analyzing traffic across the greek school network
play

Analyzing Traffic across the Greek School Network Costas Kattirtzis - PowerPoint PPT Presentation

Mar 30, 2024 •271 likes •515 views

Research Academic Computer Technology Institute University of Patras Analyzing Traffic across the Greek School Network Costas Kattirtzis , Emmanuel Varvarigos, Kyriakos Vlachos, University of Patras & Research Academic Computer Technology

  1. Research Academic Computer Technology Institute University of Patras Analyzing Traffic across the Greek School Network Costas Kattirtzis , Emmanuel Varvarigos, Kyriakos Vlachos, University of Patras & Research Academic Computer Technology Institute George Stathakopoulos and Michael Paraskevas Research Academic Computer Technology Institute LANMAN 2005, 14th IEEE Workshop on Local and Metropolitan Area Networks, 18-21 September 2005, Chania, Crete, Greece Communication Networks Laboratory

  2. Introduction • Internet is growing dramatically. • Very complex patterns to model the Network Traffic. • Studies in LAN and WAN have been made since the early 80s. • Today's findings lead us to the conclusion that – Ethernet traffic is statistically self-similar – Poisson assumption is valid in special cases • Recent studies on Peer-to-Peer traffic mainly by Karagiannis et. al have been made. Communication Networks Laboratory

  3. Introduction • In this paper we present a study of traffic patterns on the Greek School Network • We studied in the monitored network – the behavior of flows – the behavior of the packets – the use of each protocol – the use of each well known application – The use of Peer-to-Peer services – The traffic locality phenomenon • Benefits – Understand the impact of network changes and services – Improve network usage and application performance – Reduce IP service and application costs – Optimize network costs – Understand the Impact of P2P applications – Background to the administrators for • dimensioning the network • congestion control • network management Communication Networks Laboratory

  4. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  5. Greek School Network Architecture • Nationwide network that spans across Greece. Connects all schools of primary and secondary education including administrator offices. • Hierarchically structured into three layers. – The Backbone network – The Distribution Network – The Access Network Communication Networks Laboratory

  6. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  7. Measurement Methodology • All the measurements took place in the PATRAS prefecture from October 24 00:00:00 GMT+02:00 2004 to March 18 23:30:00 GMT+02:00 2005. • Monitoring System – Cisco NetFlow • In terms of NetFlow, flow is defined by Seven Unique Keys: – source IP address – destination IP address – source port number – destination port number – layer 3 protocol type – TOS (Type Of Service) byte and – Input logical interface – FlowScan – cflowd – RRDtool Communication Networks Laboratory

  8. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  9. Traffic Statistics - Services Communication Networks Laboratory

  10. Traffic Statistics - Services Outgoing traffic Incoming traffic 50 40 35 Percentile of total Percentile of total 40 30 25 30 traffic traffic 20 20 15 10 10 5 0 0 P P n 2 n p w P 2 p P w t P t P P t o M H o t M P T S n H S 3 n T N M N k P N N 3 P k P n S M D r P S T n S D O e T r u S O F e h u F P P h t o t Flows Flows o Packets Packets Services Services bits bits • Outgoing traffic in term of bytes • DNS and SNMP use UDP – 50% is P2P – Large fraction of the flows, small fraction of the packets and an even – 19% is HTTP smaller fraction of the bytes transferred – 25.6% is unknown • HTTP (web) application • Incoming traffic in term of bytes – The profile of its daily load distribution – 37% is P2P fits closely the corresponding profile of – 30% is HTTP the TCP protocol . – 25.6% is unknown Communication Networks Laboratory

  11. Traffic Statistics - Protocols Communication Networks Laboratory

  12. Traffic Statistics - Protocols Outgoing traffic Incoming traffic 100 100 90 Percentile of total 90 80 ercentage 80 70 70 60 traffic 60 50 50 40 40 30 P 30 20 20 10 10 0 0 P TCP P UDP IPINIP TC ulticast P D P IP ulticast M ICM U IN IC flows IP flow s M packets M packets Protocols Protocols bits bits Outgoing traffic Incoming traffic • The size of the incoming packets is much larger than Bytes Flows Packets Bytes Flows Packets Protocols the size of the outgoing 95% 61.6% 84,2% 93.1% 54.4% 83% TCP packets. 4,4 34,5 14,5 5,2 41,2 14,5 UDP • TCP uses more and larger • The other IP protocols individually make up packets per flow than UDP a negligible percentage of the overall traffic Communication Networks Laboratory

