This paper describes the technology and large-scale deployment and use of a distributed network traffic monitoring system based on a packet-based sampling technology. It gives examples of various techniques making use of the resulting network traffic data to address network security issues.

Network service providers are being faced with increasing disruption to network services because of a variety of security threats and malicious network service misuse. Such threats may originate externally or internally, and may occur at any time. To detect and respond promptly to this situation requires broad and continuous surveillance of network activity that provides timely and detailed information.