monitoring tool for analysing the use of the internet
play

Monitoring Tool for Analysing the Use of the Internet Services in - PDF document

Dec 20, 2023 •390 likes •682 views

Monitoring Tool for Analysing the Use of the Internet Services in the Spanish Academic Network Jordi Domingo-Pascual Universitat Politcnica de Catalunya jordi.domingo@ac.upc.es Partners: UC3M, UPC and UPM Project Objectives

  1. “Monitoring Tool for Analysing the Use of the Internet Services in the Spanish Academic Network” Jordi Domingo-Pascual Universitat Politècnica de Catalunya jordi.domingo@ac.upc.es Partners: UC3M, UPC and UPM Project Objectives ❐ Traffic Capture Subsystem ● High Speed ● AAL5 Reassembly ● Modular and scalable ● Low cost ❐ Support for many Traffic Analysis tools: ● Identification and aggregation of bi-directional flows ● Traffic classification by usage ● Traffic classification by origin / destination ● Internet header verification ● Detailed analysis (including contents for AUP audits) 1

  2. Functional Architecture MEHARI System Analysis Subsystem Capture Subsystem Analysis Platform(s) Auto- regulation IP Biflows Capture Platform(s) ATM 1 PPS + symptoms Preprocessing PPS Application ATM 1 ATM 0 Module ATM 1 Modules ATM 0 Traffic ATM 0 Samples Data base -patterns - addresses ATM Statistics - ... and Reports Cells Operator ATM Backbone Capture point Capture Subsystem ❐ Modular and scalable ● N units over the same or different trunk links ● Requires high speed connection to the analysis subsystem ❐ Senses ALL VPI/VCI in the fiber ● Captures in promiscuous or filtered mode over VPI/VCI list ❐ Capture capacity for each unit ● Sustained Average of 8 Mbit/s for a 6,000 Euros unit ● 3,000% better price/performance than commercial protocol analyzers (2 Mbit/s on HP BSTS) ● Capture rate controled by analysis rate 2

  3. Capture Subsystem: Hardware ❐ 1 PC Pentium 200 MHz ❐ 128M RAM ❐ 4G Hard Disc ❐ 1 Ethernet NIC (10/100) ❐ 2 ATM NICs PCI SC-155, Fore PCA-200EPC 256KB ❐ 2 passive f.o. splitters SC ❐ Cost: ~ 5000 $ Capture Subsystem: Software ❐ S.O. Unix FreeBSD 2.2.5 ❐ Software OC3MON/BSD (modified by DIT-UPM) ● fatm-driver ● capture ❐ dumpcap application developped by DIT-UPM ● VPI/VCI demultiplexing and filtering ● reassembly of AAL5 frames ● dump to capture files ❐ NFS client for downloading capture files to the analysis subsystem 3

  4. Capture Files length (bytes) timestamp UNIX Truncated AAL5 (seg.µseg) VPI/VCI info field 0:893083746.654070:100/1:1064 :45000428E81B40002F062E36C600B... 1:893083746.654090:100/1:44:4500002C00AC400037069CF5CC4B3C... frame 2:893083746.654101:100/1:40:45000028455840003606052FCF4F2C1... seq_num 3:893083746.654280:103/224:1500:450005DC6C4B4000FD06142640... 4:893083746.654288:103/224:40:45000028240440007B06401E829FD... 5:893083746.654517:103/224:400:45000190B30340001D06B516238A... ...... 1668:893083746.813551:100/1:281:4500011976710000FB04BFFCE40... # init_time=893083746.652986 final_time=893083746.813582 cap_time=0.160596 Files with programmable granularity Functional Architecture MEHARI System Analysis Subsystem Capture Subsystem Analysis Platform(s) Auto- regulation IP Biflows Capture Platform(s) ATM 1 PPS + symptoms Preprocessing PPS Application ATM 1 ATM 0 Module ATM 1 Modules ATM 0 Traffic ATM 0 Samples Data base -patterns - addresses Statistics ATM - ... and Reports Cells Operator ATM Backbone Capture point 4

