Analysis of UDP Traffic Usage on Internet Backbone Links* Min Zhang Maurizio Dusi Wolfgang John *This study was performed while authors visited CAIDA at.

Slides:

Advertisements

Similar presentations

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Advertisements

Review of a research paper on Skype

Centre de Comunicacions Avançades de Banda Ampla (CCABA) Universitat Politècnica de Catalunya (UPC) Identification of Network Applications based on Machine.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP

Detecting P2P Traffic from the P2P Flow Graph Jonghyun Kim Khushboo Shah Stephen Bohacek Electrical and Computer Engineering.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

An Analysis of Internet Content Delivery Systems Stefan Saroiu, Krishna P. Gommadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy Proceedings of.

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

Who Talks to Whom: Using BGP Data for Scaling Interdomain Resource Reservation Ping Pan and Henning Schulzrinne Columbia University ISMA Workshop – Leiden,

Reliable Networking Systems The goals: Implement a reliable network application of a file sharing network. Implement a reliable network application of.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Reduced TCP Window Size for Legacy LAN QoS Niko Färber July 26, 2000.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Assessing the Nature of Internet traffic: Methods and Pitfalls Wolfgang John Chalmers University of Technology, Sweden together with Min Zhang Beijing.

Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

Analyzing Peer-to-Peer Traffic Across Large Networks Jia Wang Joint work with Subhabrata Sen AT&T Labs - Research.

Ensuring the Reliability of Data Delivery © 2004 Cisco Systems, Inc. All rights reserved. Understanding How UDP and TCP Work INTRO v2.0—6-1.

Module 1: Reviewing the Suite of TCP/IP Protocols.

Traffic Classification through Simple Statistical Fingerprinting M. Crotti, M. Dusi, F. Gringoli, L. Salgarelli ACM SIGCOMM Computer Communication Review,

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Cs423-cotter1 P2P Discovering P2P (Miller) Internet.

A One Year Study of Internet IPv6 Traffic Haakon Ringberg Craig Labovitz Danny McPherson Scott.

Examining TCP/IP.

Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.

Doc.: IEEE /0961r0 Submission July 2012 Alex Ashley, NDS LtdSlide 1 Layer 2 Service Discovery Protocols Date: Authors:

MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.

11 TRANSPORT LAYER PROTOCOLS Chapter 6 TCP and UDP SPX and NCP.

ACN: RED paper1 Random Early Detection Gateways for Congestion Avoidance Sally Floyd and Van Jacobson, IEEE Transactions on Networking, Vol.1, No. 4, (Aug.

Network – internet – part2  Address at diff. layers  Headers at diff. layers  Equipment at diff. layers.

Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers.

Thomas Silverston, Olivier Fourmaux NOSSDAV ‘07 Presenter: Chen

Measuring the Congestion Responsiveness of Internet Traffic Ravi Prasad & Constantine Dovrolis Networking and Telecommunications Group College of Computing.

Heuristics to Classify Internet Backbone Traffic based on Connection Patterns Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering.

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University DATA CLASSIFICATION FOR CLASSIFIER.

Mapping the Gnutella Network: Properties of Large-Scale Peer-to-Peer Systems and Implications for System Design Authors: Matei Ripeanu Ian Foster Adriana.

TCP and UDP Ports. 1.The TCP part of TCP/IP stands for Transmission Control Protocol, and it is a reliable transport-oriented way for information to be.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Télécom R&D Guillaume Urvoy-Keller, Ernst.

Precision Measurements with the EVERGROW Traffic Observatory Péter Hága István Csabai.

1 Long-Range Dependence in a Changing Internet Traffic Mix STATISTICAL and APPLIED MATHEMATICAL SCIENCES INSTITUTE Félix Hernández-Campos Don Smith Department.

1 Apricot2001 Effectiveness of VLAN Chan Wai Kok Faculty of Information Technology Salim Beg Faculty of Engineering.

ECEN 619, Internet Protocols and Modeling Prof. Xi Zhang Random Early Detection Gateways for Congestion Avoidance Sally Floyd and Van Jacobson, IEEE Transactions.

#16 Application Measurement Presentation by Bobin John.

Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang

Performance Evaluation of L3 Transport Protocols for IEEE (2 nd round) Richard Rouil, Nada Golmie, and David Griffith National Institute of Standards.

1 14-Jun-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.

Master’s Project Presentation

The Devil and Packet Trace Anonymization

Khiem Lam Jimmy Vuong Andrew Yang

Transport Layer Identification of P2P Traffic

Who is the King of the Hill? Traffic Analysis over a 4G Network

The Impact of Multihop Wireless Channel on TCP Performance

“Promoting the Use of End-to-End Congestion Control in the Internet”

Transport Layer Identification of P2P Traffic

Unconstrained Endpoint Profiling (Googling the Internet)‏

Point-to-Point Network Switching

Presentation transcript:

Analysis of UDP Traffic Usage on Internet Backbone Links* Min Zhang Maurizio Dusi Wolfgang John *This study was performed while authors visited CAIDA at UCSD under supervision of kc claffy

Outline  Motivation  Dataset description  Analysis of UDP traffic usage  UDP/TCP ratio  Per-port analysis  Conclusion

Motivation  Is there an increase in UDP traffic?  Internet fairness and stability concerns  Where does additional UDP traffic stem from?  P2P applications (e.g. uTP protocol)?  IPTV applications?  Other unexpected reasons?  Study variability in data sets  differences of geographical locations, times, networks?

Datasets TimeLengthNetwork location Geogr. location CAIDA-OC hourTier1 backboneUS CAIDA-OC hourTier1 backboneUS GigaSUNET minTier2 backboneSweden OptoSUNET minTier2-Tier1 connection Sweden

Analysis (1)  Number of UDP flows has increased since 2002;  TCP still carries most of packets and bytes.

Analysis (2)  Before 2003: around 40% of UDP flows run on ports below 1024;  After 2003:usage of ephemeral ports (>1024) has become common;  Today:around 95% of the UDP flows run on ports >1024.  top-used ports (in terms of flows):  DNS, NTP and NetBios  P2P applications  4672, 4665 (eDonkey)  6881 (BitTorrent)  6346 (Gnutella)  6257 (WinMX)

Analysis (3)  Top-ten ports: fewer than 7 packets and less than 10KB on average.  Larger UDP flows appear mainly in the older traces, suggesting a drift in usage of UDP toward small (signaling) flows.

Summary  We investigate the trend of UDP traffic since 2002 a cross networks: from Tier1 and Tier2, different geographical locations  Number of UDP flows has increased  TCP is still the dominant transport protocol in terms of bytes and packets  Most UDP flows use ports > 1024 instead of traditional UDP service ports  Flows on ephemeral and P2P ports carry few packets and little data  Preliminary conclusion:  Current increases in UDP traffic are mainly due to signaling traffic of P2P applications.  Next steps?  Verifying the preliminary conclusion by more detailed analysis.  Continuing to monitor available data, to track trends of UDP usage.  Comparing to data from China (UDP-based IPTV is already common).  Investigating if UDP patterns can be used as a signature for traces, in order to infer usage patterns?