Remote Packet Capture Internet Engineering Task Force San Diego, California Friday, June 03, 2016.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Transmission Control Protocol (TCP) Basics

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

The Design Philosophy of the DARPA Internet Protocols D. D. Clark.

CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.

IP Performance Measurements using Surveyor Matt Zekauskas Guy Almes, Sunil Kalidindi August, 1998 ISMA 98.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Public IP Telephony Introduction to VoIP Cisco Networking Academy Program.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.

1 Chapter Internetworking Part 4 (Transport Protocols, UDP and TCP, Protocol Port Numbers)

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

CS 6401 Internetworking Outline Internet Architecture Best Effort Service Model.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 5 Internet Protocol (IP) Basics.

E Multimedia Communications Anandi Giridharan Electrical Communication Engineering, Indian Institute of Science, Bangalore – , India Multimedia.

Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.

Standards for Network Administration Week-5. Standards for Network Administration 1. Management Information Base A structured database about a network.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Data and Computer Communications Chapter 11 – Asynchronous Transfer Mode.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.

Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.

Internet Protocols (chapter 18) CSE 3213 Fall 2011.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

MPLS Label Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.

PART1: IP SLA Voice Performance Measurement and related technologies 1.

1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

THE CLASSIC INTERNET PROTOCOL (RFC 791) Dr. Rocky K. C. Chang 20 September

1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,

1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Focus Group 2.B2 Network Reliability - Data Reporting & Analysis for Packet Switching NRIC V Council Meeting - June 26, 2001.

1 End-to-End Protocols User Datagram Protocol (UDP) Transmission Control Protocol(TCP)

1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.

EGEE is a project funded by the European Union under contract IST Study of Performance Standards, kick off (Task 1.1.1) Robert Stoy DFN EGEE.

IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.

Understanding “Virtual” Networks J.J. Ekstrom Fall 2011.

K. Salah1 Security Protocols in the Internet IPSec.

2: Transport Layer 11 Transport Layer 1. 2: Transport Layer 12 Part 2: Transport Layer Chapter goals: r understand principles behind transport layer services:

Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.

P2MP LSP for IPTV 이동 무선 네트워크 연구실 홍 석 준

1 Chapter 24 Internetworking Part 4 (Transport Protocols, UDP and TCP, Protocol Port Numbers)

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

IPSec Detailed Description and VPN

Development of a Simulator for the HANARO Research Reactor (Communication Protocol) H.S. Jung.

Cybersecurity First Principles

IPv6 / IP Next Generation

IPSec IPSec is communication security provided at the network layer.

Network and Services Management

Chapter 8: Monitoring the Network

Security Protocols in the Internet

Introduction Lecture 1.

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

CPEG514 Advanced Computer Networkst

Chapter 15. Internet Protocol

The Transport Layer Chapter 6.

Presentation transcript:

Remote Packet Capture Internet Engineering Task Force San Diego, California Friday, June 03, 2016

3 June 2016 Problem Accessing packets of interest is difficult Existing technology is/are becoming inadequate –RMON filter/capture Constrained by resources Pull technology –SMON port copy Full duplex port replication suffers from congestion issues, which impact packet capture reliability Full packet replication limits what you can do with captured stream Distributed monitoring makes the problem even more interesting

3 June 2016 Need An improved packet capture paradigm –Designed as a service? Simple Standardizable Assured operation –Support existing IPPM metrics Type-P* metrics Path determination –Facilitate/enable new measurements

3 June 2016 PCAP Requirements Integrated high performance packet capture –Reliable/sustained stream capture Flexible packet selection strategies Support IPPM framework and metrics –RFC 2330 Framework for IP Performance Metrics –RFC 2678 IPPM Metrics for Measuring Connectivity –RFC 2679 A One-Way Delay Metric for IPPM –RFC 2680 A One-Way Packet Loss Metric for IPPM –RFC 2681 A Round-trip Delay Metric for IPPM Minimize privacy impact

3 June 2016 Application Enhanced SMON Port Copy Facility Full ICMP Packet Capture + Timestamp IP + Transport Header Capture + Pkt Len + Timestamp MPLS Label Capture + Pkt Len + Timestamp

3 June 2016 Applications IPPM Type-P* “Whatever” Metrics Monitor Switch End system End system IP + Transport Header Capture + Pkt Len + Timestamp Full ICMP Packet Capture + Timestamp

3 June 2016 Recommendations Integrated packet filter/capture –Devise a simple strategy –that is high performance friendly (OC-192) Exploit benefit of SMON PortCopy –Get packet off the box as soon as possible Address SMON PortCopy congestion issues –Partial packet capture Variable packet header capture Label capture Enable better packet dispostion –Capture packet encapsulation and transport

3 June 2016 Approach Packet Capture encapsulation header –Support Distributed Multipoint Monitoring Source identification –Source component identifier –Interface identifier –Direction –Assured packet capture Sequence numbering –IPPM Conformant Timestamp –Variable length capture payload Captured packet transport –Layer 2 transport –Layer 3 transport

3 June 2016 Draft PCAP Header | Source Identifier | | ifIndex | Interface Type | | Status | Length | | Sequence Number | | Time Stamp (sec) | | Time Stamp (nsec) | | | | Captured Packet Data | | |

3 June 2016 Privacy Packet capture perceived as threat to privacy Selective/partial packet capture –Protocol Specific Content separation Authorized content capture Limited header capture –Captured content protection Unauthorized modification Unauthorized disclosure