WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring
Transcript of WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring
![Page 1: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/1.jpg)
WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring and Analysis System
POSTECH DPE Lab.권 순선
![Page 2: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/2.jpg)
2
Contents
? Introduction? Related Work? System Requirements? System Design? Implementation? Demo & Our experience? Conclusion and Future work
![Page 3: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/3.jpg)
3
Introduction
?More systems are connected to the network ?More applications are developed with direct
relation with network? The popularity of Internet and WWW? Increasing network traffic!!!
![Page 4: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/4.jpg)
4
Introduction(2)
? Network traffic analysis became an important factor
? how much traffic is transferred?? what type of traffic is transferred?? which system or application is causing
bottlenecks?
![Page 5: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/5.jpg)
5
Introduction(3)
?MRTG, Etherfind, Argus, TCPdump… …– none of them satisfied us
?WebTrafMon!– Benefits of Web– Show host information– Show protocol information
![Page 6: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/6.jpg)
6
Related Work-MRTG
?Web-based traffic monitor system? using SNMP? Long term analysis
? Cannot show host information? Cannot show protocol information
![Page 7: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/7.jpg)
7
Related Work-Packet capturing tools
? Etherfind, NFSwatch– system specific interface
? TCPdump
? Does not provide Web interface? No analysis facility
– inappropriate for long term analysis
![Page 8: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/8.jpg)
8
Related Work-Argus
? Generic IP network transaction auditing tool?Mostly for network security
– detect service failure, DOS(Denial Of Service) attacks, network configuration problems
? Does not provide Web interface?Missing detailed protocol information
![Page 9: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/9.jpg)
9
Related Work-Summary
MRTG Etherfind NFSwatch TCPdump Argus
Web-based? Yes No No No No
Analysis
capability?
Yes No No No Yes
Per Host
Traffic
Information?
No No No No Yes
Per Protocol
Traffic
Information?
No No No No No
![Page 10: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/10.jpg)
10
Requirements
? Platform Independence?Web-based User Interface
– system independent– location independent– anytime, anywhere, anyone can use it– beautiful user interface and ubiquitous browser
? Guaranteed Packet Capturing– for the accuracy of traffic information
![Page 11: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/11.jpg)
11
Requirements(2)
? Classification of all possible protocol information– show information per each network layer
?Mobility? Security? Real-time & Historical Traffic information
analysis
![Page 12: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/12.jpg)
12
Design
![Page 13: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/13.jpg)
13
Design-probe
?MAC layer– packet size
? Network layer– IP(host information), ARP, RARP… .
? Transport layer– TCP, UDP… .
? Application layer– Telnet, FTP, HTTP… .
![Page 14: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/14.jpg)
14
Design-viewer
? Data reader– read the log file that the probe has generated
? Analyzer– analyze information that the view controller has
requested
? View controller– user interaction via Web browser
![Page 15: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/15.jpg)
15
Implementation
? Operating System– Linux(kernel 2.0.32)– Intel x86
? libpcap 0.4a6? Perl 5.004_01? Apache Web Server 1.2.5
![Page 16: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/16.jpg)
16
Implementation-probe
TCP, UDP, ICMP...
IP, ARP, RARP...
MAC layer
Telnet , HTTP, FTP, SMTP, DNS… ...
![Page 17: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/17.jpg)
17
Implementation-probe(2)
? Using libpcap– system independent packet capturing library
346 164.124.96.18 141.223.82.4 udp telnet
64 141.223.82.4 141.223.82.26 tcp http
112 rarp
64 arp
74 141.223.99.99 141.223.82.28 icmp
![Page 18: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/18.jpg)
18
Implementation-probe(3)
Ether IP TCP Application
IP TCP
TCP
Application
Application
Application
Appl Header User Data
![Page 19: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/19.jpg)
19
Implementation-viewer
? Using Perl– good for text processing– classify each field of the log file and sort them
? Enable password checking for security
![Page 20: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/20.jpg)
20
Demo & Our experience
? Live demonstration? Our experience
![Page 21: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/21.jpg)
21
Conclusion and Future work
? New Network Traffic Monitoring System– Web-based system
• anytime, anywhere, anyone can use it easily
– Show host information• source, destination, source-destination pair
– Show protocol information• classified information per each network layer
– Long term analysis as well as short term(Real-time) analysis
![Page 22: WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring](https://reader031.fdocuments.in/reader031/viewer/2022020704/61fb53f22e268c58cd5cddc4/html5/thumbnails/22.jpg)
22
Conclusion and Future work(2)
? Speed enhancement– processing a larger log file
? Integrate with MRTG– configure to run when the network traffic peaks