5.7 Identify these elements used for network profiling
📘Cisco Certified CyberOps Associate (200-201 CBROPS)
1. What is Total Throughput?
Total throughput is the amount of data successfully transferred across a network in a given period of time.
- It measures actual data delivery, not just theoretical capacity.
- It is usually expressed in:
- bits per second (bps)
- Kbps, Mbps, or Gbps
👉 In simple terms:
Total throughput = how much real data is moving through the network successfully.
2. Why Total Throughput is Important in Network Profiling
Network profiling is about understanding normal network behavior. Total throughput helps to:
- Establish a baseline of normal traffic
- Detect abnormal spikes or drops
- Identify performance issues
- Support security monitoring and incident detection
Security analysts use throughput to understand:
- Whether traffic levels are normal
- If there is unusual data transfer (possible attack or data exfiltration)
3. Total Throughput vs Bandwidth
This is a very important exam concept.
| Term | Meaning |
|---|---|
| Bandwidth | Maximum capacity of a network link |
| Throughput | Actual data successfully transferred |
👉 Key Point:
- Throughput is always less than or equal to bandwidth
- Due to:
- Network congestion
- Packet loss
- Protocol overhead
- Latency
4. How Total Throughput is Measured
Throughput is calculated using:Throughput=Time TakenTotal Data Transferred
Example in IT environment:
- A server transfers 500 MB of logs in 10 seconds
- Throughput = 50 MB/s
5. Factors Affecting Total Throughput
Understanding these is important for the exam.
a. Network Congestion
- Too many devices sending data at the same time
- Causes delays and reduces throughput
b. Packet Loss
- Lost packets must be retransmitted
- Reduces effective throughput
c. Latency
- Delay in communication between systems
- High latency lowers throughput
d. Protocol Overhead
- Extra data added by protocols (headers, acknowledgments)
- Reduces usable throughput
e. Hardware Limitations
- Routers, switches, and NICs may limit performance
f. Encryption and Security Controls
- Firewalls, IDS/IPS, VPNs can slow down traffic processing
6. Total Throughput in Network Profiling
In CyberOps, analysts monitor throughput to understand normal vs abnormal behavior.
Normal Baseline
- Regular business hours → higher throughput
- Off-hours → lower throughput
Abnormal Indicators
- Sudden spike in throughput
- Possible data exfiltration
- Large unauthorized transfers
- Unexpected drop in throughput
- Network failure
- Denial-of-Service (DoS) attack
- Unusual patterns
- Traffic at odd times
7. Tools Used to Measure Throughput
Common tools used in IT/security environments:
- NetFlow / IPFIX
- Collect traffic flow data
- Wireshark
- Packet-level analysis
- SNMP (Simple Network Management Protocol)
- Monitors device performance
- SIEM systems
- Aggregate and analyze throughput trends
8. Throughput in Security Monitoring
Total throughput plays a key role in detecting:
a. Data Exfiltration
- Large outbound data transfer
- Unusual increase in throughput
b. Distributed Denial-of-Service (DDoS)
- Extremely high incoming traffic
- Network becomes overloaded
c. Malware Activity
- Continuous background communication
- Abnormal steady throughput
9. Key Exam Points to Remember
- Total throughput = actual successful data transfer rate
- Always less than or equal to bandwidth
- Measured in bps (bits per second)
- Affected by:
- Congestion
- Latency
- Packet loss
- Overhead
- Used to:
- Build network baseline
- Detect anomalies and attacks
- Important for network performance and security monitoring
10. Simple Summary
- Throughput tells you how much data is really moving
- It is a core metric in network profiling
- Security analysts use it to detect unusual activity
- Changes in throughput can indicate network problems or cyber attacks
