analyzing traffic across the greek school network
play

Analyzing Traffic across the Greek School Network Costas Kattirtzis - PowerPoint PPT Presentation

Mar 30, 2024 •271 likes •515 views

Research Academic Computer Technology Institute University of Patras Analyzing Traffic across the Greek School Network Costas Kattirtzis , Emmanuel Varvarigos, Kyriakos Vlachos, University of Patras & Research Academic Computer Technology

  1. Research Academic Computer Technology Institute University of Patras Analyzing Traffic across the Greek School Network Costas Kattirtzis , Emmanuel Varvarigos, Kyriakos Vlachos, University of Patras & Research Academic Computer Technology Institute George Stathakopoulos and Michael Paraskevas Research Academic Computer Technology Institute LANMAN 2005, 14th IEEE Workshop on Local and Metropolitan Area Networks, 18-21 September 2005, Chania, Crete, Greece Communication Networks Laboratory

  2. Introduction • Internet is growing dramatically. • Very complex patterns to model the Network Traffic. • Studies in LAN and WAN have been made since the early 80s. • Today's findings lead us to the conclusion that – Ethernet traffic is statistically self-similar – Poisson assumption is valid in special cases • Recent studies on Peer-to-Peer traffic mainly by Karagiannis et. al have been made. Communication Networks Laboratory

  3. Introduction • In this paper we present a study of traffic patterns on the Greek School Network • We studied in the monitored network – the behavior of flows – the behavior of the packets – the use of each protocol – the use of each well known application – The use of Peer-to-Peer services – The traffic locality phenomenon • Benefits – Understand the impact of network changes and services – Improve network usage and application performance – Reduce IP service and application costs – Optimize network costs – Understand the Impact of P2P applications – Background to the administrators for • dimensioning the network • congestion control • network management Communication Networks Laboratory

  4. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  5. Greek School Network Architecture • Nationwide network that spans across Greece. Connects all schools of primary and secondary education including administrator offices. • Hierarchically structured into three layers. – The Backbone network – The Distribution Network – The Access Network Communication Networks Laboratory

  6. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  7. Measurement Methodology • All the measurements took place in the PATRAS prefecture from October 24 00:00:00 GMT+02:00 2004 to March 18 23:30:00 GMT+02:00 2005. • Monitoring System – Cisco NetFlow • In terms of NetFlow, flow is defined by Seven Unique Keys: – source IP address – destination IP address – source port number – destination port number – layer 3 protocol type – TOS (Type Of Service) byte and – Input logical interface – FlowScan – cflowd – RRDtool Communication Networks Laboratory

  8. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  9. Traffic Statistics - Services Communication Networks Laboratory

  10. Traffic Statistics - Services Outgoing traffic Incoming traffic 50 40 35 Percentile of total Percentile of total 40 30 25 30 traffic traffic 20 20 15 10 10 5 0 0 P P n 2 n p w P 2 p P w t P t P P t o M H o t M P T S n H S 3 n T N M N k P N N 3 P k P n S M D r P S T n S D O e T r u S O F e h u F P P h t o t Flows Flows o Packets Packets Services Services bits bits • Outgoing traffic in term of bytes • DNS and SNMP use UDP – 50% is P2P – Large fraction of the flows, small fraction of the packets and an even – 19% is HTTP smaller fraction of the bytes transferred – 25.6% is unknown • HTTP (web) application • Incoming traffic in term of bytes – The profile of its daily load distribution – 37% is P2P fits closely the corresponding profile of – 30% is HTTP the TCP protocol . – 25.6% is unknown Communication Networks Laboratory

  11. Traffic Statistics - Protocols Communication Networks Laboratory

  12. Traffic Statistics - Protocols Outgoing traffic Incoming traffic 100 100 90 Percentile of total 90 80 ercentage 80 70 70 60 traffic 60 50 50 40 40 30 P 30 20 20 10 10 0 0 P TCP P UDP IPINIP TC ulticast P D P IP ulticast M ICM U IN IC flows IP flow s M packets M packets Protocols Protocols bits bits Outgoing traffic Incoming traffic • The size of the incoming packets is much larger than Bytes Flows Packets Bytes Flows Packets Protocols the size of the outgoing 95% 61.6% 84,2% 93.1% 54.4% 83% TCP packets. 4,4 34,5 14,5 5,2 41,2 14,5 UDP • TCP uses more and larger • The other IP protocols individually make up packets per flow than UDP a negligible percentage of the overall traffic Communication Networks Laboratory

