This document discusses network flow analysis of traffic data from the Internet2 Abilene network. It provides an overview of Netflow data collection and analysis techniques, along with some preliminary results. Future work is proposed to further examine the dynamics, structure, and anomalies within the large-scale network flow data.
The document discusses communication between layers in network protocols. It explains that when an upper layer requests services from the lower layer, it sends a protocol data unit (PDU) to the lower layer. The lower layer then encapsulates the upper layer PDU by adding a header and sending the entire packet to the corresponding lower layer in another machine. This process continues until the physical layer transmits the data. The document also provides details about the TCP/IP protocol stack and encapsulation process, and describes the header fields of IPv4 packets.
SCOR: Constraint Programming-based Northbound Interface for SDNFarzaneh Pakzad
1) The document presents a constraint programming (CP)-based approach for implementing a northbound interface for software-defined networking (SDN) controllers.
2) The proposed interface uses MiniZinc, a CP modeling language, to define predicates for quality-of-service (QoS) routing algorithms and traffic engineering applications.
3) Example predicates modeled in MiniZinc include the network path predicate, path cost predicate, and capacity guarantee predicate.
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
The transport layer provides end-to-end communication between processes on different machines. Two main transport protocols are TCP and UDP. TCP provides reliable, connection-oriented data transmission using acknowledgments and retransmissions. UDP provides simpler, connectionless transmission but without reliability. Both protocols use port numbers to identify processes and negotiate quality of service options during connection establishment.
The document summarizes key aspects of the transport layer and two main Internet transport protocols: TCP and UDP. It describes how the transport layer provides logical communication between application processes on different hosts by breaking messages into segments and reassembling them. TCP provides reliable, in-order delivery using congestion control with additive increase/multiplicative decrease, while UDP provides unreliable delivery. The document also discusses causes of network congestion and how TCP detects and responds to packet loss.
Link Capacity Estimation in SDN-based End-hostsFarzaneh Pakzad
Software Defined Networking (SDN) is a new
paradigm that facilitates network management and control.
In our work, we explore the use of SDN for the control of
network traffic on end-hosts. In particular, we use an OpenFlow
software switch (OVS) to load balance application traffic across
the multiple available network interfaces. A typical example is
the simultaneous use of Wifi and 4G interfaces on a mobile
device. In order to achieve optimal load balancing, it is critical
to know the capacity of the last-hop links associated with the
different interfaces. In this paper, we explore and adapt active
packet probing mechanisms to the scenario of SDN-based endhost
traffic control, in order to estimate the link capacity. In
particular, we investigate the use of Variable Packet Size (VPS)
probing, and demonstrate its viability via experiments.
Introduction and transport layer services, Multiplexing and Demultiplexing, Connection less transport (UDP), Principles of reliable data transfer, Connection oriented transport (TCP), Congestion control.
Evaluation of mininet WiFi integration via ns-3Farzaneh Pakzad
Mininet is a Linux-based network emulator that
is particularly widely used for Software Defined Network experiments,
due to its in-built support for OpenFlow switches.
However, Mininet currently lacks support for wireless links. A
recent work has addressed this limitation by using the realtime
feature of ns-3 to integrate the IEEE 802.11 channel
emulation feature with Mininet, which we refer to as Mininetns3-
WiFi. While this approach has great potential to serve as
an experimental platform, in particular for Software Defined
Wireless Networks, it has not been extensively evaluated in terms
of experiment result accuracy and fidelity. This is critical for any
system that integrates simulation with real-time components. In
this paper, we present a detailed evaluation of the fidelity of
experimental results of Mininet-ns3-WiFi. We further present
a reliable and low cost method that gives an experimenter an
indicator about the fidelity and trustworthiness of the results.
