Upload File

department of computer science & engineering 5. acknowledgments 4. conclusions 3. evaluation2....

  • Home
  • Documents
  • Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose
1
Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation 2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose Gelpi, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero I want to thank to César D. Guerrero and Dr. Miguel A. Labrador for their orientations and the National Science Foundation for supporting this project. A packet sniffer is an application that intercepts network packets traveling in a communication channel. They usually create a log file with information about the packet headers. The motivation for this work is the need of a new network sniffer able to perform calculations based on data from the captured packets and to filter irrelevant information that current sniffers print by default. The objective of this research is to develop a network sniffer to calculate bandwidth based on the amount of bits transmitted at the IP layer (IP packet length) during the time between two consecutive packets. That is, 2.1. Testbed Two end hosts communicated in a LAN and one machine in the middle sniffing the connection is used to test the sniffer. Cross traffic is generated using the Multi-Generator MGEN. It generates synthetic traffic with variable amount and distribution. • The more packets to be captured per unit time, the higher the relative error. One reason for that is excessive load in the operating system. • The developed sniffer could be implemented in intermediate routers to better select network routes based on their congestion level. • Additional packet processing in the tool can be easily performed by manipulating the information in the packet headers. For example, using source and destination IP addresses to determine the traffic load for each host in the network. 2.2. Sniffer The application is developed in C language using a network capturing library called PCAP. •After reading the Network Interface Card (NIC) name, the pcap_open_live function opens it in promiscuous mode. •Then pcap_loop sniff the channel and captures every packet seen by the NIC. pcap_next stores the packet header following this structure: struct pcap_pkthdr { struct timeval ts; /* time stamp */ bpf_u_int32 len; /* length this packet */ } •By using that structure, the packet timestamp and length is used to calculate the bandwidth. •Finally, the time at which each packet is captured, its size, and the calculated bandwidth is printed out. 1 _ 2 _ 1 _ pck pck pck t t L BW The average relative error in the case of 3 Mbps was 1.83% and in the case of 6 Mbps was 3.75%. The sniffer was evaluated in the testbed by inserting 30% and 60% of periodic cross traffic in a 10Mbps capacity link for a 10 second period. That is, inserting 3 and 6 Mbps of cross traffic to be sniffed by the tool. The traffic generation was performed with MGEN by sending 381 and 782 packets of 1024 bytes every second. 100% error x An average relative error was calculated by comparing the real traffic rate given by the traffic generator with the value provided by the tool: Additional packets shown in the graphs are due to control traffic generated between hosts. start NIC open NIC (pcap_open_live) Capture a packet (pcap_loop hdr<- pcap_next) Calculate BW: hdr.len/(hdr.ts2- hdr.ts1) Print Time BW

Upload: jasmine-hampton

Post on 17-Jan-2018

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose

Department of Computer Science & Engineering

5. Acknowledgments

4. Conclusions

3. Evaluation2. Contribution

1. Introduction

REU 2008-Packet SnifferJose Gelpi, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero

I want to thank to César D. Guerrero and Dr. Miguel A. Labrador for their orientations and the National Science Foundation for supporting this project.

A packet sniffer is an application that intercepts network packets traveling in a communication channel. They usually create a log file with information about the packet headers.

The motivation for this work is the need of a new network sniffer able to perform calculations based on data from the captured packets and to filter irrelevant information that current sniffers print by default.

The objective of this research is to develop a network sniffer to calculate bandwidth based on the amount of bits transmitted at the IP layer (IP packet length) during the time between two consecutive packets. That is,

2.1. TestbedTwo end hosts communicated in a LAN and one machine in the middle sniffing the connection is used to test the sniffer. Cross traffic is generated using the Multi-Generator MGEN. It generates synthetic traffic with variable amount and distribution.

• The more packets to be captured per unit time, the higher the relative error. One reason for that is excessive load in the operating system.

• The developed sniffer could be implemented in intermediate routers to better select network routes based on their congestion level.

• Additional packet processing in the tool can be easily performed by manipulating the information in the packet headers. For example, using source and destination IP addresses to determine the traffic load for each host in the network.

2.2. SnifferThe application is developed in C language using a network capturing library called PCAP. •After reading the Network Interface Card (NIC) name, the pcap_open_live function opens it in promiscuous mode.•Then pcap_loop sniff the channel and captures every packet seen by the NIC. •pcap_next stores the packet header following this structure:

struct pcap_pkthdr { struct timeval ts; /* time stamp */

… bpf_u_int32 len; /* length this packet

*/}

•By using that structure, the packet timestamp and length is used to calculate the bandwidth.•Finally, the time at which each packet is captured, its size, and the calculated bandwidth is printed out. 1_2_

1_

pckpck

pck

ttL

BW

The average relative error in the case of 3 Mbps was 1.83% and in the case of 6 Mbps was 3.75%.

The sniffer was evaluated in the testbed by inserting 30% and 60% of periodic cross traffic in a 10Mbps capacity link for a 10 second period. That is, inserting 3 and 6 Mbps of cross traffic to be sniffed by the tool. The traffic generation was performed with MGEN by sending 381 and 782 packets of 1024 bytes every second.

100%error

x

An average relative error was calculated by comparing the real traffic rate given by the traffic generator with the value provided by the tool:

Additional packets shown in the graphs are due to control traffic generated between hosts.

start

NIC

open NIC(pcap_open_live)

Capture a packet(pcap_loop

hdr<- pcap_next)

Calculate BW:hdr.len/(hdr.ts2-hdr.ts1)

Print Time BW

Media project evaluation2

Mobile Sniffer Ppt

Mini evaluation2

Wavewin Sniffer Manual

A2 the evaluation2

A2 media evaluation2

Mobile sniffer

SNIFFER presentation

Monitoring and evaluation2

Media evaluation2

Sniffer Report

Mobile Sniffer Org

Evaluation2 ppt

Packet sniffer repot

Aula9 Sniffer

Mobile sniffer project

Music Magazine Audience Feedback And Evaluation2

Music Video Evaluation2

Best coast boyfriend evaluation2

Naturalistic evaluation2

Greece Ex Post Evaluation2 IMF 2011 2013

Sniffer ppt

Sniffer Antisniffer Ettecap

802.11n Sniffer

Lib Sw Evaluation2

Production company for evaluation2

REPORT SNIFFER

Tìm hiểu Sniffer

Music Magazine Audience Feedback And Evaluation2

Sniffer para bluetooth

Sniffer Pro and Sniffer Distributed Referenceread.pudn.com/downloads118/ebook/499714/教程...Table of Contents iv Sniffer Pro and Sniffer Distributed DB Slow Server Response Diagnosis

Fundamentacion sniffer

Evaluation2 presentation

Magazine Evaluation2

Advanced portfolio evaluation2