network traffic analysis

8/4/2019 Network Traffic Analysis

1/19

Himanshu UttamIWC2010009

1


2/19

What is Network Traffic?Ne twork Traffic Analysis

Why Monitor and Analyz e Traffic?Ne twork administrators vi ewpointNe twork intrud ers vi ewpoint

App roaches for Traffic Measurement

Analyzing Procedure

2


3/19

Density of data pr esent in th e network.

Communication d evices access resourc es and

also g et requests to carry out som e work.So a lot of r equest, r espons e and control data.

Load on th e network.

Oth er d evices may g et d elayed in th eirrequir ements.

3


4/19

Network traffic monitoring and analysistechniques allow the traffic at particular pointson a network to be recorded, displayed in

useful form and analysed.

4


5/19

T raffic can be monitored: At the network boundaryOn specific segments

At particular interfaces

5


6/19

T his question can be approached from twoviewpoints:

Network administrator

Network intruder

6


7/19

T roubleshoot problems on the network Analyse the performance of network sections toidentify bottlenecks

Network intrusion detectionLogging network traffic for forensic evidence

Analysing the operation of network applicationsT racing the source of a DoS attack

Detecting spyware


8/19

To capture clear-text usernames andpasswords

And those also which are encrypted

To passively map a networkTo capture other confidential information

8


9/19

Server Logs:Web servers configur ed to r ecord information a bout allclient r equests.

Eg most s ervers hav e a log fil e access wh ere requestsand r espons es ar e sav ed.

Each lin e of th e access log contains information on asingl e request for a docum ent.

Anex

ample

is:cs.fudan. edu.cn [1 5/ Aug / 1999:14:50:05 - 0600]

"GET/ HTTP / 1.1" 200 1200

This data can be us ed to charact erize web traffic.

9


10/19

Passiv e Measur ement:Choos e an appropriat e site and passiv ely captur e every IP pack et through it.

Ideal sit e would be one through which manyconn ections pass.

Eg a major gat eway sit e.

Many monitoring platforms. On e such platform isTCPDump based Win Dump.Users can build complicat ed Bool ean expr essions todecide which data pack ets to catch.

10


11/19

Activ e Measur ement:

Users or provid ers ar e dir ectly r elated to th e activiti esof measur ement in th e following ways:1. Injection of pro bes into n etwork by us ers and provid ers2. Ping and Trac erout e

a) Path conn ectivityb) Round-trip d elay

3. User-application p erformanc e as seen from hostsa) Lossb) Delayc) Throughput

11


12/19

Use TCPDump to dump and stor e all th e trafficdata into hard disks.To pars e th e dump ed data and print out th e proc essed r esult into t ext files.Use Matla b softwar e with pr epar ed scripts tomak e detailed analysis on th e proc essed r esult,

then generat e the analyzing r esult and plot th e result graphs.

12


13/19

HTTP W eb : Includ es common HTTP w eb surfing and HTTPS applications.P2P File Sharing: Includ es th e applicationsusing BitTorr ent, DC++ and oth er P2Pprotocols.Streaming: Includ es Youtu be vid eo, Onlin e

Audio, etc.DHT D istri bution: Includ es th e applicationwhich using DHT protocol to distri but e itsresourc e map or oth er information.

13


14/19

Traffic Volum e Analyzing Mod el: Afterisolating th e traffic data w e analyz e th e trafficvolum e.Flow Analysis: Th e information of sourc e anddestination IP addr ess, activ e ports and rat e.Pack et Analysis: To know how to optimiz e the

network d evices' proc essing capa bility.

14


15/19

Local Systems:

NETSTAT,TCPDUMP,ETHEREAL,NTOP

Remote End Systems: MIBS, IF-MIB, SNMP, MRTG

Routers:

NETFLOW(CISCO), LFAP(ENTERASYS)

15


16/19

16


17/19

17


18/19

Measur ement and analysis of IP n etwork traffic - C enZhiw ei Gao Chuanshan Cong Suo Han Liang xiu. Dept.of Comput er Science, Fudan Univ ersity, Shanghai200433, ChinaNe twork Traffic Analysis and Intrusion Detectionusing Pack et Sniffer pu blised in 2010 S econdInternational Conf erence on Communication Softwar e and Ne tworks.Broad band Ne twork Traffic Analysis and Study inVarious Typ es of Applications pu blised inInternational Conf erence on Int elligent Control andInformation Proc essing.

18


19/19

19

network traffic analysis

Documents