The notion of flow profiling was introduced within the network research community in order to better understand the nature of Internet traffic. As the market demands better tools for performance analysis and accounting, various vendors have incorporated flow profiling into their network devices. While not yet standards-based, flow profiling methodology is robust enough to warrant early adoption in many production networks.
Network administrators of production networks often find that they have either collected too little or too much data. Flow profiling offers a pragmatic compromise between such extremes in data collection. Since flows aggregate data tallied as packets travel across a given port or interface, they serve as an expressive abbreviation for series of packets traveling between end points of interest. This feature alone is insufficient for reliable continuous use: additional software tools are needed to define, parse, and analyze these flows.
FlowScan analyzes and reports on NetFlow format data (indigenous to Cisco routers) collected using CAIDA's cflowd flow tool. FlowScan examines flow data and maintains counters reflecting what was found. Counter values are stored using RRDtool, a database system for time-series data. Finally, FlowScan uses visualization capabilities of both RRDtool and other front-ends to report on the processed flow data.