Extracting attack sessions from real traffic with intrusion prevention systems
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Real-time volume control for interactive network traffic replay
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Today's Internet backbone networking devices need to be tested under realistic traffic conditions at transmission rates of OC-48 and above. While commercially available synthetic traffic generators are capable of keeping up with high transmission rates, they fail to produce realistic mixes of flow, packet and address arrival patterns. We explore the alternative of replaying real packet traces from high-speed links using multiple commodity PCs equipped with lower-speed network interfaces. Such an approach is inherently cost-effective because of the use of commodity hardware, and can scale up to any desired transmission rate. We first examine how to split a trace among multiple PCs for the purpose of replaying, and validate our technique using simulations. We use a wavelet 'spectrum' or energy plot for this purpose which enables traffic processes to be viewed simultaneously on many time-scales. Then we present an implementation using Linux PCs with gigabit Ethernet interfaces to replay OC-48 packet traces from the Sprint backbone. Our results show that the replayed trace is very similar to the original trace at most time scales. We are also able to pinpoint the specific system components that contributed to the replay inaccuracy, as well as identify several important challenges that remain to be explored in-depth.