Title: Application-Level Traffic Monitoring and an Analysis on IP Networks
Abstract: ETRI JournalVolume 27, Issue 1 p. 22-42 Regular PaperFree Access Application-Level Traffic Monitoring and an Analysis on IP Networks Myung-Sup Kim, Myung-Sup KimSearch for more papers by this authorYoung J. Won, Young J. WonSearch for more papers by this authorJames Won-Ki Hong, James Won-Ki HongSearch for more papers by this author Myung-Sup Kim, Myung-Sup KimSearch for more papers by this authorYoung J. Won, Young J. WonSearch for more papers by this authorJames Won-Ki Hong, James Won-Ki HongSearch for more papers by this author First published: 01 February 2005 https://doi.org/10.4218/etrij.05.0104.0040Citations: 42 Myung-Sup Kim (phone: +82 54 279 5654, email: [email protected]), Young J. Won (email: [email protected]) and James Won-Ki Hong (email: [email protected]) are with the DPNM Laboratory, POSTECH, Pohang, Korea. AboutPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onFacebookTwitterLinkedInRedditWechat Abstract Traditional traffic identification methods based on well-known port numbers are not appropriate for the identification of new types of Internet applications. This paper proposes a new method to identify current Internet traffic, which is a preliminary but essential step toward traffic characterization. We categorized most current network-based applications into several classes according to their traffic patterns. Then, using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet, and characterized all the traffic according to their application types. References 1Se-Hee Han, Myung-Sup Kim, Hong-Taek Ju, and James W. Hong, "The Architecture of NG-MON: A Passive Network Monitoring System," LNCS 2506, DSOM 2002, Montreal, Canada, Oct. 2002, pp. 4– 27. 2Se-Hee Han, Hong-Taek Ju, Myung-Sup Kim, and James W. Hong, "Design of Next Generation High-Speed IP Network Traffic Monitoring and Analysis System," Proc. of 2002 Asia-Pacific Network Operations and Management Symp. (APNOMS 2002), Jeju, Korea, Sept. 25–27, 2002, pp. 282– 293. 3E. Rosen, A. Viswanathan, and R. Callon, "Multiprotocol Label Switching Architecture," RFC3031, IETF, Jan. 2001. 4Deb Agarwal, Jose Maria Gonzalez, Goujun Jin, and Brian Tierney, "An Infrastructure for Passive Network Monitoring of Application Data Streams," Passive and Active Measurement Workshop, La Jolla, California, Apr. 2003. 5Luca Deri, "Passively Monitoring Networks at Gigabit Speeds Using Commodity Hardware and Open Source Software," Passive and Active Measurement Workshop, La Jolla, California, Apr. 2003. 6Myung-Sup Kim, Hun-Jeong Kang, and James W. Hong, "Towards Peer-to-Peer Traffic Analysis Using Flows," Lecture Notes in Computer Science 2867, Edited by Marcus Brunner, Alexander Keller, 14th IFIP/IEEE Int'l Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003, pp. 55– 67. 7Hun-Jeong Kang, Myung-Sup Kim, and James Won-Ki Hong, "A Method on Multimedia Service Traffic Monitoring and Analysis," Lecture Notes in Computer Science 2867, Edited by Marcus Brunner, Alexander Keller, 14th IFIP/IEEE Int'l Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003, pp. 93– 105. 8Hun-Jeong Kang, Hong-Taek Ju, Myung-Sup Kim, and James W. Hong, "Towards Streaming Media Traffic Monitoring and Analysis," Proc. of 2002 Asia-Pacific Network Operations and Management Symp. (APNOMS 2002), Jeju, Korea, Sept. 25–27, 2002, pp. 503– 504. 9 Internet2, http://netflow.internet2.edu/weekly/, 2003. 10Subhabrata Sen and Jia Wang, "Analyzing Peer-to-Peer Traffic across Large Networks," Proc. of the second ACM SIGCOMM Workshop on Internet Measurement Workshop, Nov. 2002. 