Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 Carnegie Mellon University Is there any value in bulk network traces? Sid Faber Member of the Technical Staff CERT/SEI.

Published byRoberta Sullivan Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2009 Carnegie Mellon University Is there any value in bulk network traces? Sid Faber Member of the Technical Staff CERT/SEI."— Presentation transcript:

1 © 2009 Carnegie Mellon University Is there any value in bulk network traces? Sid Faber Member of the Technical Staff CERT/SEI

2 2 Is there value in bulk network traces? Yes. Any questions?

3 3 What problem are you trying to solve? Trends Particular protocols Specific applications or use cases Existence When did something come on line? Who uses a service? Resiliency How networks react to an event Education

4 4 Let’s try an example. Hypothesis: Internet bandwidth grows by ~40% annually Past trends were spurred by audio downloads, then streaming audio, then video clips. Now we’re seeing adoption of online TV, and high definition video. Is video driving current bandwidth increases? Where are we at on the adoption curve? How will it impact my network?

5 5 Research plan Understand streaming protocols Find features that can identify the protocols Look for data to support the research Apply the data to the problem

6 6 Watch Three YouTube Videos

7 7 SYN (circle) FIN (square) RST (x) Activity (dot) Volume Scale Byte Volume (blue, source) Byte Volume (green, dest) Packet Count (dotted line, no scale)

8 8 Watch CNN Live

9 9 Listen to Three Songs on Pandora

10 10 Listen to Live365

11 11 Some useful general features Overall Bandwidth File Delivery protocols vs. Streaming protocols TCP flag patterns Use of Content Distribution Networks Service port (e.g, HTTP or Shockwave)

12 12 Search for data sources Criteria Ongoing data feeds Large scale trends across many network types Some Possibilities Internet2 MAWI DITL

13 13 Data Sources - Internet2 The Internet2 Observatory NetFlow v5 in flow-tools format Sampled 1:100 9 collection points Anonymized: lower 11 bits set to 0 http://www.internet2.edu/observatory/archive/proposal-process.html

14 14 Data Sources - MAWI Measurement and Analysis on the WIDE Internet Sample point F 150Mbps link 15 minute snapshot each day Unsampled Anonymized

15 15 Other Data Sources DITL Backscatter data Storm Center Daily Feed [DatCat]

16 16 Challenges: Anonymization Creates a data silo Prevents linking in any other IP data sets DNS Data Geolocation / ownership data Blacklists Not necessarily bad for our research Many providers use content distro networks Key features are address-independent Challenges from anonymization are well understood

17 17 Challenges: Sampling It’s often unavoidable Short term results are unpredictable Very significant for our research We’re very interested in bandwidth utilization Mitigated somewhat because we’re looking at high volumes Let’s take a closer look

18 18 Watch Three YouTube Videos: Original Data Data Sampled Artificially at 1:100

19 19 Watch CNN Live Original Data Data Sampled Artificially at 1:100

20 20 Challenges: Flow To this point, we’ve been essentially working with packets. Let’s take a look at the impact of applying flow aggregation and timeouts.

21 21 YouTube Videos Create flows with timeouts: 15s active 300s inactive

22 22 CNN Live Create flows with timeouts: 15s active 300s inactive

23 23 The example, revisited Is video driving current bandwidth increases? Where are we at on the adoption curve? How will it impact my network? We can work around anonymization Sampled data makes the problem very challenging Working with flow (rather than packets) adds more complexity

24 24 Back to the point of the presentation The question: Is there value in bulk network traces? The answer: Yes. A caveat: The data sources have to be tuned to the research

25 25 Conclusion A challenge: What research do you want to do with bulk network traces? How can / should we drive bulk network data collection?

26 26 Thank You Sid Faber sfaber@cert.org

Download ppt "© 2009 Carnegie Mellon University Is there any value in bulk network traces? Sid Faber Member of the Technical Staff CERT/SEI."

Similar presentations

Network Aware Forward Caching Presenter: Alexandre Gerber Jeffrey Erman, Mohammad T. Hajiaghayi, Dan Pei, Oliver Spatscheck AT&T Labs Research April 24.

Network Aware Forward Caching Presenter: Alexandre Gerber Jeffrey Erman, Mohammad T. Hajiaghayi, Dan Pei, Oliver Spatscheck AT&T Labs Research April 24.
A First Look at Modern Enterprise Traffic

A First Look at Modern Enterprise Traffic
Pouya Ostovari and Jie Wu Computer and Information Sciences

Pouya Ostovari and Jie Wu Computer and Information Sciences
A Transport Protocol for Content-Centric Networking with Explicit Congestion Control Feixiong Zhang, Yanyong Zhang (Rutgers Univ.), Alex Reznik (InterDigital),

A Transport Protocol for Content-Centric Networking with Explicit Congestion Control Feixiong Zhang, Yanyong Zhang (Rutgers Univ.), Alex Reznik (InterDigital),
Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.

Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.
New Scenarios for Portable Media Usage David Proctor Hardware Lead Microsoft Portable Media Centers.

New Scenarios for Portable Media Usage David Proctor Hardware Lead Microsoft Portable Media Centers.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers Tsung-i (Mark) Huang Jaspal Subhlok University of Houston GAN ’ 05 / May 10, 2005.

Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers Tsung-i (Mark) Huang Jaspal Subhlok University of Houston GAN ’ 05 / May 10, 2005.
Resilient Peer-to-Peer Streaming Paper by: Venkata N. Padmanabhan Helen J. Wang Philip A. Chou Discussion Leader: Manfred Georg Presented by: Christoph.

Resilient Peer-to-Peer Streaming Paper by: Venkata N. Padmanabhan Helen J. Wang Philip A. Chou Discussion Leader: Manfred Georg Presented by: Christoph.
Streaming Video Traffic: Characterization and Network Impact Kobus van der Merwe Shubho Sen Chuck Kalmanek

Streaming Video Traffic: Characterization and Network Impact Kobus van der Merwe Shubho Sen Chuck Kalmanek
EE442—Multimedia Networking Jane Dong California State University, Los Angeles.

EE442—Multimedia Networking Jane Dong California State University, Los Angeles.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 WAN Traffic Measurements There have been several studies of wide area network traffic.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.

Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.
Measurement and Monitoring Nick Feamster Georgia Tech.

Measurement and Monitoring Nick Feamster Georgia Tech.
1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.

1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.
Junxian Huang 1 Feng Qian 2 Yihua Guo 1 Yuanyuan Zhou 1 Qiang Xu 1 Z. Morley Mao 1 Subhabrata Sen 2 Oliver Spatscheck 2 1 University of Michigan 2 AT&T.

Junxian Huang 1 Feng Qian 2 Yihua Guo 1 Yuanyuan Zhou 1 Qiang Xu 1 Z. Morley Mao 1 Subhabrata Sen 2 Oliver Spatscheck 2 1 University of Michigan 2 AT&T.
Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.

Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.
Add image. 3 “ Content is NOT king ” 1950 1980 1995 today 3 40 analog cable digital cable Internet 100 infinite broadcast Time Number of TV channels.

Add image. 3 “ Content is NOT king ” today 3 40 analog cable digital cable Internet 100 infinite broadcast Time Number of TV channels.
CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.

CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Similar presentations

Ads by Google