2006_ryan_twomey_network_topology.ppt
TRANSCRIPT
Automated NetworkTopology Detection
Ryan Twomey ’06
Advisor: Prof. Jerry Breecher
Project Goals
1. To create a system that automatically determines the network topology with minimal user intervention
2. Portable: can be used in any network environment, regardless of complexity
3. Graphical user interface that allows editing and saving in common file format
Intended Uses
• Real-time monitoring for systems administrators, analysts, and managers
• Intrusion-detection/security systems
• IT asset tracking
• Improved performance routing and fault-tolerance (rerouting)
Topology Detection Methods
Existing Methodologies• SNMP Only
– Ask routers what their routing tables and active hosts databases are
• Ping broadcast + SNMP followup– Send pings to all possible IPs and ask routers/PC’s for
additional information
• Ping broadcast + Subnet Hopping– Send pings to all possible IPs and guess that subnets are at
early IP addresses (if found, jump to that subnet and continue)
• DNS discovery + Traceroute– Determine all hosts on network via DNS and trace routes to
each host found this way
• Ping broadcast + Traceroute– Send pings to all possible IPs and trace route to each host
Comparison of Methods
Methodology Advantages Drawbacks OverallSNMP only Lots of info Not easily accessible Very poor
Ping broadcast + SNMP
Complete/lots of info
Pings dropped/not easily accessible
Poor to Average
Ping broadcast + Subnet hopping
Complete Pings dropped/subnets not setup
Poor to Average
DNS discover + traceroute
Names + routes DNS not setup/trace packets dropped
Average to Good
Ping broadcast + traceroute
Complete + routes
Ping and trace packets dropped
Good
Difficulties with all Methods
• Transparent devices: can’t find everything– Switches, hubs
– Non-addressable devices
• Difficulty determining device type
• Security implications & configuration of SNMP/pings/DNS
• Potential for flooding
• Determining link types (timing unreliable)
My Method
• Chose Ping broadcast + Traceroute method– Best success rates/relatively easy to implement
• Can be improved by combining methods– Add SNMP for increased info gathering
– Correlate routing tables for finding networks
• Fallback methods (if pings dropped, attempt DNS detection, etc)
Ping & Traceroute Method
• For each host, see if it’s alive
• If so, attempt to trace the route to it using successively larger TTL’s
Finding Hosts (Ping Step)
• Send ICMP echo packet
• Response?
– Yes: Save host to trace route
– No: Try again up to 3 times
Finding Route to Host
• Send ICMP packets with TTL of 0, 1, …, 30
• Forces each router to determine packet
“expired” and sends error packet back to us
• When host is reached, route is finished
TTL = 0 TTL = 1+
Enhanced Info Gathering
• SNMP– Type of device and current status
– Not available on all devices
– Security implications
• User-input– Slow & prone to becoming out of date
• NMAP– Only guesses based on TCP “fingerprinting”
NMAP• Open Source, cross-platform network
scanner
• Can “fingerprint” host:– Sends UDP & TCP packets to host– Checks response bits, TCP window size, etc– 1500 OS’s in database
Watches all network trafficto and from host
Netdiscover
An implementation to automatically detect network topology
Netdiscover Technologies
SVG
C
Threads
AJAXJava
JavascriptServlets
JNI
CSS
Make
HTML
JAR
Jetty
RouterEthernet
Tomcat
Ant
daemon
Switch
Apache
Mutex
DOM
Adobe SVG
XML
Hub
Firewall
RSP
SNMP
NMAP
ICMP
TCP
IP
Me JSP
WAR
Netdiscover Implementation
• C Library– Necessary for speed and to access raw sockets
– Easily portable (any POSIX/Socket system)
– Bindings for other languages (Java, Perl, etc)
• Java implementation using JNI & custom “glue”
• Two usage models:– Find all hosts and routes on class A/B/C/D network
– Determine if host is up & route to it (a la carte method)
Java Native Interfaces
• Sun technology to access methods in other languages via Java
• Create Java “glue” code that translates custom C data structures to palatable Java classes
VM
OS
The JNI Toolchain
The JNI Toolchain
Glue code
Implementation
What the user sees
Includes Netdiscover library code
Language Toolchain
Language Toolchain
JNI
Drawing
Most recent web browsers natively
support SVG
Drawing Diagrams
• Use predefined SVG graphics for network elements (servers, switches, firewalls, etc)
– Scale these elements as necessary (zooming, fitting, etc)
• Draw network segments as large “cloud”
– Connect these clouds based on routes
• User editable: can add elements and links
Diagramming Algorithm
Network segments consist of routers, switches, hubs, etc
Hidden concentric circles used to align server elements
Diagramming AlgorithmOnce servers have been added, can draw link lines
Diagramming Algorithm
Additional concentric circles can be used if necessary
LET’S SEE A DEMO!