Tunneling is a protocol that allows for the secure movement of data from one network to another
Tunneling involves allowing private network communications to be sent across a public network, such as the Internet
In tunneling, the data are broken into smaller pieces called packets as they move along the tunnel for transport
As the packets move through the tunnel, they are encrypted and another process called encapsulation occurs
Unicasting , Broadcasting And Multicasting Newtechbed
This document summarizes three different types of network transmission methods: unicasting, multicasting, and broadcasting. Unicasting involves sending messages to a single destination host and requires a direct connection between client and server. Multicasting allows sending of data to multiple clients simultaneously by registering interest in the data stream. Broadcasting sends information from one source to all connected sources on a network segment.
A Mobile Ad-hoc network is a set of mobile terminals moving in different directions at different
speed being wirelessly connected to each-other. In this paper we study the proactive Link State Routing
Protocol – OLSR, which uses hello and topology control (TC) messages to find then distribute link state
data throughout the mobile ad hoc network. Individual nodes use this topology data to calculate next hop
destinations for all nodes within the network using shortest hop forwarding paths. We then suggest ways
by which the existing algorithm can be optimized in terms of delay, throughput, power consumption, jitter
etc. Finally we summarize the applications of OLSR.
This document discusses the Teredo protocol, which enables IPv6 connectivity for nodes located behind IPv4 NAT devices. It explains how Teredo works by tunneling IPv6 packets over UDP through NATs. While Teredo allows IPv6 connectivity, it also raises security concerns by bypassing security controls and allowing unsolicited traffic. The document analyzes attacks that could exploit vulnerabilities in Teredo tunnels, such as a denial of service attack against a Teredo server using a single packet. It investigates whether Teredo represents a security risk or is a worthwhile transition mechanism from IPv4 to IPv6.
The document provides an overview of the BitTorrent protocol. It describes BitTorrent's history and operation, including how it uses trackers and a peer-to-peer network to efficiently distribute file pieces among users. Key terms are defined, such as torrents, peers, seeds, and leechers. The BitTorrent protocol specifications are also outlined, including how it uses bencoding for metadata, trackers for peer discovery, and a tit-for-tat incentive mechanism to encourage sharing.
our schemes forgoes ip address entirely and instead uses hostnames as identifiers in packets. The scalability of routing in ensured by encapsulating these packets in highly aggregated routing allocator. We use autonomous system numbers (ANSs) and Here we are going to present data experiment which shows that a much simple and scalable routing future internet by using fewer identifiers for its entities.
This document provides an overview of the network simulator NS2. It discusses the basics of networking including LANs and WANs. It then describes the history and development of NS1 and NS2. Key aspects of NS2 like its design, workflow and supported routing protocols are explained. Challenges of simulating networks and tips for using NS2 are also provided. The document concludes with references for learning more about NS2.
IP is the network layer protocol that provides an unreliable, connectionless, best-effort delivery service for transmitting data packets across networks. It operates by fragmenting large data packets into smaller fragments if needed to meet the maximum transmission unit size of the underlying data link layer. Key fields in the IP header include the identification field to identify fragments of the same packet, the fragment offset field to indicate the position of data in the original packet, and flags to indicate if a packet is a fragment or the last fragment.
We describe the features of Communication Groups i TIPC, i.e., the ability to instantiate multiple lightweight brokerless messages buses per user as part of the TIPC messaging service.
We discuss the operation of bit-torrent, the framework behind its working nature and have listed the proposed modifications to deal with performance issues, research challenges and factors to be considered while implementing bit-torrent in a P2P social network. Bit torrent
has been slowly migrating from its conventional public file
sharing role to a social network. In todays world, recognition of having a more distributed and decentralized social network has grown largely among people. We have presented a paradigm for the design of bit-torrent style sharing feature in P2P social network.
IPv10 is a proposed protocol that allows IPv6 and IPv4 hosts to communicate by putting both IPv6 and IPv4 addresses in the same packet header, denoted IPv10. This addresses issues with IPv4 depletion by enabling continued communication between IPv4-only and IPv6-only hosts. IPv10 introduces efficient inter-version communication, allows indefinite coexistence of IPv4 and IPv6 hosts, and increases the overall available address space. It can be deployed quickly by updating host network cards to support the IPv10 packet format.
