Dummynet: a simple approach to the evaluation of network protocols
ACM SIGCOMM Computer Communication Review
Using pathchar to estimate Internet link characteristics
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
CapProbe: a simple and accurate capacity estimation technique
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
The CoralReef Software Suite as a Tool for System and Network Administrators
LISA '01 Proceedings of the 15th USENIX conference on System administration
Revealing skype traffic: when randomness plays with you
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Passive analysis of TCP anomalies
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACM SIGMETRICS Performance Evaluation Review
Mining unclassified traffic using automatic clustering techniques
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Design and control of next generation distribution frames
Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward scalable internet traffic measurement and analysis with Hadoop
ACM SIGCOMM Computer Communication Review
| Hi-index | 0.00 |
Network monitoring has always played a key role in understanding telecommunication networks since the pioneering time of the Internet. Today, monitoring traffic has become a key element to characterize network usage and users’ activities, to understand how complex applications work, to identify anomalous or malicious behaviors, etc. In this paper we present our experience in engineering and deploying Tstat, a passive monitoring tool that has been developed in the past ten years. Started as a scalable tool to continuously monitor packets that flow on a link, Tstat has evolved into a complex application that gives to network researchers and operators the possibility to derive extended and complex measurements. Tstat offers the capability to track traffic flows, it integrates advanced behavioral classifiers that identify the application that has generated a flow, and automatically derives performance indexes that allow to easily characterize both network usage and users’ activity. After describing Tstat capabilities and internal design, in this paper we present some examples of measurements collected deploying Tstat at the edge of our campus network for the past years.