11Alexandre Gerber, Joseph Houle, Han Nguyen, Matthew Roughan, and Subhabrata Sen, "P2P The Gorilla in the Cable," National Cable & Telecommunications Association (NCTA) 2003 National Show, Chicago, IL, June 8–11, 2003. 12Stefan Saroiu, Krishna P. Gummadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy, "An Analysis of Internet Content Delivery Systems," Proc. of the Fifth Symp. on Operating Systems Design and Implementation (OSDI 2002), Boston, MA, Dec. 2002. 13Nathaniel Leibowitz, Matei Ripeanu, and Adam Wierzbicki, "Deconstructing the KaZaA Network," 3rd IEEE Workshop on Internet Applications (WIAPP'03), June 2003. 14Nathaniel Leibowitz, Aviv Bergman, Roy Ben-Shaul, and Aviv Shavit, "Are File Swapping Networks Cacheable?" 7th Int'l Workshop on Web Content Caching and Distribution (WCW), Boulder, Colorado, 2002. 15 IANA, http://www.iana.org/assignments/port-numbers. 16 Microsoft, Windows Media Technology, http://www.microsoft.com/windows/windowsmedia/default.asp. 17Jacobus van der Merwe, Ramon Caceres, Yang-hua Chu, and Cormac Sreenan "mmdump- A Tool for Monitoring Internet Multimedia Traffic," ACM Computer Communication Review, Vol. 30, no. 4, Oct. 2000. 18TS Choi, CH Kim, SH Yoon, JS Park, HS Chung, BJ Lee, HH Kim, and TS Jeong, "Rate-Based Internet Accounting System Using Application-Aware Traffic Measurement," Proc. of 2003 Asia-Pacific Network Operations and Management Symp. (APNOMS 2003), Fukuoka, Japan, Oct. 1–3, 2003, pp. 404– 415. 19 Argus, http://www.qosient.com/argus. 20Remco Poortinga, Remco van de Meent, and Aiko Pras, "Analysing Campus Traffic Using the meter-MIB," Proc. of the Passive and Active Measurement Workshop (PAM2002), Mar. 25–27, 2002. 21Chuck Fraleigh, Sue Moon, Bryan Lyles, Chase Cotton, Mujahid Khan, Deb Moll, Rob Rockell, Ted Seely, and Christophe Diot, "Packet-Level Traffic Measurements from the Sprint IP Backbone," IEEE Network, 2003. 22Juergen Quittek, Marcelo Pias, and Marcus Brunner, "Integrating IP Traffic Flow Measurement," Proc. of Workshop on Passive and Active Measurements (PAM2001), Apr. 23–24, 2001. 23Sharad Agarwal, Chen-Nee Chuah, Supratik Bhattacharyya, and Christophe Diot, The Impact of BGP Dynamics on Intra-Domain Traffic, Sprint ATL Research Report Nr. RR03-ATL-111377, Sprint ATL, Nov. 2003. 24Ranjita Bhagwan, Stefan Savage, and Geoffrey Voelker, "Understanding Availability," Proc. of the 2nd Int'l Workshop on Peer-to-Peer Systems (IPTPS '03), Berkeley, CA, Feb. 2003. 25B. Krishnamurthy, J. Wang, and Y. Xie, "Early Measurements of a Cluster-Based Architecture for P2P Systems," ACM SIGCOMM Internet Measurement Workshop, San Francisco, CA, Nov. 2001. 26Krishna P. Gummadi, Richard J. Dunn, Stefan Saroiu, Steven D. Gribble, Henry M. Levys, and John Zahorjan, "Measurement, Modeling, and Analysis of a Peer-to-Peer File-Sharing Workload," Proc. of the 19th ACM Symp. on Operating Systems Principles (SOSP-19), Oct. 2003. 27S. Saroiu, P. Gummadi, and S.D. Gribble, "A Measurement Study of Peer-to-Peer File Sharing Systems," Proc. of Int'l Conf. on Distributed Computing Systems, 2002. 28P. Krishna Gummadi, Stefan Saroiu, and Steven Gribble, " A Measurement Study of Napster and Gnutella as Examples of Peer-to-Peer File Sharing Systems." 29J. Chu, K. Labonte, and B. Levine, "Availability and Locality Measurements of Peer-to-Peer File Systems," Proc. of ITCom: Scalability and Traffic Control in IP Networks, July 2002. 30E.P. Markatos, "Tracing a Large-Scale Peer-to-Peer System: an Hour in the Life of Gnutella," 2nd IEEE/ACM Int'l Symp. on Cluster Computing and the Grid, 2002. 31Dave Plonka, FlowScan, http://net.doit.wisc.edu/~plonka/lisa/FlowScan/. Citing Literature Volume27, Issue1February 2005Pages 22-42 ReferencesRelatedInformation