* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download see Jose`s poster
Survey
Document related concepts
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Passive optical network wikipedia , lookup
TCP congestion control wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Serial digital interface wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Packet switching wikipedia , lookup
Quality of service wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
REU 2008-Packet Sniffer Jose Gelpi, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero A packet sniffer is an application that intercepts network packets traveling in a communication channel. They usually create a log file with information about the packet headers. The motivation for this work is the need of a new network sniffer able to perform calculations based on data from the captured packets and to filter irrelevant information that current sniffers print by default. The objective of this research is to develop a network sniffer to calculate bandwidth based on the amount of bits transmitted at the IP layer (IP packet length) during the time between two consecutive packets. That is, BW L pck _1 t pck _ 2 t pck _1 2.2. Sniffer start Two end hosts communicated in a LAN and one machine in the middle sniffing the connection is used to test the sniffer. Cross traffic is generated using the MultiGenerator MGEN. It generates synthetic traffic with variable amount and distribution. 7000000 6600000 open NIC (pcap_open_live) Capture a packet (pcap_loop hdr<- pcap_next) Calculate BW: hdr.len/(hdr.ts2-hdr.ts1) 6000000 5800000 5600000 5000000 0 Print Time BW The sniffer was evaluated in the testbed by inserting 30% and 60% of periodic cross traffic in a 10Mbps capacity link for a 10 second period. That is, inserting 3 and 6 Mbps of cross traffic to be sniffed by the tool. The traffic generation was performed with MGEN by sending 381 and 782 packets of 1024 bytes every second. An average relative error was calculated by comparing the real traffic rate given by the traffic generator with the value provided by the tool: Bandwidth error 2800000 2600000 2400000 2200000 2000000 0 1 2 3 4 5 Seconds 6 7 8 9 10 3 4 5 6 7 8 9 10 Additional packets shown in the graphs are due to control traffic generated between hosts. • The more packets to be captured per unit time, the higher the relative error. One reason for that is excessive load in the operating system. • The developed sniffer could be implemented in intermediate routers to better select network routes based on their congestion level. • Additional packet processing in the tool can be easily performed by manipulating the information in the packet headers. For example, using source and destination IP addresses to determine the traffic load for each host in the network. 5. Acknowledgments 3400000 3000000 2 Seconds 3600000 3200000 1 4. Conclusions 3. Evaluation 3800000 6200000 5200000 • By using that structure, the packet timestamp and length is used to calculate the bandwidth. • Finally, the time at which each packet is captured, its size, and the calculated bandwidth is printed out. 4000000 6400000 5400000 struct pcap_pkthdr { struct timeval ts; /* time stamp */ … bpf_u_int32 len; /* length this packet */ } Bandwidth for 3 Mbps Periodic Cross Traffic 6800000 NIC • After reading the Network Interface Card (NIC) name, the pcap_open_live function opens it in promiscuous mode. • Then pcap_loop sniff the channel and captures every packet seen by the NIC. • pcap_next stores the packet header following this structure: 2. Contribution 2.1. Testbed Bandwidth for 6 Mbps Periodic Cross Traffic The application is developed in C language using a network capturing library called PCAP. Bandwidth 1. Introduction x 100% The average relative error in the case of 3 Mbps was 1.83% and in the case of 6 Mbps was 3.75%. I want to thank to César D. Guerrero and Dr. Miguel A. Labrador for their orientations and the National Science Foundation for supporting this project. Department of Computer Science & Engineering