Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote Packet Capture Internet Engineering Task Force San Diego, California Friday, June 03, 2016.

Published byBrianne Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Remote Packet Capture Internet Engineering Task Force San Diego, California Friday, June 03, 2016."— Presentation transcript:

1 Remote Packet Capture Internet Engineering Task Force San Diego, California Friday, June 03, 2016

2 3 June 2016 Problem Accessing packets of interest is difficult Existing technology is/are becoming inadequate –RMON filter/capture Constrained by resources Pull technology –SMON port copy Full duplex port replication suffers from congestion issues, which impact packet capture reliability Full packet replication limits what you can do with captured stream Distributed monitoring makes the problem even more interesting

3 3 June 2016 Need An improved packet capture paradigm –Designed as a service? Simple Standardizable Assured operation –Support existing IPPM metrics Type-P* metrics Path determination –Facilitate/enable new measurements

4 3 June 2016 PCAP Requirements Integrated high performance packet capture –Reliable/sustained stream capture Flexible packet selection strategies Support IPPM framework and metrics –RFC 2330 Framework for IP Performance Metrics –RFC 2678 IPPM Metrics for Measuring Connectivity –RFC 2679 A One-Way Delay Metric for IPPM –RFC 2680 A One-Way Packet Loss Metric for IPPM –RFC 2681 A Round-trip Delay Metric for IPPM Minimize privacy impact

5 3 June 2016 Application Enhanced SMON Port Copy Facility Full ICMP Packet Capture + Timestamp IP + Transport Header Capture + Pkt Len + Timestamp MPLS Label Capture + Pkt Len + Timestamp

6 3 June 2016 Applications IPPM Type-P* “Whatever” Metrics Monitor Switch End system End system IP + Transport Header Capture + Pkt Len + Timestamp Full ICMP Packet Capture + Timestamp

7 3 June 2016 Recommendations Integrated packet filter/capture –Devise a simple strategy –that is high performance friendly (OC-192) Exploit benefit of SMON PortCopy –Get packet off the box as soon as possible Address SMON PortCopy congestion issues –Partial packet capture Variable packet header capture Label capture Enable better packet dispostion –Capture packet encapsulation and transport

8 3 June 2016 Approach Packet Capture encapsulation header –Support Distributed Multipoint Monitoring Source identification –Source component identifier –Interface identifier –Direction –Assured packet capture Sequence numbering –IPPM Conformant Timestamp –Variable length capture payload Captured packet transport –Layer 2 transport –Layer 3 transport

9 3 June 2016 Draft PCAP Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ifIndex | Interface Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (sec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (nsec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Captured Packet Data | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

10 3 June 2016 Privacy Packet capture perceived as threat to privacy Selective/partial packet capture –Protocol Specific Content separation Authorized content capture Limited header capture –Captured content protection Unauthorized modification Unauthorized disclosure

Download ppt "Remote Packet Capture Internet Engineering Task Force San Diego, California Friday, June 03, 2016."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Transmission Control Protocol (TCP) Basics

Transmission Control Protocol (TCP) Basics
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
The Design Philosophy of the DARPA Internet Protocols D. D. Clark.

The Design Philosophy of the DARPA Internet Protocols D. D. Clark.
CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.

CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.
IP Performance Measurements using Surveyor Matt Zekauskas Guy Almes, Sunil Kalidindi August, 1998 ISMA 98.

IP Performance Measurements using Surveyor Matt Zekauskas Guy Almes, Sunil Kalidindi August, 1998 ISMA 98.
IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.

Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Public IP Telephony Introduction to VoIP Cisco Networking Academy Program.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Public IP Telephony Introduction to VoIP Cisco Networking Academy Program.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Similar presentations

Ads by Google