Graphic by Dan Jurgens. All Marvel characters and the distinctive likeness(es) thereof are Trademarks & Copyright (c) 1941-2005 Marvel Characters, Inc. ALL RIGHTS RESERVED.
LET’S SEE A DEMO!
Web
Graphic by Dan Jurgens. All Marvel characters and the distinctive likeness(es) thereof are Trademarks & Copyright (c) 1941-2005 Marvel Characters, Inc. ALL RIGHTS RESERVED.
Linking Network Segments
Next Steps
Automated Video Production
• Stores network topology changes in database
• Can generate SVG animation automatically based on these changes
• String together to form video showing changes over time
Mapping the Internet
• Robust diagramming technology
• Distributed client to minimize network traffic from any one source– Single reconciliation/serving point– Multiple locations test same points– Impossible to use point-to-point timing
• Regular/continuous updates
• Promote widespread usage of SVG
Sources
• Fairhurst, Gorry. Internet Control Messaging Protocol (ICMP). <http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/icmp.html>
• Wikipedia. OSI Model. <http://en.wikipedia.org/wiki/OSI_model>
• Haden, Rhys. ICMP (Internet Control Messaging Protocol). <http://www.rhyshaden.com/icmp.htm>
• Newmarch, Jan. Java Native Interface. <http://jan.netcomp.monash.edu.au/internetdevices/jni/lecture.html>
• Spider-Man graphic by Dan Jurgens. All Marvel characters and the distinctive likeness(es) thereof are Trademarks & Copyright (c) 1941-2005 Marvel Characters, Inc. ALL RIGHTS RESERVED. <http://en.wikipedia.org/wiki/Image:BenR_SpiderMan.jpg>
• XML.com. An Introduction to Scalable Vector Graphics. <http://www.xml.com/pub/a/2001/03/21/svg.html>
• Mozilla Foundation. SVG in Firefox 1.5. <http://developer.mozilla.org/en/docs/SVG_in_Firefox_1.5>
Sources
Sources
• WWW Consortium. Scalable Vector Graphics (SVG). <http://www.w3.org/Graphics/SVG/>
• Wikipedia. AJAX (Programming). <http://en.wikipedia.org/wiki/AJAX>
• Mortbay/Consulting. Jetty Java HTTP Server. <http://jetty.mortbay.org/jetty/index.html>
• Sun Microsystems. J2EE: Java Servlet Technology. <http://java.sun.com/products/servlet/>
• Sun Microsystems. J2EE: Java Server Pages Technology. <http://java.sun.com/products/jsp/>
Sources
• O’Reilly Network. SVG On the Rise. <http://www.oreillynet.com/pub/a/javascript/2002/06/06/svg_future.html>
• Cisco Systems, Inc. Simple Network Management Protocol (SNMP). <http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm>
• Wikipedia. Simple Network Management Protocol. <http://en.wikipedia.org/wiki/Simple_network_management_protocol>
• Sun Microsystems. Java Native Interface. <http://java.sun.com/j2se/1.4.2/docs/guide/jni/>
Interesting Links
• NMAP Project: http://www.insecure.org/nmap/
• Apache Jakarta/Tomcat Project: http://jakarta.apache.org/
• Adobe SVG Viewer: http://www.adobe.com/svg/
• W3C SVG Standard: http://www.w3.org/Graphics/SVG/
• AJAX: http://developer.mozilla.org/en/docs/AJAX
• Javascript Effects Library: http://script.aculo.us/
• Open Clip Art Library. http://www.openclipart.org
• Draconis Software: RSP Network Management: http://www.dracoware.com/