[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1109/ANCS.2011.46acmconferencesArticle/Chapter ViewAbstractPublication PagesancsConference Proceedingsconference-collections
Article

A Passive Network Appliance for Real-Time Network Monitoring

Published: 03 October 2011 Publication History

Abstract

Network administrators lack the tools they need to understand and react to their changing networks. This makes it difficult for them to make informed, timely decisions regarding network management, capacity planning, and security. These challenges will only increase as networks continue to gain in throughput, become more complex, and encrypt more and more of their traffic. This paper describes the Passive Network Appliance, or PNA, which is our proposed solution to this problem. The PNA provides snapshots of network behavior through time, in a cost-effective manner. The PNA is implemented on commodity hardware and can enforce network policy in real-time at the granularity of network frame arrival. This paper describes the system, and its evaluation in both laboratory and real-world deployments.

References

[1]
ArcSight ESM - Enterprise Security Manager. URL http://www.arcsight.com/products/products-esm/.
[2]
Cisco IOS NetFlow. URL www.cisco.com/web/go/netflow.
[3]
Lancope netflow, sflow-based security, network, application performance monitoring. URL http://www.lancope.com/.
[4]
sFlow.org - Making the Network Visible. URL http://www.sflow.org/.
[5]
Netflow performance analysis. Technical report, Cisco Systems, Inc., 2007.
[6]
G. Antichi, D. J. Miller, and S. Giordano. An open-source hardware module for high-speed network monitoring on netfpga. In European NetFPGA Developers Workshop, 2010.
[7]
S. W. Birch. Performance characteristics of a kernel-space packet capture module. Master's thesis, Air Force Institute of Technology, 2010.
[8]
L. Braun, A. Didebulidze, N. Kammenhuber, and G. Carle. Comparing and improving current packet capturing solutions based on commodity hardware. In Internet Measurement Conference, pages 206-217, 2010.
[9]
L. Deri. ntop: Netflow, netflow-lite and sflow based open source network traffic monitoring. URL http://www.ntop.org/.
[10]
L. Deri. Improving passive packet capture: Beyond device polling. In International System Administration and Network Engineering Conference, 2004.
[11]
L. Deri. PF RING, May 2011. URL http://www.ntop.org/PF_RING.html.
[12]
C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and C. Diot. Packet-level traffic measurements from the sprint ip backbone. IEEE Network, 17(6):6-16, 2003.
[13]
F. Fusco and L. Deri. High speed network traffic analysis with commodity multi-core systems. In Internet Measurement Conference, pages 218-224, 2010.
[14]
J. Gasparakis and J. Peter P Waskiewicz. Design considerations for efficient network applications with intel multi-core processor-based systems on linux. Technical report, Intel Embedded Design Center, 2010.
[15]
K. Keys, D. Moore, R. Koga, E. Lagache, M. Tesch, and kc claffy. The architecture of the coralreef internet traffic monitoring software suite. In Passive and Active Network Measurement Workshop, 2001.
[16]
L. B. N. Laboratory. Bro intrusion detection system. URL http://www.bro-ids.org/.
[17]
J. Mai, C.-N. Chuah, A. Sridharan, T. Ye, and H. Zang. Is sampled data sufficient for anomaly detection? In Internet Measurement Conference, 2006.
[18]
S. McCanne and V. Jacobson. The bsd packet filter: A new architecture for user-level packet capture. In USENIX Annual Technical Conference, 1993.
[19]
R. Olsson. pktgen the linux packet generator. In Ottawa Linux Symposium, 2005.
[20]
V. Paxson. Bro: A system for detecting network intruders in real-time. In Computer Networks, pages 2435-2463, 1999.
[21]
V. Sekar, M. K. Reiter, and H. Zhang. Revisiting the case for a minimalist approach for network flow monitoring. In IMC, 2010.
[22]
A. Turner. Tcpreplay. URL http://tcpreplay.synfin.net/.
[23]
C. Wiseman, J. Turner, M. Becchi, P. Crowley, J. DeHart, M. Haitjema, S. James, F. Kuhns, J. Lu, J. Parwatikar, R. Patney, M. Wilson, K. Wong, and D. Zar. A remotely accessible network processor-based router for network experimentation. In ANCS, pages 20-29, New York, NY, USA, 2008. ACM.

Cited By

View all
  • (2013)K-p0fProceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems10.5555/2537857.2537875(113-114)Online publication date: 21-Oct-2013
  • (2012)NetSlicesProceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems10.1145/2396556.2396563(27-38)Online publication date: 29-Oct-2012

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
ANCS '11: Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
October 2011
273 pages
ISBN:9780769545219

Sponsors

Publisher

IEEE Computer Society

United States

Publication History

Published: 03 October 2011

Check for updates

Author Tags

  1. Computer-Communication Networks
  2. Network Monitoring
  3. Network Operations

Qualifiers

  • Article

Conference

ANCS '11

Acceptance Rates

ANCS '11 Paper Acceptance Rate 20 of 62 submissions, 32%;
Overall Acceptance Rate 88 of 314 submissions, 28%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2013)K-p0fProceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems10.5555/2537857.2537875(113-114)Online publication date: 21-Oct-2013
  • (2012)NetSlicesProceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems10.1145/2396556.2396563(27-38)Online publication date: 29-Oct-2012

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media