Live Traffic Monitoring with Tstat: Capabilities and Experiences

Finamore, A.; Mellia, M.; Meo, M.; Munafò, M. M.; Rossi, D.

doi:10.1007/978-3-642-13315-2_24

A. Finamore²⁰,
M. Mellia²⁰,
M. Meo²⁰,
M. M. Munafò²⁰ &
…
D. Rossi²¹

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6074))

Included in the following conference series:

International Conference on Wired/Wireless Internet Communications

1294 Accesses
8 Citations

Abstract

Network monitoring has always played a key role in understanding telecommunication networks since the pioneering time of the Internet. Today, monitoring traffic has become a key element to characterize network usage and users’ activities, to understand how complex applications work, to identify anomalous or malicious behaviors, etc. In this paper we present our experience in engineering and deploying Tstat, a passive monitoring tool that has been developed in the past ten years. Started as a scalable tool to continuously monitor packets that flow on a link, Tstat has evolved into a complex application that gives to network researchers and operators the possibility to derive extended and complex measurements. Tstat offers the capability to track traffic flows, it integrates advanced behavioral classifiers that identify the application that has generated a flow, and automatically derives performance indexes that allow to easily characterize both network usage and users’ activity. After describing Tstat capabilities and internal design, in this paper we present some examples of measurements collected deploying Tstat at the edge of our campus network for the past years.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Kapoor, R., Chen, L.-J., Lao, L., Gerla, M., Sanadidi, M.Y.: CapProbe: A Simple and Accurate Capacity Estimation Technique. In: ACM SIGCOMM’04, Portland, USA (2004)
Google Scholar
Downey, A.B.: Using pathchar to estimate Internet link characteristics. ACM SIGCOMM Computer Communication Review (1999)
Google Scholar
Rizzo, L.: Dummynet: a simple approach to the evaluation of network protocols. ACM Computer Communication Review (January 1997)
Google Scholar
Wireshark Homepage, http://www.wireshark.org/
Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: 13th USENIX LISA Conference (1999)
Google Scholar
Moore, D., Keys, K., Koga, R., Lagache, E., Claffy, K.: The CoralReef Software Suite as a Tool for System and Network Administrators. In: 15th USENIX Conference on System Administration, San Diego, CA (December 2001)
Google Scholar
TSTAT Homepage, http://tstat.tlc.polito.it
TCPTrace Homepage, http://www.tcptrace.org
Mellia, M., Meo, M., Muscariello, L., Rossi, D.: Passive analysis of TCP anomalies. Elsevier Computer Networks 52(14) (October 2008)
Google Scholar
Rossi, D., Casetti, C., Mellia, M.: User Patience and the Web: a Hands-on Investigation. In: IEEE Globecom’03, San Francisco, CA, USA (December 2003)
Google Scholar
IPP2P Homepage, http://www.ipp2p.org
Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P.: Revealing Skype Traffic: When Randomness Plays with You. ACM SIGCOMM Computer Communication Review 37(4), 37–48 (2007)
Article Google Scholar
Rossi, D., Mellia, M.: Real-Time TCP/IP Analysis with Common Hardware. In: IEEE International Conference of Communication (ICC’06), Istanbul, Turkey (June 2006)
Google Scholar
Rossi, D., Valenti, S., Veglia, P., Bonfiglio, D., Mellia, M., Meo, M.: Pictures from the Skype. ACM Performance Evaluation Review (PER) 36(2), 83–86 (2008)
Article Google Scholar
Endace Homepage, http://www.endace.com
AITIA Homepage, http://www.aitia.ai
RRDtool Homepage, http://oss.oetiker.ch/rrdtool/
TSTAT RRD Web interface, http://tstat.tlc.polito.it/web.shtml
GARR Homepage, http://www.garr.it/reteGARR/index.php

Download references

Author information

Authors and Affiliations

Politecnico di Torino,
A. Finamore, M. Mellia, M. Meo & M. M. Munafò
TELECOM ParisTech,
D. Rossi

Authors

A. Finamore
View author publications
You can also search for this author in PubMed Google Scholar
M. Mellia
View author publications
You can also search for this author in PubMed Google Scholar
M. Meo
View author publications
You can also search for this author in PubMed Google Scholar
M. M. Munafò
View author publications
You can also search for this author in PubMed Google Scholar
D. Rossi
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science and Electrical Engineering, Luleå University of Technology, 97187, Luleå, Sweden
Evgeny Osipov
Computer Science Department, Karlstad University, Universitetgetan 2, 65188, Karlstad, Sweden
Andreas Kassler
CEC Zurich, Kreuzplatz 20, 8008, Zurich, Switzerland
Thomas Michael Bohnert
Departament d’Arquitectura de Computadors, Universitat Politècnica de Catalunya, Avgda. Víctor Balaguer, s/n, 08800, Barcelona, Spain
Xavier Masip-Bruin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Finamore, A., Mellia, M., Meo, M., Munafò, M.M., Rossi, D. (2010). Live Traffic Monitoring with Tstat: Capabilities and Experiences. In: Osipov, E., Kassler, A., Bohnert, T.M., Masip-Bruin, X. (eds) Wired/Wireless Internet Communications. WWIC 2010. Lecture Notes in Computer Science, vol 6074. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13315-2_24

Download citation

DOI: https://doi.org/10.1007/978-3-642-13315-2_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13314-5
Online ISBN: 978-3-642-13315-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics