BITS Darshini: A Modular, Concurrent Protocol Analyzer Workbench

Network measurements are essential for troubleshooting and active management of networks. Protocol analysis of captured network packet traffic is an important passive network measurement technique used by researchers and network operations engineers. In this work, we present a measurement workbench tool named BITS Darshini (Darshini in short) to enable scientific network measurements. We have created Darshini as a modular, concurrent web application that stores experimental meta-data and allows users to specify protocol parse graphs. Darshini performs protocol analysis on a concurrent pipeline architecture, persists the analysis to a database and provides the analysis results via a REST API service. We formulate the problem of mapping protocol parse graph to a concurrent pipeline as a graph embedding problem. Our tool, Darshini, performs protocol analysis up to transport layer and is suitable for the study of small and medium-sized networks. Darshini enables secure collaboration and consultations with experts.

[1]  Luca Deri,et al.  Effective traffic measurement using ntop , 2000 .

[2]  George Varghese,et al.  Design principles for packet parsers , 2013, Architectures for Networking and Communications Systems.

[3]  Xavier Hesselbach,et al.  Virtual Network Embedding: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[4]  George Varghese,et al.  Leaping Multiple Headers in a Single Bound: Wire-Speed Parsing Using the Kangaroo System , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[6]  Anshul Arora,et al.  Minimizing Network Traffic Features for Android Mobile Malware Detection , 2017, ICDCN.

[7]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[8]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[9]  Anja Feldmann,et al.  Distilling the Internet's Application Mix from Packet-Sampled Traffic , 2015, PAM.

[10]  tcpdump Tcpdump/Libpcap public repository , 2010 .

[11]  Jeffrey C. Mogul,et al.  The packer filter: an efficient mechanism for user-level network code , 1987, SOSP '87.

[12]  Gordon J. Brebner,et al.  400 Gb/s Programmable Packet Parsing on a Single FPGA , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[13]  Jan Korenek,et al.  Low-latency modular packet header parser for FPGA , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[14]  Tristan Henderson,et al.  CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth , 2005, IEEE Pervasive Comput..

[15]  Carey L. Williamson,et al.  Internet Traffic Measurement , 2001, IEEE Internet Comput..

[16]  Raouf Boutaba,et al.  ViNEYard: Virtual Network Embedding Algorithms With Coordinated Node and Link Mapping , 2012, IEEE/ACM Transactions on Networking.

[17]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[18]  Vern Paxson,et al.  Strategies for sound internet measurement , 2004, IMC '04.