Packet trace manipulation rramework for test labs

Authors:
Andy Rupp;Holger Dreger;Anja Feldmann;Robin Sommer
Affiliations:
Ruhr-Universität Bochum;TU München;TU München;TU München
Venue:
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Year:
2004

Citing 7
Cited 4

Pattern-oriented software architecture: a system of patterns

Pattern-oriented software architecture: a system of patterns
The click modular router

ACM Transactions on Computer Systems (TOCS)
Generation of High Bandwidth Network Traffic Traces

MASCOTS '02 Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
TCPivo: a high-performance packet replay engine

MoMeTools '03 Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research
Building a better NetFlow

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Operational experiences with high-volume network intrusion detection

Proceedings of the 11th ACM conference on Computer and communications security
Design and implementation of netdude, a framework for packet trace manipulation

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference

Realistic and responsive network traffic generation

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
FLAME: a flow-level anomaly modeling engine

CSET'08 Proceedings of the conference on Cyber security experimentation and test
Swing: realistic and responsive network traffic generation

IEEE/ACM Transactions on Networking (TON)
A flow trace generator using graph-based traffic classification techniques

Proceedings of the 6th International Wireless Communications and Mobile Computing Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Evaluating network components such as network intrusion detection systems, firewalls, routers, or switches suffers from the lack of available network traffic traces that on the one hand are appropriate for a specific test environment but on the other hand have the same characteristics as actual traffic. Instead of just capturing traffic and replaying the trace, we identify a set of packet trace manipulation operations that enable us to generate a trace bottom-up: our trace primitives can be traces from different environments or artificially generated ones; our basic operations include merging of two traces, moving a flow across time, duplicating a flow, and stretching a flow's time-scale. After discussing the potential as ell as the dangers of each operation with respect to analysis at different protocol layers, we present a framework within which these operations can be realized and show an example configuration for our prototype.