  13. Traffic Statistics – Flow Analysis 109858082 143809451 143848754 145058776 145061162 145071742 145071956 145099781 145100818 145160507 1.00E+09 • 87% of the flows carry Cumulative number of flows 50504812 5-12 packets 17757186 17580176 1.00E+08 • The majority of the flows last 6 - 6.5 sec. 1.00E+07 • Data transfers* 829363 • interactive : TCP-telnet, 1.00E+06 ICMP, UDP-NTP • transaction oriented : TCP-FTP, TCP-SMTP 1.00E+05 124 197 228 530 1 2 4 5 10 12 17 18 30 68 • bulk data transfer : TCP-FTPD, TCP-WWW packets per flow • A cross-check of the findings of k. Claffy et al. at “Traffic Characteristics of the T1 NSFNET Backbone”. Communication Networks Laboratory

  14. Traffic Statistics – Packet Size Analysis 100 50 1st Sample 2nd Sample 45 90 40 80 Cumulative Percentage % P a c k e ts 35 70 30 60 25 50 20 15 40 10 30 5 20 0 10 Packets of November 0 -3 2 3 3 -6 4 6 5 -9 6 5 7 7 -1 0 2 4 1 0 2 5 -1 5 3 6 9 7 -1 2 8 1 2 9 -1 6 0 1 6 1 -1 9 2 1 9 3 -2 2 4 2 2 5 -2 5 6 2 5 7 -2 8 8 2 8 9 -3 2 0 3 2 1 -3 5 2 3 5 3 -3 8 4 3 8 5 -4 1 6 4 1 7 -4 4 8 4 4 9 -4 8 0 4 8 1 -5 1 2 5 1 3 -5 4 4 5 4 5 -5 7 6 Packets of March 0 2 6 0 4 8 2 6 0 4 4 7 3 9 6 2 8 5 1 8 4 2 3 - - 1 2 2 3 4 4 5 0 5 0 5 - - - - - - - 1 1 6 9 3 7 1 5 9 3 - 2 9 5 2 8 4 1 7 > 1 1 2 3 3 4 5 7 5 IP packet size (bytes) Packet Size (bytes) • Dual-modal pattern • Large size packets caused • Predominance of small-sized • By Ethernet full size packets caused packets • by TCP control segments and and • By p2p applications • by HTTP application Communication Networks Laboratory

  15. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  16. Traffic Statistics – Traffic Locality • Outgoing traffic: The 50 100 Percent of traffic send by source most busy sources (of the 6188) in a 5-minute sample, 80 are responsible for 60 – 94.5% of the bytes – 93.1% of the flows 40 – 90.9% of the packets. 20 • Incoming traffic: The same users: 0 – 76.6% of the bytes 1 5 9 3 7 1 5 9 3 7 1 5 9 1 1 2 2 2 3 3 4 4 4 – 77.5% of the flows Number of Hosts incoming bytes incoming packets incoming flows – 52.5% of the packets. outgoing bytes outgoing packets outgoing flows • The same results were observed in the 250 minutes samples. Communication Networks Laboratory

  17. Overview • Network Architecture • Measurement Methodology • Traffic Statistics • Service Analysis • Protocol Analysis • Flow Analysis • Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  18. Peer-to-Peer Services outgoing traffic incoming traffic Protocol bits % packets % flows % bits % packets % flows % BitTorrent 25,6 17,9 5,9 23,3 18,7 7 eMule 19,5 16,1 12,8 10,6 14,3 14,6 Napster 3 2,5 0,3 2,2 2,3 0,4 Gnutella 0,3 0,3 0,2 0,2 0,3 0,2 Kazaa 0,2 0,2 0,1 0,4 0,2 0,1 Direct Connect 0,1 0 0 0,1 0 0 Total 48,7 37 19,3 36,8 35,8 22,3 • Very Difficult to identify P2P traffic The 3 rd generation P2P systems use arbitrary ports for the P2P connections • • Still 25% of the traffic is unknown • 32,3% - 48,7% of the outgoing and 14% - 39% of the incoming bytes are caused by P2P services Communication Networks Laboratory

