1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

Slides:

Advertisements

Similar presentations

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.

Advertisements

Networks and TCP/IP Part 2. PORTS Ports – What and Why are They?  Typically: Computers usually have only one network access point to the internet 

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Data Communications System By Ajarn Preecha Pangsuban.

An Empirical Study of Real Audio Traffic A. Mena and J. Heidemann USC/Information Sciences Institute In Proceedings of IEEE Infocom Tel-Aviv, Israel March.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

Characterization by Measurement of a CDMA 1x EVDO Network Presenter: Mingzhe Li Wireless Internet Conference (WICON’06) Boston, Massachusetts,

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Introduction To Networking

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.

KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 3 Performance Measurement of TCP/IP Networks.

Module 1: Reviewing the Suite of TCP/IP Protocols.

Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.

Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Measuring the Internet: A case study by Bob Mandeville and Andrew Corlett

MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers.

1 Measuring Congestion Responsiveness of Windows Streaming Media James Nichols Advisors: Prof. Mark Claypool Prof. Bob Kinicki Reader: Prof. David Finkel.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Chapter 2 Dissecting the OSI Model

April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.

Multimedia and Networks. Protocols (rules) Rules governing the exchange of data over networks Conceptually organized into stacked layers – Application-oriented.

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

Improving TCP Performance over Wireless Networks

S305 – Network Infrastructure Chapter 5 Network and Transport Layers.

Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/05/15 IPv6-based wireless sensor network 1.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 1.Introduction.

Linux Operations and Administration Chapter Eight Network Communications.

“OpenCALEA” Pragmatic Cost Effective CALEA Compliance Manish Karir, Merit - Research and Development.

정하경 MMLAB Fundamentals of Internet Measurement: a Tutorial Nevil Brownlee, Chris Lossley, “Fundamentals of Internet Measurement: a Tutorial,” CMG journal.

High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon

Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.

An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Télécom R&D Guillaume Urvoy-Keller, Ernst.

TCP/IP Illustrated, Volume 1: The Protocols Chapter 6. ICMP: Internet Control Message Protocol ( 월 ) 김 철 환

#16 Application Measurement Presentation by Bobin John.

 Students will write a network monitoring tool to supervise network traffic  Open source is one of the keywords in the industry  Students will be using.

Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang

1 Internet Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.

PATH DIVERSITY WITH FORWARD ERROR CORRECTION SYSTEM FOR PACKET SWITCHED NETWORKS Thinh Nguyen and Avideh Zakhor IEEE INFOCOM 2003.

© 2006 Andreas Haeberlen, MPI-SWS 1 Monarch: A Tool to Emulate Transport Protocol Flows over the Internet at Large Andreas Haeberlen MPI-SWS / Rice University.

Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.

Chapter 5 Network and Transport Layers

Instructor Materials Chapter 8: Network Troubleshooting

“OpenCALEA” Pragmatic Cost Effective CALEA Compliance

The Devil and Packet Trace Anonymization

Lec 2: Protocols.

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

CPSC 641: WAN Measurement Carey Williamson

Computing Over Distance

Network Analyzer :- Introduction to Wireshark

TCP Protocol Analysis Access UMKC Home Page.

COEN 252 Computer Forensics

Carey Williamson Department of Computer Science University of Calgary

Module 4: Packet analysis

Transport Layer Identification of P2P Traffic

16EC Computer networks unit II Mr.M.Jagadesh

Internet Research Group at Clemson University

Presentation transcript:

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki MQP Presentation February 11,2004

2 Project Motivation Increase in broadband use Motorola is seeking more efficient hardware Changing Internet traffic Emergence of P2P applications Streaming media Captured TCP packets show trends Can draw conclusions based on data

3 Project Goals Characterize traffic patterns in traces Identify possible optimizations Hardware Software

4 Capture File Summary Packet sniffer at cable ISP head-end Captures traffic from upstream & downstream links Packet traces generated by tcpdump Uses libpcap capture file format Common format used by many Open Source tools Traces include all headers up to Transport layer Packets anonymized Each IP address mapped to unique, anonymous address Port numbers preserved

5 Tools libpcap Used to interpret tcpdump files Facilitated writing of custom programs to analyze data tcptrace Attempt to recreate the TCP flow Gathers many useful statistics about the flow Ethereal GUI front-end for tcpdump Allowed visualization of data

6 Results (Transport Protocols) TCP % total bytes transmitted UDP – 1.74% total bytes transmitted ICMP, GRE, ESP and OSPFIGP combine for the final 0.12%

7 Results (Application Protocols)

8 Results (Packet Sizes) We graphed the cumulative distribution function (CDF) of packet sizes. Most common packet size - 54 bytes 2 nd common packet size – 1514 bytes Average packet size – bytes Largest size encountered – 2062 bytes

9 Results (TCP-SACK) Prevalence among SYN- sending hosts Enabled on 30,377 hosts out of 33,542 Enabled on 97% of downstream hosts

10 Results (TCP-SACK)

11 Results (ECN) Nearly non-existent use of ECN Only 7 out of the 38,572 unique hosts were ECN capable Negligible performance implications with this low level of deployment

12 Results (Non-Responsive Traffic) What is non-responsive traffic? TCP accounts for 98.12% of traffic on average UDP accounts for most non-TCP traffic For our purposes, we assume all non-TCP traffic is non-responsive

13 Results (Non-Responsive Traffic) Methodology Set “high” and “low” as percentage of total traffic “high” = >5% of traffic during selected period “low” = <1% of traffic during selected period 3 30-second samples for high and low Performance metrics: RTT, Retransmission Rate

14 Results (Non-Responsive Traffic)

15 Results (Non-Responsive Traffic)

16 Results (Non-Responsive Traffic) Problems Finding suitable samples Difficult to find periods during which non- responsive traffic at peak

17 Results (Sample Sizes) We split trace files into 15 minute subunits SACK loss rates were computed: 15 minute trace files 30 minute trace files 1 hour trace files

18 Results (Sample Sizes cont.) These tests show a significant difference between the 15 and 30 min. samples and a much smaller difference between the 30 and 60 min samples Based on these results, we were able to determine that a 30 minute sample is sufficient for SACK analysis

19 Conclusions Internet traffic is changing KaZaa is the biggest bandwidth user (traditionally WWW) Cable modems can be optimized PEPs can help relieve ACK-compression Additional upstream bandwidth TCP can be optimized Further deployment of SACK & ECN

20 Questions?