Network traffic measurement

Last updated

In computer networks, network traffic measurement is the process of measuring the amount and type of traffic on a particular network. This is especially important with regard to effective bandwidth management.

Contents

Techniques

Network performance could be measured using either active or passive techniques. Active techniques (e.g. Iperf) are more intrusive but are arguably more accurate. Passive techniques have less network overhead and hence can run in the background to be used to trigger network management actions.

Measurement studies

A range of studies have been performed from various points on the Internet. The AMS-IX (Amsterdam Internet Exchange) is one of the world's largest Internet exchanges. It produces a constant supply of simple Internet statistics. There are also numerous academic studies that have produced a range of measurement studies [1] [2] [3] on frame size distributions, TCP/UDP ratios and TCP/IP options.

Tools

Various software tools are available to measure network traffic. Some tools measure traffic by sniffing and others use SNMP, WMI or other local agents to measure bandwidth use on individual machines and routers. However, the latter generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software, such as rogue machines on the network, or machines for which no compatible agent is available. In the latter case, inline appliances are preferred. These would generally 'sit' between the LAN and the LAN's exit point, generally the WAN or Internet router, and all packets leaving and entering the network would go through them. In most cases the appliance would operate as a bridge on the network so that it is undetectable by users.

Some tools used for SNMP monitoring are Tivoli Netcool/Proviso [4] by IBM, CA Performance Management by CA Technologies., [5] and SolarWinds [6]

Functions and features

Measurement tools generally have these functions and features:

See also

Related Research Articles

In computer networking, the User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network. Prior communications are not required in order to set up communication channels or data paths.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

Traffic shaping is a bandwidth management technique used on computer networks which delays some or all datagrams to bring them into compliance with a desired traffic profile. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds. It is often confused with traffic policing, the distinct but related practice of packet dropping and packet marking.

Network congestion in data networking and queueing theory is the reduced quality of service that occurs when a network node or link is carrying more data than it can handle. Typical effects include queueing delay, packet loss or the blocking of new connections. A consequence of congestion is that an incremental increase in offered load leads either only to a small increase or even a decrease in network throughput.

Deep packet inspection (DPI) or packet sniffing is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used to baseline application behavior, analyze network usage, troubleshoot network performance, ensure that data is in the correct format, check for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

FCAPS is the ISO Telecommunications Management Network model and framework for network management. FCAPS is an acronym for fault, configuration, accounting, performance, security, the management categories into which the ISO model defines network management tasks. In non-billing organizations accounting is sometimes replaced with administration.

Internet traffic is the flow of data within the entire Internet, or in certain network links of its constituent networks. Common traffic measurements are total volume, in units of multiples of the byte, or as transmission rates in bytes per certain time units.

NetFlow Communications protocol

NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup consists of three main components:

Network performance refers to measures of service quality of a network as seen by the customer.

Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages or other trouble. Network monitoring is part of network management.

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.

IP SLA is an active computer network measurement technology that was initially developed by Cisco Systems. IP SLA was previously known as Service Assurance Agent (SAA) or Response Time Reporter (RTR). IP SLA is used to track network performance like latency, ping response, and jitter, it also helps us to provide service quality.

Capacity management's goal is to ensure that information technology resources are sufficient to meet upcoming business requirements cost-effictively. One common interpretation of capacity management is described in the ITIL framework. ITIL version 3 views capacity management as comprising three sub-processes: business capacity management, service capacity management, and component capacity management.

Website monitoring is the process of testing and verifying that end-users can interact with a website or web application as expected. Website monitoring is often used by businesses to ensure website uptime, performance, and functionality is as expected.

Bandwidth management is the process of measuring and controlling the communications on a network link, to avoid filling the link to capacity or overfilling the link, which would result in network congestion and poor performance of the network. Bandwidth is described by bit rate and measured in units of bits per second (bit/s) or bytes per second (B/s).

Solaris network virtualization and resource control is a set of features originally developed by Sun Microsystems as the OpenSolaris Crossbow umbrella project, providing an internal network virtualization and quality of service framework within the Solaris Operating System.

The program ttcp is a utility for measuring network throughput, popular on Unix systems. It measures the network throughput between two systems using the TCP or optionally UDP protocols. It was written by Mike Muuss and Terry Slattery at BRL sometime before December 1984, to compare the performance of TCP stacks by the Computer Systems Research Group (CSRG) of the University of California, Berkeley and Bolt, Beranek and Newman (BBN) to help DARPA decide which version to place in 4.3BSD.

A data monitoring switch is a networking hardware appliance that provides a pool of monitoring tools with access to traffic from a large number of network links. It provides a combination of functionality that may include aggregating monitoring traffic from multiple links, regenerating traffic to multiple tools, pre-filtering traffic to offload tools, and directing traffic according to one-to-one and many-to-many port mappings.

ngrep

ngrep is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library.

References

  1. Murray, David; Terry Koziniec (2012). "The State of Enterprise Network Traffic in 2012". 18th Asia-Pacific Conference on Communications (APCC 2012).
  2. Zhang, Min; Maurizio Dusi; Wolfgang John; Changjia Chen (2009). "Analysis of udp traffic usage on internet backbone links". In Proceedings of the 2009 Ninth Annual International Symposium on Applications and the Internet.
  3. Wolfgang, John; Sven Tafvelin (2007). "Analysis of internet backbone traffic and header anomalies observed". ACM Wireless Networks. Proceedings of the 7th ACM SIGCOMM conference on Internet measurement.
  4. "Configuring IBM Tivoli Storage Manager SNMP". ibm.com. Retrieved 27 September 2018.
  5. "CA Performance Management - 2.8". docops.ca.com. Retrieved 27 September 2018.
  6. "SNMP Monitoring". SolarWinds.com. Retrieved 27 September 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.