Distributed network analysis using TOPAS and Wireshark

Gerhard Münz; Georg Carle

doi:10.1109/NOMSW.2007.27

Distributed network analysis using TOPAS and Wireshark

Gerhard Münz, Georg Carle

University of Tübingen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

18 Scopus citations

Abstract

Distributed network analysis deals with the inspection of traffic observed at various locations in the network. The conventional approach is to deploy a full-fledged network analyzer at every observation point, which allows exhaustive examinations, but at the same time is a very costly solution. In this paper, we present an alternative approach using packet data exported by PSAMP and Flexible Netflow devices, such as routers, switches, and monitoring probes. Exported packet records are received by the real-time network analysis framework TOPAS and examined by the open-source network analyzer Wireshark. Monitoring devices are configured with a Monitor Manager in order to export only data needed to achieve the analysis goal. Apart from an architectural description, this paper contains the results of experimental performance evaluations and a discussion on the advantages and limitations of our approach.

Original language	English
Title of host publication	2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08
Pages	161-164
Number of pages	4
DOIs	https://doi.org/10.1109/NOMSW.2007.27
State	Published - 2008
Externally published	Yes
Event	2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08 - Salvador da Bahia, Brazil Duration: 7 Apr 2008 → 11 Apr 2008

Publication series

Name	2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08

Conference

Conference	2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08
Country/Territory	Brazil
City	Salvador da Bahia
Period	7/04/08 → 11/04/08

Access to Document

10.1109/NOMSW.2007.27

Cite this

@inproceedings{79e865445a42429da4138439d4714fd0,

title = "Distributed network analysis using TOPAS and Wireshark",

abstract = "Distributed network analysis deals with the inspection of traffic observed at various locations in the network. The conventional approach is to deploy a full-fledged network analyzer at every observation point, which allows exhaustive examinations, but at the same time is a very costly solution. In this paper, we present an alternative approach using packet data exported by PSAMP and Flexible Netflow devices, such as routers, switches, and monitoring probes. Exported packet records are received by the real-time network analysis framework TOPAS and examined by the open-source network analyzer Wireshark. Monitoring devices are configured with a Monitor Manager in order to export only data needed to achieve the analysis goal. Apart from an architectural description, this paper contains the results of experimental performance evaluations and a discussion on the advantages and limitations of our approach.",

author = "Gerhard M{\"u}nz and Georg Carle",

year = "2008",

doi = "10.1109/NOMSW.2007.27",

language = "English",

isbn = "9781424420674",

series = "2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08",

pages = "161--164",

booktitle = "2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08",

note = "2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08 ; Conference date: 07-04-2008 Through 11-04-2008",

}

Münz, G & Carle, G 2008, Distributed network analysis using TOPAS and Wireshark. in 2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08., 4509943, 2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08, pp. 161-164, 2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08, Salvador da Bahia, Brazil, 7/04/08. https://doi.org/10.1109/NOMSW.2007.27

TY - GEN

T1 - Distributed network analysis using TOPAS and Wireshark

AU - Münz, Gerhard

AU - Carle, Georg

PY - 2008

Y1 - 2008

N2 - Distributed network analysis deals with the inspection of traffic observed at various locations in the network. The conventional approach is to deploy a full-fledged network analyzer at every observation point, which allows exhaustive examinations, but at the same time is a very costly solution. In this paper, we present an alternative approach using packet data exported by PSAMP and Flexible Netflow devices, such as routers, switches, and monitoring probes. Exported packet records are received by the real-time network analysis framework TOPAS and examined by the open-source network analyzer Wireshark. Monitoring devices are configured with a Monitor Manager in order to export only data needed to achieve the analysis goal. Apart from an architectural description, this paper contains the results of experimental performance evaluations and a discussion on the advantages and limitations of our approach.

AB - Distributed network analysis deals with the inspection of traffic observed at various locations in the network. The conventional approach is to deploy a full-fledged network analyzer at every observation point, which allows exhaustive examinations, but at the same time is a very costly solution. In this paper, we present an alternative approach using packet data exported by PSAMP and Flexible Netflow devices, such as routers, switches, and monitoring probes. Exported packet records are received by the real-time network analysis framework TOPAS and examined by the open-source network analyzer Wireshark. Monitoring devices are configured with a Monitor Manager in order to export only data needed to achieve the analysis goal. Apart from an architectural description, this paper contains the results of experimental performance evaluations and a discussion on the advantages and limitations of our approach.

UR - http://www.scopus.com/inward/record.url?scp=51149107168&partnerID=8YFLogxK

U2 - 10.1109/NOMSW.2007.27

DO - 10.1109/NOMSW.2007.27

M3 - Conference contribution

AN - SCOPUS:51149107168

SN - 9781424420674

T3 - 2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08

SP - 161

EP - 164

BT - 2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08

T2 - 2008 IEEE Network Operations and Management Symposium Workshops - NOMS 08

Y2 - 7 April 2008 through 11 April 2008

ER -

Distributed network analysis using TOPAS and Wireshark

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this