  5. Analysis Subsystem: Hardware ❐ PC Pentium 200 MHz ❐ 128M RAM ❐ 4G Hard Disc ❐ 2 Ethernet NICs (10/100) ❐ Cost: ~ 2500 $ Analysis Subsystem: Software ❐ Modular and Scalable Architecture ● N analysis platforms connected to one or more capture platforms ● PC Linux RedHat 5.0 ❐ Pre-processing module: ● Process of the samples “on-the-fly” ● Extract “relevant” information ● Erase capture files ❐ Analysis tools or Application modules: ● Classify traffic by use ● Classify traffic by destination ● Packet header verification ● Server location tool ● Usage based pricing tool ● ... 5

  6. Analysis Subsystem Architecture Common Configuration language Common format Generic Generic Analysis Analysis Preprocessing Analysis Analysis Module module Module Module module (filter) (filter) Specific Specific Analysis Analysis Module module Modularity and Scalability P 1.2 P 1.1.2 P 1.1 P 1.1.1 P 1.1.3 P 1.3 P 1.3.1 ❐ Process tree structure for information flow ❐ Interprocess Comunication using shared files ❐ May be distributed among several machines using NFS 6

  7. Key Issues of the Architecture ❐ Modularity ❐ Common data types and file format definition ❐ Common configuration interface ❐ This allows: ● the insertion of new processes in the whole analysis chain ● to obtain partial results in the analysis chain ● to control processes and to browse results from a single GUI Pre-processing Module ❐ Main functions ● packet agreggation to flows ● packet analysis ● count of symptoms associated to each flow ❐ Produces flow list with associated information: ● flow desc with packet and byte count ● weighted list of symptoms ❐ Highly configurable: ● symptom definition and inter-relation ● aggregation period 7

  8. Pre-processing Module CAP*.1 AFL*.1 AAF*.1 Anaflow Acum BFL* Base de datos Biflow de patrones AAF*.0 CAP*.0 AFL*.0 Anaflow Acum Flujos Flujos Flujos Paquetes IP Unidireccionales Unidireccionales Bidireccionales Acumulados ❐ anaflow: análisis de paquetes IP y extracción de síntomas ❐ accum: agregación de nº bytes, nº paquetes y síntomas en flujos unidireccionales, según período ❐ biflow: correlación de tráfico E/S para obtención de flujos bidireccionales, conservando síntomas Application Modules ❐ Traffic analysis by volume ❐ Traffic analysis by origin/destination ❐ Header analysis and verification ❐ Server location tool ❐ Traffic classification (explicit routing) ❐ Usage based pricing tool 8

  9. Trial on Spanish Academic Network: RedIRIS RedIRIS: the Spanish NRN Splitters GIGACOM RedIRIS RedIRIS Telefónica ATM Core Regional Router Nodes Network ATM Access Switch 100 BaseT 1 STM-1 ATM Ethernet Internet Optical 0 (RedIris ) Interfaces NFS Remote Access Analysis PC Traffic Capture PC (LINUX) (FreeBSD) Spanish Academic Network Topology 9

  10. Some applications of these tools ❐ Traffic monitoring ● Billing and charging models for NRN and Corporate Networks ● Network configuration - Resources dimensioning - Placing Proxies, ... ❐ Service usage control ● Control that the services are used responsibly, i. e. auditing the academic networks AUP (Acceptable Use Policy) ● Security Summary ❐ Modular, scalable and extensible architecture ❐ Capture systems with excellent price/performance ❐ Flow information aggregation with symptoms and bi- directional flow correlation ❐ Intermediate data base of patterns and addresses ❐ Application modules currently implemented: ● Classification by usage (AUP) ● Classification by origin/destination ● Packet Header analysis 10

  11. Traffic Analysis by volume ❐ Bandwidth utilization ❐ Packet size distribution ❐ Protocol distribution ❐ Cumulative graphs Backbone Utilization 30% Entrada 25% Salida Utilización (%) 20% 15% 10% 5% 0% 00:00 02:00 04:00 06:00 08:00 10:00 12:00 14:00 16:00 18:00 20:00 22:00 00:00 11

  12. Utilization per Access Node IP over ATM overhead (in) 50% Sobrecarga media en Entrada: 15,12% 45% 40% % Tráfico de sobrecarga 35% % Tráfico total 30% % Tráfico útil 25% 20% 15% 10% 5% 0% < 41 89-136 185-232 281-328 377-424 473-520 569-616 665-712 761-808 857-904 953-1000 1049-1096 1145-1192 1241-1288 1337-1384 1433-1480 > 1528 Longitud de paquetes IP (bytes) 12