IPC allows processes to communicate and share resources. There are several common IPC mechanisms, including message passing, shared memory, semaphores, files, signals, sockets, message queues, and pipes. Message passing involves establishing a communication link and exchanging fixed or variable sized messages using send and receive operations. Shared memory allows processes to access the same memory area. Semaphores are used to synchronize processes. Files provide durable storage that outlives individual processes. Signals asynchronously notify processes of events. Sockets enable two-way point-to-point communication between processes. Message queues allow asynchronous communication where senders and receivers do not need to interact simultaneously. Pipes create a pipeline between processes by connecting standard streams.
The purpose of this document is to illustrate a high level overview of the traffic flow between Enroll / Worx Home / Receiver, Netscaler, XenMobile Device Manager, and XenMobile AppController.
Ferdinand Magellan was a Portuguese explorer who led the first expedition to circumnavigate the globe between 1519 and 1522. The expedition was sponsored by King Charles V of Spain and aimed to reach the Spice Islands in present-day Indonesia by sailing west, against prevailing winds, hoping to find a western route for European trade. Magellan's fleet of five ships was the first to sail from the Atlantic to the Pacific Ocean through the southern tip of South America, which was later named the Strait of Magellan. Although Magellan did not survive the entire voyage, as he was killed in the Philippines, the expedition successfully circumnavigated the globe for the first time, proving the Earth was round and establishing Europe's
Social media: delivering on expectationsJason Dawson
Workshop presentation from ALGIM 2011 Local Govt Web Symposium, 2 May 2011. Covers social media policy, monitoring social media, tools to manage social media and examples during crisis management (including Christchurch earthquake).
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
My IT Management course in UBC MBA
Prof: Ron Cenfetelli
Web 2.0 – Moving beyond HTML
Confidentiality
Authentication
Ability to verify the identity of people/organizations
Data/Message Integrity
Ensuring communications were not modified in transit/storage
Nonrepudiation
Parties cannot deny a communication
Proof that the sender sent and proof that the receiver received
The transport layer in computer networking provides host-to-host communication services for applications. It provides functions like connection-oriented data streams, reliability, flow control, and multiplexing. Common transport layer protocols include TCP, UDP, SCTP, and SPX. The OSI transport layer defines five classes of connection-mode protocols: class 0 (unacknowledged mode), class 1 (acknowledged mode), class 2 (numbered mode), class 3 (alternate mode), and class 4 (unconfirmed mode).
This document provides an overview of IP networking and TCP/IP basics. It discusses the origins of TCP/IP in the ARPANET project and the distributed network design. It describes the OSI model and compares it to the TCP/IP architecture. It also covers IP addressing and numbering, client-server architecture, IP forwarding, and some common network troubleshooting tools.
ip net basic understanding slide show pptlolo749806
This document provides an overview of IP networking and TCP/IP basics. It discusses the origins of TCP/IP from the ARPANET project in the 1960s and its distributed network design. It also describes the OSI model and how TCP/IP maps to it, with layers for the application, transport, internet, and link levels. Finally, it covers client-server architecture and IP addressing fundamentals like public and private address spaces.
This document provides an overview of the CIS 3360: Security in Computing course being taught by Cliff Zou in Spring 2012. The objectives of the course are to obtain basic knowledge of computer networking, the Internet, network applications and protocols like TCP/IP. It introduces some key concepts like the layered Internet protocol stack, packet switching, and the hierarchical structure of the Internet as a network of networks consisting of end systems, routers, and communication links. Example applications and protocols for each layer are also discussed at a high level.
preKnowledge-InternetNetworking Android's mobile operating system is based on...jeronimored
This document provides an overview of the objectives and topics to be covered in the CIS 3360: Security in Computing course. The objectives include obtaining basic knowledge of computer networking, the Internet, network protocols like TCP/IP, and assigned reading materials. The lecture materials will cover topics like a brief history of the Internet, components and applications of the Internet, the hierarchical structure of networks, protocols like TCP and IP, and addressing processes using ports and IP addresses.
