NetSniff

Documentation

This page also provides links to published information about the NetSniff project, either as internal CAIA Technical Reports or as Academically Refereed Publications.

Academically Refereed Publications

Evaluating the impact of DNS and HTTP session characteristics on consumer ISP web traffic

Authors: J. But, U. Keller and G. Armitage

Conference: IEEE TenCon 2005 Melbourne, Australia, November 2005

Abstract: Web caches are generally considered useful because they reduce replication of network traffic flowing from original content sources. In this paper we experimentally characterise the network and i transport layer consequences of web caching in the consumer ISP context. We instrumented a small number of Australian, broadband-attached homes to collect round-trip time (RTT) and hop count statistics for their HTTP/TCP sessions, and collect DNS lookup statistics associated with each HTTP exchange. We estimated the impact of DNS lookup delays on overall HTTP session times, and use our RTT and hop count statistics to show that consumer ISPs would benefit greatly from local caching, particularly in Australia where speed of light delays have a large impact on session times when retrieving international content.

Passive TCP Stream Estimation of RTT and Jitter Parameters

Authors: J. But, U. Keller, D. Kennedy and G. Armitage

Conference: IEEE 30th Conference on Local Computer Networks (LCN 2005) Sydney, Australia, November 2005

Abstract: There exist many network tools to passively monitor a link for traffic flows. These tools are typically installed close to the edge of the network, but not necessarily at the termination point of data flows - possibly at an Intranet gateway or within a few hops of endpoints. Determination of Round Trip Times (RTTs) for individual data flows is of interest for network management purposes and can be used to both indicate network delays experienced by users, and to make design decisions such as cache implementations to decrease wait time as seen by an end user. Determining the RTT when not at an end-point of a data flow is complicated by the fact that witnessed packets may not arrive at their destination and that packets may be seen out of order. In this paper we present an algorithm to estimate running RTT and Jitter characteristics of TCP streams monitored at the midpoint of a TCP connection.

Internal CAIA Technical Reports

Measuring the Live Capture Performance of NetSniff

Report: CAIA Technical Report 051004A

Authors: J. Bussiere and J. But

Abstract: NetSniff is an IP traffic analysis tool currently used in low traffic scenarios. Before deployment under higher traffic scenarios, it is important to perform a study into the processing and live capture performance of NetSniff. We have previously investigated the processing performance of NetSniff, in this technical report we subject NetSniff to a performance evaluation with regard to live capture of network traffic. We show the impact of increasing the captured traffic rate and in increasing the number of concurrent flows for NetSniff to process on differing hardware configurations.

Download PDF

Measuring the Processing Performance of NetSniff

Report: CAIA Technical Report 050823A

Authors: J. Bussiere and J. But

Abstract: NetSniff is an IP traffic analysis tool currently used in low traffic scenarios. Before deployment under higher traffic scenarios, it is important to perform a study into the processing and live traffic capture performance of NetSniff. In this technical report we subject NetSniff to a series of processing performance evaluations in an attempt to determine the limitations of NetSniff with regard to packet processing rates on different hardware platforms and configurations.

Download PDF

Measuring the Performance of NetSniff: Testbed Design

Report: CAIA Technical Report 050623A

Authors: J. Bussiere and J. But

Abstract: NetSniff is an IP traffic analysis tool currently utilised in low traffic scenarios. We wish to explore the possibility of expanding its use to higher traffic situations and networks. This technical report explains our motivation for doing so, and the design of the tesbed we will construct to facilitate our determination of the processing performance of NetSniff.

Download PDF

A rationale for web caching in consumer ISPs: The impact of DNS lookup times and HTTP session characteristics

Report: CAIA Technical Report 050218A

Authors: J. But, U. Keller and G. Armitage

Abstract: Web caches are generally considered a useful tool because they reduce replication of network traffic flowing from original content sources. In this paper we experimentally characterise the network and transport layer consequences of web caching in the consumer ISP context. We instrumented a small number of Australian, broadband-attached homes to collect round-trip time (RTT) and hop count statistics for their HTTP/TCP sessions, and collect DNS lookup statistics associated with each HTTP exchange. We estimated the impact of DNS lookup delays on overall HTTP session times, and use our RTT and hop count statistics to show that consumer ISPs would benefit greatly from local caching, particularly in Australia where speed of light delays have a large impact on sessions times when retrieving international content.

Download PDF

Extending Netsniff

Report: CAIA Technical Report 050204B

Authors: U. Keller and J. But

Abstract: This technical report describes, how to extend netsniff with additional stream and packet level parser. It also describes how to extend the log file parser and database, that were built to do statistics on the data collected by Netsniff.

Download PDF

Netsniff - Design and Implementation Concepts

Report: CAIA Technical Report 050204A

Authors: U. Keller and J. But

Abstract: This technical report gives an overview of the protocols netsniff currently understands. Also it describes the data netsniff extracts from the parsed protocols. It further gives an overview about the anonymisation schemes currently implemented and about their issues.

Download PDF