  13. % Paquetes 10% 20% 30% 40% 50% 60% % Tráfico total 0% 10% 15% 20% 25% 30% 35% 40% 45% 50% 0% 5% < 41 < 41 89-136 89-136 185-232 IP over ATM overhead (out) Packet Length Distribution 185-232 281-328 281-328 377-424 377-424 Sobrecarga media en Salida: 20,83% 473-520 Longitud de paquetes IP (bytes) 473-520 569-616 569-616 % % Longitud (bytes) Tráfico útil Tráfico de sobrecarga 665-712 665-712 761-808 761-808 857-904 857-904 953-1000 953-1000 1049-1096 1049-1096 1145-1192 1145-1192 1241-1288 Salida Entrada 1241-1288 1337-1384 1337-1384 1433-1480 1433-1480 > 1528 > 1528 13

  14. Protocol Distribution (mean packet length) Protocol Distribution (percentage of packets) 14

  15. Traffic Distribution 350 unknown Entrada others 300 multicastIP EIGRP 250 games irc Mbytes 200 snmp 150 dns telnet 100 smtp nntp 50 ftp http 0 0:00 2:00 4:00 6:00 8:00 10:00 12:00 14:00 16:00 18:00 20:00 22:00 0:00 Traffic origin/destination analysis module Traffic Origin/Destination Analysis Module (TODM) Official IRR Data Bases Processor NRN BGP other... Subnetwork, CIDR, ASs, ... Databases Summary Report Files Identification Pre-processing of AS Module (TCM) IP Biflows 15

  16. Traffic Classification by AS ❐ Maps of AS by destination ❐ Traffic statistics by outside links of RedIRIS (Ibernet, TEN-155 y USA) classified by CCAA (regions) ❐ Statistics of the most visited subnetworks within the relevant AS ❐ This output may be used by other modules Sample of Results: Main traffic origin/destination (I) 100% % Bytes (Input traffic) 90% 80% 70% RedIRIS 60% TEN-34/155 Ibernet 50% Rest of Internet (through USA) 40% 30% 20% 10% 0% User Groups (17) 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Monitoring and analysing multilingual media reports Monitoring and analysing multilingual media

Monitoring and analysing multilingual media reports Monitoring and analysing multilingual media

The Second KYOTO Workshop, Gifu, Japan, 26 January 2011 1 Monitoring and analysing multilingual media reports Monitoring and analysing multilingual media reports to support users in their daily work Ralf Steinberger &amp; the JRCs OPTIMA

319 views • 28 slides
Monitoring DNS? Analysing DNS! Roy Arends Research Fellow Nominet UK What is Monitoring?

Monitoring DNS? Analysing DNS! Roy Arends Research Fellow Nominet UK What is Monitoring?

Monitoring DNS? Analysing DNS! Roy Arends Research Fellow Nominet UK What is Monitoring? Monitoring hints at an incident (what is happening) Analysing is the actual hard work (why is it happening) Technology BumbleBee has been

604 views • 12 slides
**** PPR Monitoring and Assessment Tool A Companion Tool of the Global Strategy for the PPR

**** PPR Monitoring and Assessment Tool A Companion Tool of the Global Strategy for the PPR

Dr Giancarlo Ferrari (FAO) Dr Nadge Leboucq (OIE) Members of the GFTADs PPR Working Group **** PPR Monitoring and Assessment Tool **** PPR Monitoring and Assessment Tool A Companion Tool of the Global Strategy for the PPR MONITORING and

566 views • 33 slides
Monitoring Advanced Tiers Tool (MATT) PBIS Assessment Annual Assessment Progress Monitoring

Monitoring Advanced Tiers Tool (MATT) PBIS Assessment Annual Assessment Progress Monitoring

Monitoring Advanced Tiers Tool (MATT) PBIS Assessment Annual Assessment Progress Monitoring Research Tool Tool Tool Universal Team Implementation Benchmarks of Quality Checklist (TIC 3) System System-wide Evaluation (BoQ) Tool PBIS

569 views • 56 slides
Monitoring and Analysing Professional Speed Skaters Jac Orie Arno Knobbe LottoNL-Jumbo Speed

