Download Java - Universität Stuttgart

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts
no text concepts found
Transcript 
Web-based Internet Traffic
Analysis Using Flows
[email protected]
Siegfried Löffler
Paul Christ [email protected]
[email protected]
Martin Lorang
6th Open Workshop for High Speed Networks, Stuttgart, October 1997
Outline

Existing Traffic Analysis Tools

Traditional Solutions

Web-Based Products

Using Flows for Traffic Analysis

The IETF Realtime Traffic Flow Measurement (RTFM)
Architecture

Writing Web based Applications

Implementation of a RTFM analysis application in Java

Conclusions
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Traditional Traffic Analysis
- tcpdump:
Put Network Adapter Driver into „Promiscuous“ Mode. High CPU and
Bus Load.
- „libpcap“ Packet Capturing Library
-
-
- ASCII / Hex dump of all Packets - High Volume Output
SNMP Counters:
- Several Products (HP OpenView, ...) for Graphical Display.
RMON/RMON2: Probes can be placed in interesting points
Problems:
 Hard to find „interesting“ packets with
tools like tcpdump.
 Not enough Information with tools
showing only counters.
 No Web Interface
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Existing Web-based Developments

Trend: Network
Management-Tools use
the WWW as User
Interface

mrtg - Multi Router
Traffic Grapher

Many Projects Usually limited to the
(static) display of
SNMP counters.
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Existing Web-based Developments



Java-based Network Management Products - Adventnet, IBM
and some others.
AdventNet
“NetMonitor”:
Toolkit to create
own SNMP Java
Applets with a
visual builder
(Generates Java
Code)
SNMPv2c
Class Libraries
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Flows



Claffy, Braun and Polyzos “A parametrizable methodology for
Internet traffic flow profiling”
Try to identify sequences of packets as one flow, avoiding the
necessity to check for connection establishment/end packets.
Data packets have to match criteria that have been chosen for the
flow („Flow Specification“)
Packet Arrivals
Packet matches Flow Specification for Flow 1
Checkpoints
Time
Begin
Flow 1
Duration
Flow 1
Last
Timeout:
Packet End Flow 1
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Flows & Traffic Analysis

Cisco: NetFlow Data Export

OC3MON: Flow Measurement at 150 Mbit/s ATM OC-3
(NLANR, MCI)

Hardware

Modified FORE Firmware

Software: DOS; telnet; ASCII
OC3MON PC
Fore PCA200-PCI


OC12MON
IETF RTFM Architecture
Fore PCA200-PCI
Optical
splitters
Ethernet
Network Card
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
The IETF RTFM Architecture



Architecture: RFC 2063
Initally aimed at Accounting
(RFC 1272)
Experiences with NeTraMet
(RFC 2123)
by Nevil Brownlee, Univ.
Auckland, New Zealand
 Free
 UNIX, DOS
 Configurable
 OC3MON Version
Meter
Manager
Meter Reader
Analysis Application
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Programming for the Web




Programming for
the Web: CGI,
JavaScript, Java.
CGI programs runs
on Web Server and
produce HTML
output (static).
Java Programs
allow non-static
interaction.
Java is Platform
independent
CGI Progams run on Web Server:
Server
Machine
Client
Machine
Internet
CGI
Java Programs run in Client Web Browser:
Client
Machine
Server
Machine
Web
Server
Internet
Program I/O
Path over which the Program is Loaded
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Java
VM
Java Security


Socket Connections are only allowed to Web Server (where
Code has been loaded from) or to local machine.
Solution: Secure Applet Server (SAS) runs on Web Server
and redirects SNMP traffic.
Server
Machine
Web
Server
Java VM
Client Machine
Internet
Java VM
SNMP
APPLET
SAS
SERVER
SNMP Traffic
SNMP Agent
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Analysis Application in Java




Display of the current
Traffic on the Network in
“Real Time” inside of a Web
Browser.
Netscape on Pent 166:
Reads about 300 flow
records in 10 seconds
Object-Oriented Code
should allow integration
into a web-based
management environment.
Displayed Information:
X-Axis:
Flow Duration
Y-Axis:
PDU Count
Symbol: Flow Kind
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
FLuid / Flow Information



Child window for each
flow, updated after each
query.
Currently those windows
can just display counters
for the selected flows.
It would be interesting to
allow creation of graphs
etc.
N. Brownlee is working
on adding “distributions”
to the Architecture - could
then add distribution
analysis for each flow.
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Conclusions / Outlook




Possible to write RTFM applications / applets in Java Security Restrictions can be resolved, Java is fast enough to
transfer the packaged flow table in a reasonable time.
Implementation works, more functionality has to be added.
(Currently no additional functionality compared to the
NeTraMet Analysis Applications)
Object Oriented Effort useful (Code Reuse) - Network
Management Applications usually have to be customized to
fulfill the local requirements.
Interesting to work on Flows for Traffic Measurement and
Analysis in order to make the Flow paradigm eventually
applicable to Resource Reservation and Switching
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
More Information

Our Work:
http://ksoc3mon2.rus.uni-stuttgart.de/diplom
http://www.mathematik.uni-stuttgart.de/~floeff

IETF RTFM WG:
http://www.ietf.org/html.charters/rtfm-charter.html

NeTraMet:
ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet

OC3MON/OC12MON:
http://www.nlanr.net/NA

AdventNet Java & SNMP:
http://www.adventnet.com
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Related documents
Chapter 1 questions
Chapter 1 questions
Stuttgart
Stuttgart
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Java QUIZ
Java QUIZ
slides
slides
Introduction to Java - Brookwood High School
Introduction to Java - Brookwood High School
slides
slides
powerpoint 1
powerpoint 1
Struktur VRS
Struktur VRS
D square recruits Flex - junior
D square recruits Flex - junior
Get Smart About Your Business
Get Smart About Your Business
Universität Stuttgart
Universität Stuttgart