Routers forward data packets between networks while switches operate at the data link layer and forward packets within a local area network. Hubs simply broadcast all incoming data to all ports. The document provides answers to common CCNA interview questions about networking fundamentals like IP addressing, routing, switching, protocols and Cisco router components.
This document provides information about an assignment for the course "Network Programming and Administration". It includes details like the course code, title, assignment number, maximum marks, weightage, and due dates. The assignment has 4 questions worth 80 marks total. An additional 20 marks are for a viva voce. Question 1 asks about IPv6 and includes a sample solution. Question 2 includes subquestions about sliding window protocols, TCP/IP protocols in the OSI model, and LAN network types. Question 3 asks about HTTP and includes sample request methods and statuses.
This document summarizes the key aspects of routing protocols for mobile ad hoc networks (MANETs). It discusses three categories of routing protocols: proactive, reactive, and hybrid protocols. Proactive protocols maintain routing tables through regular table updates, while reactive protocols find routes on demand through route discovery. Common proactive protocols described include DSDV and OLSR, while reactive protocols like AODV are now more widely used due to lower overhead. Hybrid routing protocols incorporate aspects of both approaches.
The document discusses the OSI reference model and networking concepts. It describes the seven layers of the OSI model from the physical layer to the application layer. It also covers networking topics like LANs, WANs, MANs, internetworking, addressing, modes of service, and connecting networks using devices like repeaters, bridges, routers and gateways.
This document provides an overview of multimedia communication and networks. It discusses open data network models and the layered OSI model. It describes the narrow waist model of the Internet and some of its limitations. It also discusses transport protocols like TCP and UDP, addressing in TCP/IP, and popular applications that use UDP. The document is an introductory unit on network fundamentals and protocols.
This thesis studies the performance of internet services in Nigerian institutions of higher learning. Data was collected from several universities and polytechnics to analyze their internet operation and the performance of Network Interface Cards. The analysis found that nodes need to be upgraded from 10/100Mbps Ethernet to 10,000Mbps Ethernet for higher throughput and faster data transmission. Issues of internet bandwidth optimization, link load balancing, and cable upgrades were addressed. Lagrange interpolation was used to predict effective bandwidth based on internet user numbers. Analysis of installed cables recommended upgrading to fiber optic.
Routing is the process of finding a path for data to pass from source to destination, done by routers. Switches receive signals, create frames with destination addresses, and forward frames to the appropriate port, providing efficient transmission without broadcasting. Network congestion occurs when too many users try to use the same bandwidth, especially in large networks without segmentation.
Introduction to the Network Layer: Network layer services, packet switching, network layer performance, IPv4 addressing, forwarding of IP packets, Internet Protocol, ICMPv4, Mobile IP Unicast Routing: Introduction, routing algorithms, unicast routing protocols. Next generation IP: IPv6 addressing, IPv6 protocol, ICMPv6 protocol, transition from IPv4 to IPv6. Introduction to the Transport Layer: Introduction, Transport layer protocols (Simple protocol, Stop-and-wait protocol, Go-Back-n protocol, Selective repeat protocol, Bidirectional protocols), Transport layer services, User datagram protocol, Transmission control protocol
NETTING THE SET: WORKSHOP FOR LIBRARIANS & LIS STUDENTSSarika Sawant
two day workshop on “NETTING THE SET: WORKSHOP FOR LIBRARIANS & LIS STUDENTS” organized by SHPT School of Library Science, SNDT Women's University Library, Mumbai in collaboration with State Eligibility Test Department, University of Pune on 5 – 6th December 2008.
ECET 465 help Making Decisions/Snaptutorialpinck2329
This document provides information about ECET 465 coursework for week 7, including homework assignments and an iLab on analyzing the 802.11 wireless network protocol. The homework includes answering review questions from Chapter 6 of the textbook and solving problems. The iLab involves analyzing a trace file of captured 802.11 frames to investigate wireless host activities like HTTP requests sent over the wireless network.
Analysis of Random Based Mobility Model using TCP Traffic for AODV and DSDV M...ijsrd.com
In Mobile Ad hoc network (MANETS), no fixed infrastructure is available. Different wireless hosts are free to move from one location to another without any centralized administration, so, the topology changes rapidly or unpredictably. Every node operates as router as well as an end system. Routing in MANETs has been a challenging task ever since the wireless networks came into existence. The major reason for this is continues changes in network topology because of high degree of node mobility. The MANET routing protocols have mainly two classes: Proactive routing (or table-driven routing) protocols and Reactive routing (or on-demand routing) protocols. In this paper, we have analyzed various Random based mobility models: Random Waypoint model, Random Walk model, Random Direction model and Probabilistic Random Walk model using AODV and DSDV protocols in Network Simulator (NS 2.35). The performance comparison of MANET mobility models have been analyzed by varying number of nodes using traffic TCP. The comparative conclusions are drawn on the basis of various performance metrics such as: Routing Overhead (packets), Packet Delivery Fraction (%), Normalized Routing Load, Average End-to-End Delay (milliseconds) and Packet Loss (%).
This document provides an overview of routing protocols RIP and OSPF, access lists, and frame relay configuration in Cisco routers. It summarizes the key features of RIP and OSPF, including how they calculate routes differently. Configuration steps are shown for implementing routing protocols, access lists to filter traffic, and frame relay. The document concludes that future work will involve studying additional routing protocols and frame relay in more depth.
2. Overview
Data description
– The Internet2 (Abilene) data network
– Netflow traffic data
Data collection
Data analysis
– Techniques
– Preliminary results
Future work
3. What is Abilene?
Internet2 (Abilene) is a nationwide high-
speed data network for research and
higher education.
– Network backbone runs at 10 Gbps
– Over 220 member institutions
– Peers with over 40 other research networks
Abilene uses the same protocols as
Internet1 but only carries academic traffic.
– This is like the old NSFnet or vBNS
5. Why is Abilene Interesting?
The Abilene network is a transit network.
– It includes both international and domestic traffic.
– It offers a good view of server networks.
– Commercial transmit networks do not share traffic
data.
The Abilene network is uncongested.
– Statistics will not be biased by packet loss.
The Abilene network contains students.
– Students are unconcerned about niceties of law.
– There is a lot of peer-to-peer and “grey” traffic.
6. What is “Netflow”?
In the early 1990’s, Cisco introduced a
new network router architecture.
The “line cards” in their new routers
contained a hardware hash table for
current network connections.
Somebody got the bright idea of sending
entries from the table onto the network
before clearing them from the hash table.
7. What is a Network Flow?
A network flow consists of one or more packets sent
from a source (IP, port) to a destination (IP, port) using
a certain transport protocol during some time interval.
Example:
Source: 156.56.103.1, port 80
Dest.: 149.159.250.21, port 6132
Protocol: TCP
Packets: 20
The above network flow would be typical for a Web
connection.
8. Wait a Minute!
Don’t TCP connections involve two-way
communication?
– Yes, so every TCP connection is actually two flows
from the point of view of Netflow.
UDP and ICMP are stateless, so how can they be
aggregated into flows?
– We assume that packets with matching 5-tuples
during some period of time are part of the same flow.
Isn’t it hard for a router to keep up with this?
– Yes, so most modern routers sample the flow data at
a ratio of about 100:1.
9. How is Netflow transmitted?
Most modern routers support the “Netflow
v5” format for representing flows.
– This includes a variety of additional
information about each flow.
The router uses UDP to send packets
containing between 1 and 30 flow records
to a management workstation.
– (In this case, the management workstation is
sitting on my desk.)