  13. Traffic Statistics – Flow Analysis 109858082 143809451 143848754 145058776 145061162 145071742 145071956 145099781 145100818 145160507 1.00E+09 • 87% of the flows carry Cumulative number of flows 50504812 5-12 packets 17757186 17580176 1.00E+08 • The majority of the flows last 6 - 6.5 sec. 1.00E+07 • Data transfers* 829363 • interactive : TCP-telnet, 1.00E+06 ICMP, UDP-NTP • transaction oriented : TCP-FTP, TCP-SMTP 1.00E+05 124 197 228 530 1 2 4 5 10 12 17 18 30 68 • bulk data transfer : TCP-FTPD, TCP-WWW packets per flow • A cross-check of the findings of k. Claffy et al. at “Traffic Characteristics of the T1 NSFNET Backbone”. Communication Networks Laboratory

  14. Traffic Statistics – Packet Size Analysis 100 50 1st Sample 2nd Sample 45 90 40 80 Cumulative Percentage % P a c k e ts 35 70 30 60 25 50 20 15 40 10 30 5 20 0 10 Packets of November 0 -3 2 3 3 -6 4 6 5 -9 6 5 7 7 -1 0 2 4 1 0 2 5 -1 5 3 6 9 7 -1 2 8 1 2 9 -1 6 0 1 6 1 -1 9 2 1 9 3 -2 2 4 2 2 5 -2 5 6 2 5 7 -2 8 8 2 8 9 -3 2 0 3 2 1 -3 5 2 3 5 3 -3 8 4 3 8 5 -4 1 6 4 1 7 -4 4 8 4 4 9 -4 8 0 4 8 1 -5 1 2 5 1 3 -5 4 4 5 4 5 -5 7 6 Packets of March 0 2 6 0 4 8 2 6 0 4 4 7 3 9 6 2 8 5 1 8 4 2 3 - - 1 2 2 3 4 4 5 0 5 0 5 - - - - - - - 1 1 6 9 3 7 1 5 9 3 - 2 9 5 2 8 4 1 7 > 1 1 2 3 3 4 5 7 5 IP packet size (bytes) Packet Size (bytes) • Dual-modal pattern • Large size packets caused • Predominance of small-sized • By Ethernet full size packets caused packets • by TCP control segments and and • By p2p applications • by HTTP application Communication Networks Laboratory

  15. Overview • Network Architecture • Measurement Methodology • Traffic Statistics – Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  16. Traffic Statistics – Traffic Locality • Outgoing traffic: The 50 100 Percent of traffic send by source most busy sources (of the 6188) in a 5-minute sample, 80 are responsible for 60 – 94.5% of the bytes – 93.1% of the flows 40 – 90.9% of the packets. 20 • Incoming traffic: The same users: 0 – 76.6% of the bytes 1 5 9 3 7 1 5 9 3 7 1 5 9 1 1 2 2 2 3 3 4 4 4 – 77.5% of the flows Number of Hosts incoming bytes incoming packets incoming flows – 52.5% of the packets. outgoing bytes outgoing packets outgoing flows • The same results were observed in the 250 minutes samples. Communication Networks Laboratory

  17. Overview • Network Architecture • Measurement Methodology • Traffic Statistics • Service Analysis • Protocol Analysis • Flow Analysis • Packet Size Analysis • Traffic locality • Peer-to-Peer Services • Conclusions Communication Networks Laboratory

  18. Peer-to-Peer Services outgoing traffic incoming traffic Protocol bits % packets % flows % bits % packets % flows % BitTorrent 25,6 17,9 5,9 23,3 18,7 7 eMule 19,5 16,1 12,8 10,6 14,3 14,6 Napster 3 2,5 0,3 2,2 2,3 0,4 Gnutella 0,3 0,3 0,2 0,2 0,3 0,2 Kazaa 0,2 0,2 0,1 0,4 0,2 0,1 Direct Connect 0,1 0 0 0,1 0 0 Total 48,7 37 19,3 36,8 35,8 22,3 • Very Difficult to identify P2P traffic The 3 rd generation P2P systems use arbitrary ports for the P2P connections • • Still 25% of the traffic is unknown • 32,3% - 48,7% of the outgoing and 14% - 39% of the incoming bytes are caused by P2P services Communication Networks Laboratory

  19. Peer-to-Peer Services • P2P services are active 24 hours per day + they do not follow the traffic pattern of the overall traffic • Emule and BitTorrent were the two most prevalent protocols. • After 19/12/2004 the use of BitTorrent was reduced significantly because of the shut down of Suprnova.org Communication Networks Laboratory

Recommend

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1 Presentation By Henk van Doorn & Marko Spithoff Relevance Security Audits Company Detects (Attempted) Breach Accountability Of Actions 2

337 views • 22 slides
Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods Basil AsSadhan Department of Electrical Engineering & Center of Excellence in Information Assurance King Saud University April 13-14, 2014

609 views • 39 slides
A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two

A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two

A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two knowledge gaps: high delay high delay correlation correlation How do we distinguish BOS delays: 90 min BOS delays: 10 min unexpected spatial

357 views • 3 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin

Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin

Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

619 views • 26 slides
Broadband services for schools through the Greek School Network Christos Bouras Professor,

Broadband services for schools through the Greek School Network Christos Bouras Professor,

Broadband services for schools through the Greek School Network Christos Bouras Professor, University of Patras Computer Technology Institute B ro a d b a n d E d u c a tio n S e rv ic e s , 1 1 -1 2 J u n e 2 009, C re te , G re e c e

749 views • 18 slides
20 10 University of Crete and the Greek School Network Emmanouil Zouraris

20 10 University of Crete and the Greek School Network Emmanouil Zouraris

& Multimedia Services at the 20 10 University of Crete and the Greek School Network Emmanouil Zouraris University Of Crete Networks

663 views • 35 slides
Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher Previously: Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre rootaccesspodcast.com Behavioral Analysis VIDEO analyzing website visitors

1.45k views • 127 slides
Clean Air Parents Network Webinar 21 st July 2020 Low Traffic Neighbourhoods WHY LOW TRAFFIC

Clean Air Parents Network Webinar 21 st July 2020 Low Traffic Neighbourhoods WHY LOW TRAFFIC

Clean Air Parents Network Webinar 21 st July 2020 Low Traffic Neighbourhoods WHY LOW TRAFFIC NEIGHBOURHOODS? Part of the response to the damage motor traffic causes road casualties, air quality, community, public health and active

257 views • 13 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port

Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port

Network traffic characterization A historical perspective 1 Incoming AT&T traffic by port (18 hours of traffic to AT&T dial clients on July 22, 1997) N a m e port % bytes % packets bytes per packet w o r l d - w i d e

425 views • 31 slides
School Streets Why School Streets? They reduce traffic, and therefore pollution. (25% of

School Streets Why School Streets? They reduce traffic, and therefore pollution. (25% of

School Streets Why School Streets? They reduce traffic, and therefore pollution. (25% of rush hour traffic in London is cars doing the school run). They create a safer environment for everyone near and outside a school. They

98 views • 6 slides
Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader Lesson Conclusion Outline

777 views • 36 slides
Latin and Greek Elements in English Lessons 1 and 2: Overview of Greek Civilization

Latin and Greek Elements in English Lessons 1 and 2: Overview of Greek Civilization

Latin and Greek Elements in English Lessons 1 and 2: Overview of Greek Civilization Prehistory Indo-European Invasions earliest known inhabitants are the mysterious Pelasgians some ancient Greek words/names may be Pelasgian in

199 views • 16 slides
Latin and Greek Elements in English Lesson 3: Greek Bases in general, its somewhat more

Latin and Greek Elements in English Lesson 3: Greek Bases in general, its somewhat more

Latin and Greek Elements in English Lesson 3: Greek Bases in general, its somewhat more difficult to learn Greek forms than their Latin counterparts, e.g. de- vs. cata- n.b. the Greek language never influenced early English to the

257 views • 7 slides
Mining Network Traffic Data Ljiljana Trajkovi ljilja@cs.sfu.ca Communication Networks

Mining Network Traffic Data Ljiljana Trajkovi ljilja@cs.sfu.ca Communication Networks

Mining Network Traffic Data Ljiljana Trajkovi ljilja@cs.sfu.ca Communication Networks Laboratory http://www.ensc.sfu.ca/cnl School of Engineering Science Simon Fraser University, Vancouver, British Columbia Canada Roadmap Introduction

1.97k views • 145 slides
Greek Tragedy Greek Tragedy Introduction: The Sixth Century BCE, or the End of the Pre

Greek Tragedy Greek Tragedy Introduction: The Sixth Century BCE, or the End of the Pre

Greek Tragedy Greek Tragedy Introduction: The Sixth Century BCE, or the End of the Pre Classical Age The Birth and Nature of Tragedy Theatron : Performance Space Actors and Acting in Greek Tragedy Conclusion: Euripides

252 views • 23 slides
Skydive An analyzer for network topology and traffic Sylvain Baubeau Sylvain Afchain Skydive

Skydive An analyzer for network topology and traffic Sylvain Baubeau Sylvain Afchain Skydive

Skydive An analyzer for network topology and traffic Sylvain Baubeau Sylvain Afchain Skydive goals Topology exploration and visualization Network traffic capture Make network troubleshooting easier SDN agnostic Real-time

704 views • 10 slides
A Network Calculus for Multi-Hop Fading Channels Hussein Al-Zubaidy J org Liebeherr Almut

A Network Calculus for Multi-Hop Fading Channels Hussein Al-Zubaidy J org Liebeherr Almut

A Network Calculus for Multi-Hop Fading Channels Hussein Al-Zubaidy J org Liebeherr Almut Burchard University of Toronto Performance Analysis of Multihop Wireless Network z Cross traffic Cross traffic Cross traffic Through traffic n

659 views • 26 slides
Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer NETWORK ANALYST @packetpioneer www.packetpioneer.com Why So Important? James Packets can be very detailed Network Engineer Visualizing Traffic

221 views • 11 slides
Chapter 3:The Early Greek World Greek Geography and Culture The Prehistory of Greece

Chapter 3:The Early Greek World Greek Geography and Culture The Prehistory of Greece

Chapter 3:The Early Greek World Greek Geography and Culture The Prehistory of Greece The Pre-Classical Age of Greek History Delphi Delphi Delphi Thessaly Delos xxx Map of Greek Dialects The Apotheosis of Homer (Ingres) Walls

877 views • 35 slides
Multimedia Services for the Greek Higher Education community Dr. Pantelis Balaouras University

Multimedia Services for the Greek Higher Education community Dr. Pantelis Balaouras University

Multimedia Services for the Greek Higher Education community Dr. Pantelis Balaouras University of Athens Greek Academic Network GUnet AL & KAPODISTRIAN UNIVERSITY OF ATHENS About Greek Academic Network- GUnet GUnet

536 views • 28 slides
02 GREEK ECONOMY & OUTLOOK Can the New Government Revive the Greek Animal Spirits? 02

02 GREEK ECONOMY & OUTLOOK Can the New Government Revive the Greek Animal Spirits? 02

02 GREEK ECONOMY & OUTLOOK Can the New Government Revive the Greek Animal Spirits? 02 2.1 ECONOMIC RECOVERY Since 2017, the Greek Economy has been Range-bound Between 1.5%-2.0% 2019e 1.6% Source: ELSTAT, Piraeus Bank Research 2 |

464 views • 12 slides
Deep-Q: Traffic-driven QoS Inference using Deep Generative Network Shihan Xiao , Dongdong He,

Deep-Q: Traffic-driven QoS Inference using Deep Generative Network Shihan Xiao , Dongdong He,

Deep-Q: Traffic-driven QoS Inference using Deep Generative Network Shihan Xiao , Dongdong He, Zhibo Gong Network Technology Lab, Huawei Technologies Co., Ltd., Beijing, China 1 Background What is a QoS Model? Traffic D elay, jitter, packet

464 views • 27 slides

More recommend