  19. Peer-to-Peer Services • P2P services are active 24 hours per day + they do not follow the traffic pattern of the overall traffic • Emule and BitTorrent were the two most prevalent protocols. • After 19/12/2004 the use of BitTorrent was reduced significantly because of the shut down of Suprnova.org Communication Networks Laboratory

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1 Presentation By Henk van Doorn & Marko Spithoff Relevance Security Audits Company Detects (Attempted) Breach Accountability Of Actions 2

337 views • 22 slides
Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods Basil AsSadhan Department of Electrical Engineering & Center of Excellence in Information Assurance King Saud University April 13-14, 2014

609 views • 39 slides
A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two

A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two

A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two knowledge gaps: high delay high delay correlation correlation How do we distinguish BOS delays: 90 min BOS delays: 10 min unexpected spatial

357 views • 3 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin

Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin

Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

619 views • 26 slides
Broadband services for schools through the Greek School Network Christos Bouras Professor,

Broadband services for schools through the Greek School Network Christos Bouras Professor,

Broadband services for schools through the Greek School Network Christos Bouras Professor, University of Patras Computer Technology Institute B ro a d b a n d E d u c a tio n S e rv ic e s , 1 1 -1 2 J u n e 2 009, C re te , G re e c e

749 views • 18 slides
20 10 University of Crete and the Greek School Network Emmanouil Zouraris

20 10 University of Crete and the Greek School Network Emmanouil Zouraris

& Multimedia Services at the 20 10 University of Crete and the Greek School Network Emmanouil Zouraris University Of Crete Networks

663 views • 35 slides
Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher Previously: Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre rootaccesspodcast.com Behavioral Analysis VIDEO analyzing website visitors

1.45k views • 127 slides
Clean Air Parents Network Webinar 21 st July 2020 Low Traffic Neighbourhoods WHY LOW TRAFFIC

Clean Air Parents Network Webinar 21 st July 2020 Low Traffic Neighbourhoods WHY LOW TRAFFIC

Clean Air Parents Network Webinar 21 st July 2020 Low Traffic Neighbourhoods WHY LOW TRAFFIC NEIGHBOURHOODS? Part of the response to the damage motor traffic causes road casualties, air quality, community, public health and active

257 views • 13 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port

Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port

Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port (18 hours of traffic to AT&T dial clients on July 22, 1997) N a m e port % bytes % packets bytes per packet w o r l d - w i d e

425 views • 31 slides
School Streets Why School Streets? They reduce traffic, and therefore pollution. (25% of

School Streets Why School Streets? They reduce traffic, and therefore pollution. (25% of

School Streets Why School Streets? They reduce traffic, and therefore pollution. (25% of rush hour traffic in London is cars doing the school run). They create a safer environment for everyone near and outside a school. They

98 views • 6 slides
Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader Lesson Conclusion Outline

777 views • 36 slides
Latin and Greek Elements in English Lessons 1 and 2: Overview of Greek Civilization

Latin and Greek Elements in English Lessons 1 and 2: Overview of Greek Civilization

Latin and Greek Elements in English Lessons 1 and 2: Overview of Greek Civilization Prehistory Indo-European Invasions earliest known inhabitants are the mysterious Pelasgians some ancient Greek words/names may be Pelasgian in

199 views • 16 slides
Latin and Greek Elements in English Lesson 3: Greek Bases in general, its somewhat more

Latin and Greek Elements in English Lesson 3: Greek Bases in general, its somewhat more

Latin and Greek Elements in English Lesson 3: Greek Bases in general, its somewhat more difficult to learn Greek forms than their Latin counterparts, e.g. de- vs. cata- n.b. the Greek language never influenced early English to the

