¶ How to identify abnormal traffic or a DDoS attack
Explaining ways to identify abnormal traffic or a DDOS attack.
To identify abnormal traffic or a DDoS attack, we can use various graphics and information within Made4Flow.
¶ Some examples of abnormal traffic are:
- Unusual traffic on an interface
- An unexpected increase in traffic
- DDoS Denial of Service attack
¶ For identification, we may use the following types of graphics and information:
- ASN interface to locate the Source or Destination ASN
- App interface to identify which application (TCP/UDP port) has the anomaly
- Interface by Interface to identify which interface traffic is going out to
- Prefix interface to identify which network prefix has abnormal traffic
- Raw data report with traffic information
Within the ASN Interface Graph, we can have the following information:
In the graph, we used the Router, Interface, and Monitored filters as unmonitored so that it can display all the ASN and also the Source type, to know the Traffic Source ASN's.
If you want, you can use the Type as Destination filter to find out which ASN is the destination of the abnormal traffic.
To access this graphic use the menu -> Graphic -> Interface by ASN.
Another way to check for abnormal or unusual traffic is to look at what application is consuming it. To do this you can access the menu -> Graphics -> Interface by App
As in the graphic below:
In the example, we used the App filters with all of them selected so that we can verify which application has the highest or unusual use of traffic.
Using the interface graphic by interface found in Menu -> Graphics -> Interface by Interface, we can see which interface the traffic was forwarded to.
As shown in the graphic, it is possible to see where the traffic was routed to.
If you don't have more precise information in these views, you can view the raw data where we can check the headers of the packets that passed through your network.
To access raw data we have 2 main ways, the first is to access the menu -> Raw Data and the second way is to click on the graph to generate the specific information you are looking for.
For example:
See also our video tutorial: