Queuing Network Topology Inference Using Passive Measurements
Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our...
Transcript of Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our...
![Page 1: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/1.jpg)
Network Diagnostics Using Passive Network Monitoring
and Packet Analysis
Martin Holkovič, CESNET, Czech RepublicOndřej Ryšavý, Brno University of Technology, Czech Republic
![Page 2: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/2.jpg)
Motivation
User tries to send an e-mail
Networkadministrator
diagnosticsreport
SMTP serverhttps://www.flowmon.com/en/products/flowmon/traffic-recorder
![Page 3: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/3.jpg)
Why it is not an easy problem
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 3/18
• Each protocol is different
• Each network is different
• Dependencies between services
• Requiring deep knowledge and lot of time
Bahl, P.; Chandra, R.; Greenberg, A.; aj.: Towards highly reliable enterprise network services via inference of multi-level dependencies. In ACM SIGCOMM Computer CommunicationReview, ročník 37, ACM, 2007, s. 13–24
![Page 4: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/4.jpg)
Possible methods
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 4/18
• Wireshark - manual
• How are the data accessed?
• How is the model created?
Active
Passive
Learned
Predefined
![Page 5: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/5.jpg)
Our goals
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18
• Passive analysis from PCAP file
• Predefined rule-based tree model
• Automate administrator’s actions
• Good-readable diagnostic output
• Easily extendible by an administrator
![Page 6: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/6.jpg)
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 6/18
![Page 7: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/7.jpg)
Proposed architecture
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 7/18
![Page 8: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/8.jpg)
Protocols Analyzer
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 8/18
• Using Tshark (Wireshark)
• Support over 3000 protocols and over 227000 fields
• Integrated lower layers analysis
• JSON output
![Page 9: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/9.jpg)
Events Finder
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 9/18
• Simulates questions of a real administrator• E.g., SMTP authentication
• Two step process:1. Find specific packets
2. Create tuples from packets fulfilling conditions
![Page 10: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/10.jpg)
Tree Engine
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 10/18
• Binary tree• Two next states
• Each node refers to the Events Finder
• State represents the knowledge
• Integrates Python code
![Page 11: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/11.jpg)
Output creator
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 11/18
• Predefined output records
• Creates links between records
• JSON format
![Page 12: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/12.jpg)
Rules – Events Finder
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 12/18
![Page 13: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/13.jpg)
Rules – Tree Engine
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 13/18
![Page 14: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/14.jpg)
Rules - Output
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 14/18
![Page 15: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/15.jpg)
Supported protocols
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 15/18
![Page 16: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/16.jpg)
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 16/x
![Page 17: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/17.jpg)
Future work
• Use another passive data sources• Syslog
• SNMP traps
• Optimize performance• Filtering input data
• Indexing key-data for faster processing
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 17/18
![Page 18: Network Diagnostics Using Passive Network Monitoring and ...Active Passive Learned Predefined. Our goals Network Diagnostics Using Passive Network Monitoring and Packet Analysis 5/18](https://reader033.fdocuments.us/reader033/viewer/2022042019/5e7687e3c412d62da2695df5/html5/thumbnails/18.jpg)
Conclusion
• Network administrators need to diagnose problems
• Diagnostics is time and knowledge requiring activity
• We use PCAP files as the data source
• We have implemented tree-based analysis
• The diagnostic output is good understandable
Network Diagnostics Using Passive Network Monitoring and Packet Analysis 18/18