257 views • 7 slides
Mining Network Traffic Data Ljiljana Trajkovi ljilja@cs.sfu.ca Communication Networks

Mining Network Traffic Data Ljiljana Trajkovi ljilja@cs.sfu.ca Communication Networks

Mining Network Traffic Data Ljiljana Trajkovi ljilja@cs.sfu.ca Communication Networks Laboratory http://www.ensc.sfu.ca/cnl School of Engineering Science Simon Fraser University, Vancouver, British Columbia Canada Roadmap Introduction

1.97k views • 145 slides
IP EuroNF Wrzburg July 21-22 2008 1 Network (R)Evolution Future Internet Interconnecting

IP EuroNF Wrzburg July 21-22 2008 1 Network (R)Evolution Future Internet Interconnecting

The Way 4WARD to a Creation of a Future Internet Henrik Abramowicz Ericsson Research EuroNF Wrzburg July 21-22 2008 Challenging the IP fortress - will this be successful ? IP EuroNF Wrzburg July 21-22 2008 1 Network (R)Evolution

223 views • 9 slides
Organo gold presentation pdf Direct Link #1 Same goes for Live Folders. BTW, like myself, most of

Organo gold presentation pdf Direct Link #1 Same goes for Live Folders. BTW, like myself, most of

DownloadOrgano gold presentation pdf. Bought the game today and glad I did. Maintaining updated Sony MiniDV HandyCam DCR-HC42 software prevents crashes and maximizes hardware and system performance. In order to complete his mission the mercenary

424 views • 3 slides
Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform Stable Coin Dapps Sum $ Bitcoin 154.00 $ Ethereum 29.00 $ XRP 18.70 $ BCH 7.70 $ EOS 7.20 $ LiteCoin 7.00 $ BNB 4.70 $ Tether

160 views • 12 slides
Data Integration and Analysis Systems DA 09 02a Task Update Rick Lawford and Toshio Koike

Data Integration and Analysis Systems DA 09 02a Task Update Rick Lawford and Toshio Koike

Data Integration and Analysis Systems DA 09 02a Task Update Rick Lawford and Toshio Koike Presented at the ADC meeting Melbourne, Australia September, 2009 DA 09 02a Task Report (September. 2009) In the winter of 2008 2009 a

267 views • 9 slides
Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification Daniel

Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification Daniel

Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification Daniel Nechay, Yvan Pointurier and Mark Coates McGill University Department of Electrical and Computer Engineering Montreal, Quebec, Canada April 22, 2009

515 views • 24 slides
How to save 150,000 dollars a year InHome: Peer-to-Peer Local Area Caching Mihir Kedia, Raluca

How to save 150,000 dollars a year InHome: Peer-to-Peer Local Area Caching Mihir Kedia, Raluca

Introduction System Description Evaluation Conclusion How to save 150,000 dollars a year InHome: Peer-to-Peer Local Area Caching Mihir Kedia, Raluca Ada Popa, Irene Zhang May 9, 2008 Mihir Kedia, Raluca Ada Popa, Irene Zhang InHome:

488 views • 14 slides
Efficient Content Location Using Interest-Based Locality in Peer-to-Peer Systems authors: K.

Efficient Content Location Using Interest-Based Locality in Peer-to-Peer Systems authors: K.

Data Centric Networking (R202) paper Efficient Content Location Using Interest-Based Locality in Peer-to-Peer Systems authors: K. Sripanidkulchai et. al. (CMU) MPhil in ACS reviewer/presenter: S. Trajanovski ( st508

418 views • 22 slides
Self-Service HR: Self Service HR: My Biz and My Workplace Revised July 2009 Introduction DoD

Self-Service HR: Self Service HR: My Biz and My Workplace Revised July 2009 Introduction DoD

Self-Service HR: Self Service HR: My Biz and My Workplace Revised July 2009 Introduction DoD introduces Self-Service HR functionality within the Defense Civilian Personnel Data System (DCPDS) th through two easy-to-use modules: h t t d l

260 views • 23 slides

More recommend