Presentation is loading. Please wait.

Presentation is loading. Please wait.

First step into Trace Analysis. What is Trace Measurement data from real world networks Wired networks: netflow traces Wireless networks: Association.

Published byBrittany Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "First step into Trace Analysis. What is Trace Measurement data from real world networks Wired networks: netflow traces Wireless networks: Association."— Presentation transcript:

1 First step into Trace Analysis

2 What is Trace Measurement data from real world networks Wired networks: netflow traces Wireless networks: Association trace, encouter trace…… More general traces which represent other types of networks: GPS trace (Cabspoting)

3 Different types of Traces Encounter traces The Intel/Cambridge Haggle/Pocket Switch Network project The U of Toronto PDA-based encounter experiments Your own encounter trace Cellphone traces MIT Reality Mining: encounter, location of users (by cellphone tower/bluetooth), call log

4 Different types of Traces WLAN traces UF traces, USC traces, Dartmouth Vehicular traces Cabspotting

5 Format of UF WLAN trace The format shown below is not the format from raw trace data Association Trace Login Trace LOGIN

6 Format of UF WLAN trace Logout trace LOGOUT

7 The TRACE framework Trace Analyze Employ (Modeling & Protocol Design) Characterize (Cluster) Represent MobiLib

8 Analyze the trace You should have your own perspective about what to investigate Make sure that the trace itself or together with some other possible resource can provide enough information you need Decide a scheme to parse the trace or decide what kind of tools(database…) to use to get the information out of trace in your desired format (representation)

9 Analyze the trace Now, its time to sit down and extract useful information from the trace! Then, you already convert the trace into a special representation or format. Try to identify a way to analyze it, many possibilities

10 Example Study the daily user flow relationship among locations From the association trace, we can build a network among all the building around campus If there is a user which first associates with one AP in Building A and then go to Building B and make another association, we draw an edge between A and B The weight of the edge donates the number of users transition from A to B in a day

11 Cont Representation Matrix with (a,b) donates the outflux from A to B Then process the trace and populate the entries of the matrix, in the same run you may also want to get some other details (lags, sequence….)

12 Cont Get your results Analyze it with any software, algorithm you want

13

14

15 Access Points Syslogs Users are reported by MAC addresses When they associate with a AP When they disaccosiate from a AP When they roam away from a AP When some other event happens (error in packet checksum, max retry for a packet reached, etc.)

16 Authentication server syslogs The authentication server reports the following events DHCP lease – IP xxx is given to MAC yyy User log in – User Gatorlink-ID logs in from MAC yyy User log out – User Gatorlink-ID logs out, and it has been online for time ttt, sent/received bbb bytes Every 30 minutes, each online user is reported for its traffic usage in the past 30 mins

17 Tricks of Trace Processing Identify a common format that you can convert multiple traces into I use one file for each user, within each file, each line represents “time location duration” Abuse your hard drive Keep intermediate results if they take long time to generate.... You will thank your former self years after you generated those files

Download ppt "First step into Trace Analysis. What is Trace Measurement data from real world networks Wired networks: netflow traces Wireless networks: Association."

Similar presentations

1 Fault Analysis for Large-scale Campus-wide Wireless Networks Jian Chen 01-15-2009 Department of CS, Tsinghua University, Beijing, China.

1 Fault Analysis for Large-scale Campus-wide Wireless Networks Jian Chen Department of CS, Tsinghua University, Beijing, China.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.

Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
DHCP Security Analysis Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003.

DHCP Security Analysis Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC 27708 Analysis of a Campus-wide Wireless Network February 13,

1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC Analysis of a Campus-wide Wireless Network February 13,
Analysis of a Campus-wide Wireless Network David Kotz Kobby Essien Dartmouth College September 2002.

Analysis of a Campus-wide Wireless Network David Kotz Kobby Essien Dartmouth College September 2002.
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:

Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
By Libo Song and David F. Kotz Computer Science,Dartmouth College.

By Libo Song and David F. Kotz Computer Science,Dartmouth College.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.

Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.
Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.

Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Low Latency Wireless Video Over 802.11 Networks Using Path Diversity John Apostolopolous Wai-tian Tan Mitchell Trott Hewlett-Packard Laboratories Allen.

Low Latency Wireless Video Over Networks Using Path Diversity John Apostolopolous Wai-tian Tan Mitchell Trott Hewlett-Packard Laboratories Allen.
UMass DieselNet: A Disruption-Tolerant Network Testbed John Burgess Department of Computer Science UMass Amherst John Burgess Department of Computer Science.

UMass DieselNet: A Disruption-Tolerant Network Testbed John Burgess Department of Computer Science UMass Amherst John Burgess Department of Computer Science.
Mobility Models and Traces Wei-jen Hsu Advised by Dr. Ahmed Helmy Presented in CIS6930 class, Spring 2008.

Mobility Models and Traces Wei-jen Hsu Advised by Dr. Ahmed Helmy Presented in CIS6930 class, Spring 2008.
What’s New in Fireware XTM v11.8.1 WatchGuard Training.

What’s New in Fireware XTM v WatchGuard Training.
Network Simulation Internet Technologies and Applications.

Network Simulation Internet Technologies and Applications.
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Similar presentations

Ads by Google