Monitoring and Analysing Professional Speed Skaters Jac Orie Arno Knobbe LottoNL-Jumbo Speed

Monitoring and Analysing Professional Speed Skaters Jac Orie Arno Knobbe LottoNL-Jumbo Speed Skating Team Skaters: Sven Kramer, Wouter Olde Heuvel, Kjeld Nuis, Some 16 Olympic medals + numerous championships Why? WE WANT TO WIN

404 views • 19 slides
Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &amp;

Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &amp;

CyLab Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &amp; Public Policy Lorrie Faith Cranor September 30, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533

440 views • 42 slides
Open Source Tools for Mining and Analysing Web Data @ Scale Kris Carpenter Negulescu, Internet

Open Source Tools for Mining and Analysing Web Data @ Scale Kris Carpenter Negulescu, Internet

Open Source Tools for Mining and Analysing Web Data @ Scale Kris Carpenter Negulescu, Internet Archive Annual Meeting, Washington DC July 20, 2011 Key Problems to Address &amp; Primary Benefits Archived Web Data is often isolated,

262 views • 5 slides
Monitoring and Analysing Professional Speed Skaters 1 LottoNL-Jumbo Speed Skating Team Trainer:

Monitoring and Analysing Professional Speed Skaters 1 LottoNL-Jumbo Speed Skating Team Trainer:

Monitoring and Analysing Professional Speed Skaters 1 LottoNL-Jumbo Speed Skating Team Trainer: Jac Orie Skaters: Sven Kramer, Wouter Olde Heuvel, Kjeld Nuis, 2 Historical Training Data 15 years of data collected Some 40

126 views • 12 slides
The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet

The network neutrality bot architecture: a preliminary approach for self-monitoring of Internet access QoS Simone Basso Antonio Servetti Juan Carlos De Martin NEXA Center for Internet &amp; Society Politecnico di Torino, Italy

522 views • 14 slides
Outline Introduction Background Progress on the implementation of the MTSF

Outline Introduction Background Progress on the implementation of the MTSF

Outline Introduction Background Progress on the implementation of the MTSF Analysing the Programme of Action Report Analysing the 2014 2019 MTSFs Analysing the performance management system of government Analysing

946 views • 18 slides
Week 5 Kullmann Analysing BFS Depth-first search Depth-first search Analysing DFS

Week 5 Kullmann Analysing BFS Depth-first search Depth-first search Analysing DFS

CS 270 Algorithms Oliver Week 5 Kullmann Analysing BFS Depth-first search Depth-first search Analysing DFS Analysing BFS Dags and 1 topological sorting Detecting Depth-first search 2 cycles Analysing DFS 3 Dags and topological

482 views • 23 slides
What The Observatory Tool is and how it can be useful for YOU The Global Internet

What The Observatory Tool is and how it can be useful for YOU The Global Internet

TECHNICAL DEVELOPMENT OF THE ONLINE PLATFORM FOR THE GLOBAL INTERNET POLICY OBSERVATORY SMART 2014/0026 What The Observatory Tool is and how it can be useful for YOU The

547 views • 20 slides
Internet of things: Next evolution of the Internet Cisco blog quotes: The number of devices

Internet of things: Next evolution of the Internet Cisco blog quotes: The number of devices

6PANview : A Network Monitoring System for the Internet of Things 23-August-2011 Lohith Y S, Brinda M C, Anand SVR, Malati Hegde Department of ECE Indian Institute of Science Bangalore Funded by DIT, Government of India Internet of

520 views • 20 slides
We are not interested in prescribing how games should be played. We are interested in analysing how

We are not interested in prescribing how games should be played. We are interested in analysing how

Playing Games by Thinking Ahead Adrian Ve5a MITACS Workshop on Internet and Network Economics , Vancouver, May 2011. We are not interested in prescribing how games should be played. We are interested in analysing how games really are played. We

678 views • 49 slides
REAL TIME VOLTAGE STABILITY MONITORING OF POWER SYSTEMS USING 'RT-VSM Tool' Dr. Saugata S. Biswas

