|
 ABSTRACT
Evaluating network components such as network intrusion detection systems, firewalls, routers, or switches suffers from the lack of available network traffic traces that on the one hand are appropriate for a specific test environment but on the other hand have the same characteristics as actual traffic. Instead of just capturing traffic and replaying the trace, we identify a set of packet trace manipulation operations that enable us to generate a trace bottom-up: our trace primitives can be traces from different environments or artificially generated ones; our basic operations include merging of two traces, moving a flow across time, duplicating a flow, and stretching a flow's time-scale. After discussing the potential as ell as the dangers of each operation with respect to analysis at different protocol layers, we present a framework within which these operations can be realized and show an example configuration for our prototype.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Advanced pipe and filters architecture &TTM plugin package project.http://www.net.informatik.tu-muenchen.de/ rdc/.
|
| |
2
|
S.Bajaj, L.Breslau, D.E trin, K.Fall, S.Floyd, P.Haldar, M.Handley, A.Helmy, J.Heidemann, P.Huang, S.Kumar, S.McCanne, R.Rejaie,P.Sharma, S.Shenker, K.Varadhan, H.Yu, Y.Xu, and D.Zappala. Virtual InterNetwork Testbed: Status and research agenda. Technical Report 98--678,University of Southern California,July 1998.
|
| |
3
|
Frank Buschmann , Regine Meunier , Hans Rohnert , Peter Sommerlad , Michael Stal, Pattern-oriented software architecture: a system of patterns, John Wiley & Sons, Inc., New York, NY, 1996
|
| |
4
|
Cisco Netflow. http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
|
 |
5
|
|
| |
6
|
ENDACE measurement systems. http://www.endace.com/.
|
| |
7
|
Cristian Estan , Ken Keys , David Moore , George Varghese, Building a better NetFlow, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
|
| |
8
|
A. Feldmann, H. Kong, O. Maennel, and A. Tudor. Measuring BGP pas-through time. In Proc. of the Passive and Active Measurement Workshop (PAM),2004.
|
| |
9
|
Wu-chang Feng , Ashvin Goel , Abdelmajid Bezzaz , Wu-chi Feng , Jonathan Walpole, TCPivo: a high-performance packet replay engine, Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, August 25-27, 2003, Karlsruhe, Germany
[doi> 10.1145/944773.944783]
|
| |
10
|
P. Kamath , K. Lan , J. Heidemann , J. Bannister , J. Touch, Generation of High Bandwidth Network Traffic Traces, Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS'02), p.401, October 11-16, 2002
|
| |
11
|
|
| |
12
|
C. Kreibich. Design and Implementation of Netdude, a Framework for Packet Trace Manipulation. In Proc. Usenix Technical Conference, Freenix Track 2004.
|
| |
13
|
|
| |
14
|
S. McCanne and V. Jacob on. The bsd packet filter: A new architecture for user-level packet capture. In U. Association, editor, Proc. Winter 1993 USENIX Conference USENIX Association,1993.
|
| |
15
|
P. Phaal, S. Panchen, and N. McKee. sFlow,2001. RFC 3176.
|
| |
16
|
A. Rupp. A Software System for Packet Trace Customization with Application to NIDS Evaluation.Master 'thesis, Universit ät de Saarlandes,Germany,2004.
|
| |
17
|
The tcpdump libpcap project. http://www.tcpdump.org/.
|
| |
18
|
The tcpreplay project. http://tcpreplay.sourceforge.net/.
|
| |
19
|
M.Völter. PluggableComponent -A Pattern for Interactive System Configuration. In Proc. of the 4th European Conference on Pattern Languages of Programming and Computing 1999.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.2