Download see Jose`s poster

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Peering wikipedia , lookup

Passive optical network wikipedia , lookup

TCP congestion control wikipedia , lookup

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Serial digital interface wikipedia , lookup

IEEE 1355 wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

RapidIO wikipedia , lookup

Net bias wikipedia , lookup

Packet switching wikipedia , lookup

Quality of service wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Transcript 
REU 2008-Packet Sniffer
Jose Gelpi, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero
A packet sniffer is an application that intercepts network
packets traveling in a communication channel. They usually
create a log file with information about the packet headers.
The motivation for this work is the need of a new network
sniffer able to perform calculations based on data from the
captured packets and to filter irrelevant information that
current sniffers print by default.
The objective of this research is to develop a network
sniffer to calculate bandwidth based on the amount of bits
transmitted at the IP layer (IP packet length) during the time
between two consecutive packets. That is,
BW 
L pck _1
t pck _ 2  t pck _1
2.2. Sniffer
start
Two end hosts communicated in a LAN and one machine
in the middle sniffing the connection is used to test the
sniffer. Cross traffic is generated using the MultiGenerator MGEN. It generates synthetic traffic with
variable amount and distribution.
7000000
6600000
open NIC
(pcap_open_live)
Capture a packet
(pcap_loop
hdr<- pcap_next)
Calculate BW:
hdr.len/(hdr.ts2-hdr.ts1)
6000000
5800000
5600000
5000000
0
Print
Time BW
The sniffer was evaluated in the testbed by inserting 30% and 60% of periodic cross traffic in a
10Mbps capacity link for a 10 second period. That is, inserting 3 and 6 Mbps of cross traffic to be
sniffed by the tool. The traffic generation was performed with MGEN by sending 381 and 782
packets of 1024 bytes every second.
An average relative error was calculated by
comparing the real traffic rate given by the traffic
generator with the value provided by the tool:
Bandwidth
error 
2800000
2600000
2400000
2200000
2000000
0
1
2
3
4
5
Seconds
6
7
8
9
10
3
4
5
6
7
8
9
10
Additional packets shown in the graphs are due to
control traffic generated between hosts.
• The more packets to be captured per unit time, the
higher the relative error. One reason for that is
excessive load in the operating system.
• The developed sniffer could be implemented in
intermediate routers to better select network routes
based on their congestion level.
• Additional packet processing in the tool can be easily
performed by manipulating the information in the
packet headers. For example, using source and
destination IP addresses to determine the traffic load
for each host in the network.
5. Acknowledgments
3400000
3000000
2
Seconds
3600000
3200000
1
4. Conclusions
3. Evaluation
3800000
6200000
5200000
• By using that structure, the packet timestamp and
length is used to calculate the bandwidth.
• Finally, the time at which each packet is captured, its
size, and the calculated bandwidth is printed out.
4000000
6400000
5400000
struct pcap_pkthdr {
struct timeval ts; /* time stamp */
…
bpf_u_int32 len; /* length this packet */
}
Bandwidth for 3 Mbps Periodic Cross
Traffic
6800000
NIC
• After reading the Network Interface Card (NIC) name,
the pcap_open_live function opens it in promiscuous
mode.
• Then pcap_loop sniff the channel and captures every
packet seen by the NIC.
• pcap_next stores the packet header following this
structure:
2. Contribution
2.1. Testbed
Bandwidth for 6 Mbps Periodic Cross
Traffic
The application is developed in C language using a
network capturing library called PCAP.
Bandwidth
1. Introduction
x

100%
The average relative error in the case of 3 Mbps
was 1.83% and in the case of 6 Mbps was
3.75%.
I want to thank to César D. Guerrero and Dr. Miguel A.
Labrador for their orientations and the National Science
Foundation for supporting this project.
Department of Computer Science & Engineering
Related documents
Network Packet Sniffer
Network Packet Sniffer
Web Services Using Visual .NET
Web Services Using Visual .NET
幻灯片 1 - University of New South Wales
幻灯片 1 - University of New South Wales
Impact of Computers on Society
Impact of Computers on Society
The World of the Internet
The World of the Internet
Computer Networks - Career Center Construction Technology
Computer Networks - Career Center Construction Technology
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
McGill University Monday, Sept 21 st 2009
McGill University Monday, Sept 21 st 2009
1. Application layer, Transport layer, Internet layer, Link layer 2
1. Application layer, Transport layer, Internet layer, Link layer 2
EQ23854856
EQ23854856
Powerpoint
Powerpoint
Document
Document
Assignment Group A1
Assignment Group A1
11 Further Reading Although the tool used primarily in this book is
11 Further Reading Although the tool used primarily in this book is
Part 1 R1 What is the difference between a host and an end system
Part 1 R1 What is the difference between a host and an end system
Artificial Intelligence in Networking: Ant Colony Optimization
Artificial Intelligence in Networking: Ant Colony Optimization
The Titans and the 12 Great Olympians
The Titans and the 12 Great Olympians
The Titans and the 12 Great Olympians
The Titans and the 12 Great Olympians
Datasheet - EnOcean Alliance
Datasheet - EnOcean Alliance
Powerpoint
Powerpoint
NetworkingReview
NetworkingReview
Computer Networks (CSC 345)
Computer Networks (CSC 345)