Topnet: a network-aware top(1)

Authors:
Antonis Theocharides;Demetres Antoniades;Michalis Polychronakis;Elias Athanasopoulos;Evangelos P. Markatos
Affiliations:
Foundation for Research and Technology, Hellas, Greece and University of Crete;Foundation for Research and Technology, Hellas, Greece and University of Crete;Foundation for Research and Technology, Hellas, Greece and University of Crete;Foundation for Research and Technology, Hellas, Greece and University of Crete;Foundation for Research and Technology, Hellas, Greece and University of Crete
Venue:
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Year:
2008

Citing 28
Cited 0

An extensible probe architecture for network protocol performance measurement

Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Kernel korner: Linux socket filter: sniffing bytes over the network

Linux Journal
Automatically inferring patterns of resource consumption in network traffic

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Distributed management by delegation

ICDCS '95 Proceedings of the 15th International Conference on Distributed Computing Systems
Accurate, scalable in-network identification of p2p traffic using application signatures

Proceedings of the 13th international conference on World Wide Web
Kernel Mucking in Top

LISA '94 Proceedings of the 8th USENIX conference on System administration
Transport layer identification of P2P traffic

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
VisFlowConnect: netflow visualizations of link relationships for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
MRTG - The Multi Router Traffic Grapher

LISA '98 Proceedings of the 12th USENIX conference on System administration
MRTG - The Multi Router Traffic Grapher

LISA '98 Proceedings of the 12th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool

LISA '00 Proceedings of the 14th USENIX conference on System administration
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Visual Correlation of Host Processes and Network Traffic

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visual Correlation of Host Processes and Network Traffic

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Traffic classification on the fly

ACM SIGCOMM Computer Communication Review
Identifying Known and Unknown Peer-to-Peer Traffic

NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Traffic classification through simple statistical fingerprinting

ACM SIGCOMM Computer Communication Review
Towards network awareness

LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
FFPF: fairly fast packet filters

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
The BSD packet filter: a new architecture for user-level packet capture

USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Bridging the host-network divide: survey, taxonomy, and solution

LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Characterizing residential broadband networks

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
NetADHICT: a tool for understanding network traffic

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Toward the accurate identification of network applications

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Traffic classification using a statistical approach

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Effective traffic measurement using ntop

IEEE Communications Magazine

Quantified Score

Hi-index	0.02

Visualization

Abstract

System administrators regularly use the top utility for understanding the resource consumption of the processes running on UNIX computers. Top provides an accurate and real-time display of the computing and memory capacity of the system among the running processes, but it provides no information about the network traffic sent and received by the processes running on the system. Although we've seen a proliferation of network monitoring tools that help system administrators understand the traffic flowing through their networks, most of these tools have been designed for network deployment and can not easily, if at all, provide real-time attribution of network resources to individual processes running on end hosts. In this paper, we describe the design and implementation of Topnet, an extension of the top UNIX utility that provides a process-centric approach to traffic monitoring. Topnet presents users with an intuitive real-time attribution of network resources to individual processes. Our evaluation suggests that Topnet through (i) the familiar user interface of top and (ii) a reasonable performance overhead, provides an accurate way to attribute network traffic to individual processes, enabling users to have a more comprehensive process-aware understanding of network resource consumption in their systems.