REAL TIME VOLTAGE STABILITY MONITORING OF POWER SYSTEMS USING 'RT-VSM Tool' Dr. Saugata S. Biswas

REAL TIME VOLTAGE STABILITY MONITORING OF POWER SYSTEMS USING 'RT-VSM Tool' Dr. Saugata S. Biswas Dr. Anurag K. Srivastava 1. Motivation For A New Online Voltage Stability Monitoring Algorithm / Tool Common Approaches for Online Static

282 views • 14 slides
ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet Internet Mendelson AS4 Gateway - Open Source based solution - Very reactive team / use of their AS2 system (about 8000 msg / day) - Participation in

234 views • 6 slides
mem o ry noun \memr, mem\ 1 a: the power or process of reproducing or

mem o ry noun \memr, mem\ 1 a: the power or process of reproducing or

Memory 3.0 (Three Dot O) Memory 3.0 (Three Dot O) Sangyeun Cho Memory Solutions Lab, Memory Division Samsung Electronics Co. Memory 3.0 1 mem o ry noun \memr, mem\ 1 a: the power or process of reproducing or recalling what

775 views • 44 slides
Devopsn the Operating System John Willis Director of Ecosystem Development Docker, Inc.

Devopsn the Operating System John Willis Director of Ecosystem Development Docker, Inc.

Devopsn the Operating System John Willis Director of Ecosystem Development Docker, Inc. @botchagalupe a.k.a. John Willis 35 Years in IT Operations Exxon, Canonical, Chef, Enstratius, Socketplane Devopsdays Core

872 views • 45 slides
DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th

DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th

DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th 2011 DNSSEC validation - Validation rate not rising very much - Interesting to see what will happen after .com signing 2 SURFnet. We make

482 views • 16 slides
Institute of Computational Modeling SB RAS ORGANIZATION OF ACCESS TO OBSERVATIONAL DATA USING WEB

Institute of Computational Modeling SB RAS ORGANIZATION OF ACCESS TO OBSERVATIONAL DATA USING WEB

Institute of Computational Modeling SB RAS ORGANIZATION OF ACCESS TO OBSERVATIONAL DATA USING WEB SERVICES FOR MONITORING SYSTEMS THE STATE OF THE ENVIRONMENT Kadochnikov Aleksey A. Russia, Krasnoyarsk - 2013 The main tasks of software and

182 views • 17 slides
Helsinki, 8 December 2003 Title: The current truth about heaps Speaker: Jyrki Katajainen

Helsinki, 8 December 2003 Title: The current truth about heaps Speaker: Jyrki Katajainen

Helsinki, 8 December 2003 Title: The current truth about heaps Speaker: Jyrki Katajainen Co-workers: Claus Jensen and Fabio Vitale This talk is about the heaps we all love. I will explain how the heap functions are im- plemented in the CPH

820 views • 30 slides
Operating Systems Administration Curso de Adaptaci on ao Grao para enxe neiros t ecnicos

Operating Systems Administration Curso de Adaptaci on ao Grao para enxe neiros t ecnicos

Operating Systems Administration Curso de Adaptaci on ao Grao para enxe neiros t ecnicos en inform atica Timetable Operating Systems Administration Monday Tuesday Wednesday Thursday Friday 19:30 theory laboratory 21:00

300 views • 14 slides
NetFORCE NetFORCE DATA INTEGRITY AND AVAILABILITY DATA INTEGRITY AND AVAILABILITY ACROSS ALL

NetFORCE NetFORCE DATA INTEGRITY AND AVAILABILITY DATA INTEGRITY AND AVAILABILITY ACROSS ALL

HITACHI D A T A S Y S T E M S FREEDOM STORAGE NETWORKS FREEDOM STORAGE NETWORKS ph ph NetFORCE NetFORCE DATA INTEGRITY AND AVAILABILITY DATA INTEGRITY AND AVAILABILITY ACROSS ALL BOUNDARIES ACROSS ALL BOUNDARIES HITACHI D A T A S Y S

509 views • 46 slides
1983 Thank you, fellow time travelers from the Future Dave Cheney Alan Donovan Steve

1983 Thank you, fellow time travelers from the Future Dave Cheney Alan Donovan Steve

The Why of Go 21st Century Programming Languages Track, Qcon SF Carmen Andoh 1983 Thank you, fellow time travelers from the Future Dave Cheney Alan Donovan Steve Francia Jrme Pettazoni Back to 1983 (from 1985, but whetev,

1.67k views • 137 slides

More recommend