SHARKFEST ‘10 | Stanford University | June 14–17, 2010 To the Terabyte and Beyond! Leveraging Pilot and Wireshark to Analyze Truly Massive Packet Traces.

Slides:



Advertisements
Similar presentations
SHARKFEST 10 | Stanford University | June 14–17, 2010 Where NetFlow and Packet Capture Complement Each Other June 17 th, 2010 Michael Patterson CEO | Plixer.
Advertisements

Case Study: Photo.net March 20, What is photo.net? An online learning community for amateur and professional photographers 90,000 registered users.
SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –
SHARKFEST '09 | Stanford University | June 15–18, 2009 WinPcap Dos and Donts Wednesday, June 17 th, 2009 Gianluca Varenni Senior Software Engineer | CACE.
1 Log-Structured File Systems Hank Levy. 2 Basic Problem Most file systems now have large memory caches (buffers) to hold recently-accessed blocks Most.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Operating a Flexible Network Monitoring Infrastructure June 17, 2010 Dr Stephen Donnelly Core Software.
Crash Recovery John Ortiz. Lecture 22Crash Recovery2 Review: The ACID properties  Atomicity: All actions in the transaction happen, or none happens 
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.
Lars Arge 1/43 Big Terrain Data Analysis Algorithms in the Field Workshop SoCG June 19, 2012 Lars Arge.
Top Causes for Poor Application Performance Case Studies Mike Canney.
SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST.
Backing Up a Hard Disk CGS2564. Why Backup Programs? Faster Optimized to copy files Can specify only files that have changed Safer Can verify backed up.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Introduction to Network Analysis and Sniffer Pro
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.
Symantec De-Duplication Solutions Complete Protection for your Information Driven Enterprise Richard Hobkirk Sr. Pre-Sales Consultant.
1 Advanced Database Technology February 12, 2004 DATA STORAGE (Lecture based on [GUW ], [Sanders03, ], and [MaheshwariZeh03, ])
CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Hardware: Input, Processing, and Output Devices Chapter 3.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
Module 8: Monitoring SQL Server for Performance. Overview Why to Monitor SQL Server Performance Monitoring and Tuning Tools for Monitoring SQL Server.
Instructions Slides 3,4,5 are general questions that you should be able to answer. Use slides 6-27 to answer the questions. Write your answers in a separate.
Transactions and Reliability. File system components Disk management Naming Reliability  What are the reliability issues in file systems? Security.
Introduction to computers. What is a personal computer? Capacity: Large hard disks combined with a large working memory (RAM) Speed: Fast. Normally measured.
Database Storage Considerations Adam Backman White Star Software DB-05:
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Suggested Exercise 9 Sarah Diesburg Operating Systems CS 3430.
MCTS Guide to Microsoft Windows Vista Chapter 11 Performance Tuning.
MCTS Guide to Microsoft Windows 7
Flash An efficient and portable Web server. Today’s paper, FLASH Quite old (1999) Reading old papers gives us lessons We can see which solution among.
Principles of Information Systems, Sixth Edition Hardware: Input, Processing, and Output Devices Chapter 3.
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Protocol Analysis in a Complex Enterprise April 2 nd, 2008 Hansang Bae Senior VP | Citigroup.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.
Introduction to Wireshark Making Sense of the Matrix
Data Warehousing 1 Lecture-24 Need for Speed: Parallelism Virtual University of Pakistan Ahsan Abdullah Assoc. Prof. & Head Center for Agro-Informatics.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
1 Computer and Network Bottlenecks Author: Rodger Burgess 27th October 2008 © Copyright reserved.
Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.
Introduction to DFS. Distributed File Systems A file system whose clients, servers and storage devices are dispersed among the machines of a distributed.
Increasing Web Server Throughput with Network Interface Data Caching October 9, 2002 Hyong-youb Kim, Vijay S. Pai, and Scott Rixner Rice Computer Architecture.
Serverless Network File Systems Overview by Joseph Thompson.
CS 153 Design of Operating Systems Spring 2015 Lecture 22: File system optimizations.
Packet Capture and Analysis: An Introduction to Wireshark 1.
11.1Database System Concepts. 11.2Database System Concepts Now Something Different 1st part of the course: Application Oriented 2nd part of the course:
Prospects for the use of remote real time computing over long distances in the ATLAS Trigger/DAQ system R. W. Dobinson (CERN), J. Hansen (NBI), K. Korcyl.
Principles of Information Systems, Sixth Edition Hardware: Input, Processing, and Output Devices Chapter 3.
Hyperion :High Volume Stream Archival Divya Muthukumaran.
1 ECE 526 – Network Processing Systems Design System Implementation Principles I Varghese Chapter 3.
Lecture Topics: 11/22 HW 7 File systems –block allocation Unix and NT –disk scheduling –file caches –RAID.
Meeting with University of Malta| CERN, May 18, 2015 | Predrag Buncic ALICE Computing in Run 2+ P. Buncic 1.
VVols with Adaptive Flash and InfoSight Analytics 1 Manchester Virtualisation User Group Rich Fenton (Nimble North Senior Systems Engineer)
Introduction to Performance Tuning Chia-heng Tu PAS Lab Summer Workshop 2009 June 30,
Sarah Diesburg Operating Systems COP 4610
Computer Hardware Mr. Singh ICS2O.
Distributed File Systems
MCTS Guide to Microsoft Windows 7
Wireshark CSC8510 David Sivieri.
Log-Structured File Systems
Log-Structured File Systems
CherryPick: Adaptively Unearthing the Best
Log-Structured File Systems
Sarah Diesburg Operating Systems CS 3430
Log-Structured File Systems
Performance and Energy
Reliable Packet Captures
Presentation transcript:

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 To the Terabyte and Beyond! Leveraging Pilot and Wireshark to Analyze Truly Massive Packet Traces June 17, 2010 Loris Degioanni CTO | CACE Technologies SHARKFEST ‘10 Stanford University June 14-17, 2010

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Packet Aquisition

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Capture Card Dedicated card is essential – No network stack overhead – Minimizes copies – Optimizes locality – Filtering capability in the card normally not really useful Unless in some unusual conditions, the application wants to see everything PCI bus is the only resource that card filtering optimizes Any tap nowadays can do basic filtering – Small packets is the worst condition CACE Turbocap – Hybrid between home-built and off the shelf – No unnecessary features (who needs filtering?) – Affordable price

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 CPU Bottlenecks – CPU clock (expensive) – Number of CPUS (cheap) Multi-threading hard to leverage when capturing and processing network packets – Network monitoring is intrinsically sequential Locking is evil – Doing things more than once is better than locking At 10Gbps, cache coherency is a big deal Small packets is the worst condition

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Disk Bottlenecks – Single disk write speed – Number of spindles – Raid Controller – Big packets is the worst condition Solid State? Not a good idea yet – Single disk performance is not really the bottleneck – Cost is an important factor when you build a system with tens of disks – Reliability not as proven as the old magnetic disks

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Disk write speed based on position

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 I can capture a lot of packets. Now what? Read of packets must be non-disruptive! Even if I stop the capture process, since I was writing at full speed, reading the data is going to take around the same time of writing it – Read needs to be localized – I need high level visibility to reach the point I need Indexing

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Standalone card vs. kit A network card nowadays is not enough to build a functional packet capture system.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Indexing While capturing, on a Shark Appliance capture job On a trace file, after the fact Summary of the network traffic – Volume, talkers and protocol information – Coordinated with the packet store – “Netflow on steroids” Designed to be extremely efficient in terms of disk usage Coordinated with the packet store

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Indexing Index file Time intervals File Positions Time index pcap file Index entry Packet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.