Abstract
Network monitoring has always played a key role in understanding telecommunication networks since the pioneering time of the Internet. Today, monitoring traffic has become a key element to characterize network usage and users’ activities, to understand how complex applications work, to identify anomalous or malicious behaviors, etc. In this paper we present our experience in engineering and deploying Tstat, a passive monitoring tool that has been developed in the past ten years. Started as a scalable tool to continuously monitor packets that flow on a link, Tstat has evolved into a complex application that gives to network researchers and operators the possibility to derive extended and complex measurements. Tstat offers the capability to track traffic flows, it integrates advanced behavioral classifiers that identify the application that has generated a flow, and automatically derives performance indexes that allow to easily characterize both network usage and users’ activity. After describing Tstat capabilities and internal design, in this paper we present some examples of measurements collected deploying Tstat at the edge of our campus network for the past years.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kapoor, R., Chen, L.-J., Lao, L., Gerla, M., Sanadidi, M.Y.: CapProbe: A Simple and Accurate Capacity Estimation Technique. In: ACM SIGCOMM’04, Portland, USA (2004)
Downey, A.B.: Using pathchar to estimate Internet link characteristics. ACM SIGCOMM Computer Communication Review (1999)
Rizzo, L.: Dummynet: a simple approach to the evaluation of network protocols. ACM Computer Communication Review (January 1997)
Wireshark Homepage, http://www.wireshark.org/
Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: 13th USENIX LISA Conference (1999)
Moore, D., Keys, K., Koga, R., Lagache, E., Claffy, K.: The CoralReef Software Suite as a Tool for System and Network Administrators. In: 15th USENIX Conference on System Administration, San Diego, CA (December 2001)
TSTAT Homepage, http://tstat.tlc.polito.it
TCPTrace Homepage, http://www.tcptrace.org
Mellia, M., Meo, M., Muscariello, L., Rossi, D.: Passive analysis of TCP anomalies. Elsevier Computer Networks 52(14) (October 2008)
Rossi, D., Casetti, C., Mellia, M.: User Patience and the Web: a Hands-on Investigation. In: IEEE Globecom’03, San Francisco, CA, USA (December 2003)
IPP2P Homepage, http://www.ipp2p.org
Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P.: Revealing Skype Traffic: When Randomness Plays with You. ACM SIGCOMM Computer Communication Review 37(4), 37–48 (2007)
Rossi, D., Mellia, M.: Real-Time TCP/IP Analysis with Common Hardware. In: IEEE International Conference of Communication (ICC’06), Istanbul, Turkey (June 2006)
Rossi, D., Valenti, S., Veglia, P., Bonfiglio, D., Mellia, M., Meo, M.: Pictures from the Skype. ACM Performance Evaluation Review (PER) 36(2), 83–86 (2008)
Endace Homepage, http://www.endace.com
AITIA Homepage, http://www.aitia.ai
RRDtool Homepage, http://oss.oetiker.ch/rrdtool/
TSTAT RRD Web interface, http://tstat.tlc.polito.it/web.shtml
GARR Homepage, http://www.garr.it/reteGARR/index.php
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Finamore, A., Mellia, M., Meo, M., Munafò, M.M., Rossi, D. (2010). Live Traffic Monitoring with Tstat: Capabilities and Experiences. In: Osipov, E., Kassler, A., Bohnert, T.M., Masip-Bruin, X. (eds) Wired/Wireless Internet Communications. WWIC 2010. Lecture Notes in Computer Science, vol 6074. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13315-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-13315-2_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13314-5
Online ISBN: 978-3-642-13315-2
eBook Packages: Computer ScienceComputer Science (R0)