Network discovery from passive measurements

  • Authors:
  • Brian Eriksson;Paul Barford;Robert Nowak

  • Affiliations:
  • University of Wisconsin - Madison, Madison, WI, USA;University of Wisconsin - Madison, Madison, WI, USA;University of Wisconsin - Madison, Madison, WI, USA

  • Venue:
  • Proceedings of the ACM SIGCOMM 2008 conference on Data communication
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Understanding the Internet's structure through empirical measurements is important in the development of new topology generators, new protocols, traffic engineering, and troubleshooting, among other things. While prior studies of Internet topology have been based on active (traceroute-like) measurements, passive measurements of packet traffic offer the possibility of a greatly expanded perspective of Internet structure with much lower impact and management overhead. In this paper we describe a methodology for inferring network structure from passive measurements of IP packet traffic. We describe algorithms that enable 1) traffic sources that share network paths to be clustered accurately without relying on IP address or autonomous system information, 2) topological structure to be inferred accurately with only a small number of active measurements, 3) missing information to be recovered, which is a serious challenge in the use of passive packet measurements. We demonstrate our techniques using a series of simulated topologies and empirical data sets. Our experiments show that the clusters established by our method closely correspond to sources that actually share paths. We also show the trade-offs between selectively applied active probes and the accuracy of the inferred topology between sources. Finally, we characterize the degree to which missing information can be recovered from passive measurements, which further enhances the accuracy of the inferred topologies.