1 / 14

Web-based Internet Traffic Analysis Using Flows

Web-based Internet Traffic Analysis Using Flows. Siegfried Löffler Paul Christ Martin Lorang. loeffler@cdi.cdi.fr. paul.christ@rus.uni-stuttgart.de. lorang@ind.uni-stuttgart.de. 6th Open Workshop for High Speed Networks, Stuttgart, October 1997. Outline. Existing Traffic Analysis Tools

neola
Télécharger la présentation

Web-based Internet Traffic Analysis Using Flows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web-based Internet Traffic Analysis Using Flows Siegfried Löffler Paul Christ Martin Lorang loeffler@cdi.cdi.fr paul.christ@rus.uni-stuttgart.de lorang@ind.uni-stuttgart.de 6th Open Workshop for High Speed Networks, Stuttgart, October 1997

  2. Outline • Existing Traffic Analysis Tools • Traditional Solutions • Web-Based Products • Using Flowsfor Traffic Analysis • The IETF Realtime Traffic Flow Measurement (RTFM) Architecture • Writing Web based Applications • Implementation of a RTFM analysis application in Java • Conclusions

  3. Traditional Traffic Analysis • tcpdump: • Put Network Adapter Driver into „Promiscuous“ Mode. High CPU and Bus Load. • „libpcap“ Packet Capturing Library • ASCII / Hex dump of all Packets - High Volume Output • SNMP Counters: • Several Products (HP OpenView, ...) for Graphical Display. • RMON/RMON2: Probes can be placed in interesting points Problems: • Hard to find „interesting“ packets with tools like tcpdump. • Not enough Information with tools showing only counters. • No Web Interface

  4. Existing Web-based Developments • Trend: Network Management-Tools use the WWW as User Interface • mrtg - Multi Router Traffic Grapher • Many Projects - Usually limited to the (static) display of SNMP counters.

  5. Existing Web-based Developments • Java-based Network Management Products - Adventnet, IBMand some others. • AdventNet “NetMonitor”: Toolkit to create own SNMP Java Applets with a visual builder (Generates Java Code) • SNMPv2c Class Libraries

  6. Flows • Claffy, Braun and Polyzos “A parametrizable methodology for Internet traffic flow profiling” • Try to identify sequences of packets as one flow, avoiding the necessity to check for connection establishment/end packets. • Data packets have to match criteria that have been chosen for the flow („Flow Specification“) Packet Arrivals Packet matches Flow Specification for Flow 1 Checkpoints Time Duration Flow 1 LastPacket Timeout:End Flow 1 BeginFlow 1

  7. Flows & Traffic Analysis • Cisco: NetFlow Data Export • OC3MON: Flow Measurement at 150 Mbit/s ATM OC-3(NLANR, MCI) • Hardware • Modified FORE Firmware • Software: DOS; telnet; ASCII • OC12MON • IETF RTFM Architecture OC3MON PC Fore PCA200-PCI Fore PCA200-PCI Optical splitters EthernetNetwork Card

  8. The IETF RTFM Architecture • Architecture: RFC 2063 • Initally aimed at Accounting(RFC 1272) • Experiences with NeTraMet(RFC 2123) by Nevil Brownlee, Univ. Auckland, New Zealand • Free • UNIX, DOS • Configurable • OC3MON Version Meter Manager SNMP Meter Reader Analysis Application

  9. Internet Programming for the Web • Programming for the Web: CGI, JavaScript, Java. • CGI programs runs on Web Server and produce HTML output (static). • Java Programs allow non-static interaction. • Java is Platform independent CGI Progams run on Web Server: Server Machine Client Machine CGI Java Programs run in Client Web Browser: Server Machine Client Machine Internet Web Server JavaVM Program I/O Path over which the Program is Loaded

  10. Java Security • Socket Connections are only allowed to Web Server (where Code has been loaded from) or to local machine. • Solution: Secure Applet Server (SAS) runs on Web Server and redirects SNMP traffic. Server Machine Client Machine Internet Java VM Web Server Java VM SNMPAPPLET SASSERVER SNMP Traffic SNMP Agent

  11. Analysis Application in Java • Display of the current Traffic on the Network in “Real Time” inside of a Web Browser. • Netscape on Pent 166:Reads about 300 flow records in 10 seconds • Object-Oriented Code should allow integration into a web-based management environment. • Displayed Information:X-Axis: Flow DurationY-Axis: PDU CountSymbol: Flow Kind

  12. FLuid / Flow Information • Child window for each flow, updated after each query. • Currently those windows can just display counters for the selected flows.It would be interesting to allow creation of graphs etc. • N. Brownlee is working on adding “distributions” to the Architecture - could then add distribution analysis for each flow.

  13. Conclusions / Outlook • Possible to write RTFM applications / applets in Java - Security Restrictions can be resolved, Java is fast enough to transfer the packaged flow table in a reasonable time. • Implementation works, more functionality has to be added. (Currently no additional functionality compared to the NeTraMet Analysis Applications) • Object Oriented Effort useful (Code Reuse) - Network Management Applications usually have to be customized to fulfill the local requirements. • Interesting to work on Flows for Traffic Measurement and Analysis in order to make the Flow paradigm eventually applicable to Resource Reservation and Switching

  14. More Information • Our Work: http://ksoc3mon2.rus.uni-stuttgart.de/diplomhttp://www.mathematik.uni-stuttgart.de/~floeff • IETF RTFM WG:http://www.ietf.org/html.charters/rtfm-charter.html • NeTraMet:ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet • OC3MON/OC12MON:http://www.nlanr.net/NA • AdventNet Java & SNMP:http://www.adventnet.com

More Related