10. Netflow-v5 Header Format
version number # of flows in packet
router uptime (ms)
export time (sec. since 1970-01-01 00:00:00 UTC)
export time (ns)
sequence number
engine type engine ID [padding]
11. Netflow-v5 Flow Record Format
source IP address
destination IP address
IP address of next-hop router
SNMP ifIndex (in) SNMP ifIndex (out)
total number of packets
total number of octets
router uptime at start of flow (ms)
router uptime at end of flow (ms)
source port destination port
[padding] TCP flags protocol ToS
source AS destination AS
source mask dest. mask [padding]
12. How Much Data is There?
The Abilene routers generate between
700,000,000 and 800,000,000 flows per
day.
– At 48 bytes per record, that amounts to
around 35 GB of data.
– Flows come in at a rate of about 3.4 Mbps.
– Data compresses at a ratio of about 2.8:1.
Most existing tools can’t handle this
volume of data.
13. What’s the Motivation?
Okay, so I’m storing egregious amounts of
data and making my hard drive whimper…
what for?
14. Flow Data as a Behavioral Network
Think of a single flow as defining an edge from a
source node to a destination node.
The resulting network describes the Internet as
it’s actually being used.
– Many possible biases are eliminated.
– A lot of dynamic information is included.
Most structural analysis of the Internet has
(necessarily) focused on its physical structure.
Imagine a Google based on data about where
people actually go!
15. Behavioral Anomaly Detection
My main interest is in recognizing different
types of behavior based on flow data.
– Can I determine whether a port is running a
peer-to-peer application?
– Can I see the spread of a new worm across
the network?
– Can I determine what kind of behavior is the
prelude to an attack?
– Can I find new peer-to-peer applications
before the word is out?
16. Preliminary Results
I wish this section had more, but I’m really
just getting off the ground…
The size of data has been a major
challenge.
– The network formed by a day of flow data has
about 29.7 million nodes and 128 million
edges.
– Just finding a way of converting a set of
captured flows to a sparse matrix
representation has been difficult.
20. Determining Clients and Servers
Every network connection involves two hosts:
– The client is the system that initiates the connection.
– The server is the system that accepts the connection.
Because of sampling, we’re as likely to see the
client-to-server side as the server-to-client side.
– This makes the direction basically meaningless.
We can guess which is which using the port
information.
– The more common port number indicates the server.
– The less common port number indicates the client.
23. Strength Distribution
This is the distribution of the total number
of octets in and out of each node.
Special problem for client/server version of
the network
– If we direct all flows from server to client,
what do we do when we only have a volume
for the opposite direction?
– For now, I treat the network as being
undirected for studying strength.
26. AS Numbers
An “autonomous system” is the basic
building block of the Internet.
– An AS is responsible for its own interior
routing.
– An AS is usually a large organization.
For example, IU has its own AS, as does AT&T.
31. Top 10 ASes on Internet2
By degree By strength
1. Hotmail 1. Abilene
2. Microsoft 2. University of Oregon
3. Microsoft-Europe 3. Hotmail
4. North Carolina (NCREN) 4. Microsoft
5. Michigan (MERIT) 5. North Carolina (NCREN)
6. University of Washington 6. UCSD
7. MIT 7. UCLA
8. UC-Berkeley 8. Michigan (MERIT)
9. UMass 9. University of Washington
10. China (CERNET) 10. UMass
37. Top 10 TCP Ports on Internet2
By degree By strength
1. Web 1. Web
2. Gnutella 2. iperf
3. MS Messenger 3. iperf
4. SQL Server 4. Usenet
5. Web (Encrypted) 5. RTP (Streaming)
6. Gnutella 6. iperf
7. Mail 7. SSH
8. Web Tunneling (8082) 8. BitTorrent
9. BitTorrent 9. Port 388 ?!?
10. Usenet 10. FTP
38. Where Do I Go Next?
Start to look at the dynamics of the network.
Focus on individual ports.
Examine clustering coefficients.
Attempt to filter out spoofed traffic.
Consider the server-only and client-only
networks.
– This will involve treating flows as edges in a bipartite
graph.
Cluster nodes, ASes, and ports.