information of IP address of flows on Google
maps.
Table of Contents
Introduction -- Literature survey -- Methods -- WEB application -- Results -- Conclusion -- Appendix A. Xidel -- Appendix B. GNU parallel
Degree
M.S.