How To Monitor Network Traffic On A Cell Phone



Similar documents
Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Based Traffic Analysis

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Network Monitoring and Management NetFlow Overview

NetFlow/IPFIX Various Thoughts

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Large-Scale Geolocation for NetFlow

Network Management & Monitoring

Introduction to Netflow

and reporting Slavko Gajin

Lab Characterizing Network Applications

NfSen Plugin Supporting The Virtual Network Monitoring

Configuring NetFlow Secure Event Logging (NSEL)

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Mini-Challenge 3. Data Descriptions for Week 1

NetFlow-Lite offers network administrators and engineers the following capabilities:

Cisco IOS Flexible NetFlow Technology

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Scalable Extraction, Aggregation, and Response to Network Intelligence

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Get Your FIX: Flow Information export Analysis and Visualization

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

Internet Management and Measurements Measurements

Detecting UDP attacks using packet symmetry with only flow data

Configuring Flexible NetFlow

IPTV Traffic Monitoring System with IPFIX/PSAMP

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Abstract /09/$25.00 c 2009 IEEE

UKCMG Industry Forum November 2006

Configuring NetFlow Secure Event Logging (NSEL)

Application Latency Monitoring using nprobe

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

Securing and Monitoring BYOD Networks using NetFlow

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Introduction to Cisco IOS Flexible NetFlow

Connecting North Carolina s Future Today. Application Monitoring: ClassScape Case Study. NCSU Centennial Networking Lab

Netflow Overview. PacNOG 6 Nadi, Fiji

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Nemea: Searching for Botnet Footprints

How To Identify Different Operating Systems From A Set Of Network Flows

Configuring NetFlow-lite

Analysis of a DDoS Attack

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Network congestion control using NetFlow

SonicOS 5.8: NetFlow Reporting

Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

An overview of traffic analysis using NetFlow

Practical Experience with IPFIX Flow Collectors

IPv6 measurement in CSTNET. CSTNET, CNIC, Sep. 2014

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Integrated Traffic Monitoring

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Detection of DNS Traffic Anomalies in Large Networks

SolarWinds Technical Reference

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

Limitations of Packet Measurement

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

Firewall Defaults and Some Basic Rules

Enhancing Flow Based Network Monitoring

Programming the Flowoid NetFlow v9 Exporter on Android

Cisco IOS Flexible NetFlow Command Reference

How To Configure Virtual Host with Load Balancing and Health Checking

Network traffic monitoring and management. Sonia Panchen 11 th November 2010

NSC E

Internet Traffic Trends A View from 67 ISPs

Overview of Network Traffic Analysis

Introduction. The Inherent Unpredictability of IP Networks # $# #

From traditional to alternative approach to storage and analysis of flow data. Petr Velan, Martin Zadnik

Innovative, High-Density, Massively Scalable Packet Capture and Cyber Analytics Cluster for Enterprise Customers

Signature-aware Traffic Monitoring with IPFIX 1

Firewall Examples. Using a firewall to control traffic in networks

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

Gaining Operational Efficiencies with the Enterasys S-Series

IPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-01

The Value of Flow Data for Peering Decisions

Q&A. DEMO Version

Inspecting DNS Flow Traffic for Purposes of Botnet Detection

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

EXPLORER. TFT Filter CONFIGURATION

UltraFlow -Cisco Netflow tools-

Measuring Cloud Service Health Using NetFlow/IPFIX: The WikiLeaks Case

Networking Fundamentals Part of the SolarWinds IT Management Educational Series

Technical Support Information

Cisco IOS Flexible NetFlow Overview

PANDORA FMS NETWORK DEVICES MONITORING

About Firewall Protection

WhatsUpGold. v NetFlow Monitor User Guide

OpenDaylight Project Proposal Dynamic Flow Management

How To Create A Network Monitoring System (Flowmon) In Avea-Tech (For Free)

This Technical Support Note shows the different options available in the Firewall menu of the ADTRAN OS Web GUI.

NB6 Series Quality of Service (QoS) Setup (NB6Plus4, NB6Plus4W Rev1)

SolarWinds Technical Reference

Comprehensive IP Traffic Monitoring with FTAS System

Netflow Collection with AlienVault Alienvault 2013

"Dark" Traffic in Network /8

How To Set Up Foglight Nms For A Proof Of Concept

Transcription:

Location-aware Network Monitoring using IPFIX/NetFlow Abdelkader Lahmadi Julien Vaubourg Olivier Festor Université de Lorraine Rick Hofstede Aiko Pras University of Twente NMRG meeting July 30, 2013 (compiled on: July 26, 2013)

Outline Context and motivation Information Elements Flowoid and SURFmap Conclusion and Future directions ahmadi et al Location-aware Network Monitoring (2/12)

Location-aware network monitoring Flow-based monitoring provides an aggregate view on the network traffic Data is usually exported from fixed locations If mobile devices become flow exporter, exporter location can be of interest! Smartphone traffic usage in space: simple questions Where often do users interact with their phones? How many applications does a user run in a specific location? How much network traffic does an application generate in a specific location? Why we need to know such information? Coupling space and time to understand mobile applications network usage: relate service quality parameters to location changes Anomaly detection, provider-independent measurements Associate locations to exported Flows draft-festor-ipfix-metering-process-location-01.txt Geographic coordinates: latitude, longitude, altitude Civic location: human readable information, postal address, proximity information ahmadi et al Location-aware Network Monitoring (3/12)

IPFIX Information Elements: geodetic location Geodetic point record: there is no known uncertainty Lahmadi et al Location-aware Network Monitoring (4/12)

IPFIX Information Elements: geodetic location Geodetic circle record: there is known uncertainty Lahmadi et al Location-aware Network Monitoring (5/12)

Flowoid Flowoid: an Open Source NetFlow exporter for Android devices Include location information in NetFlow version 9 records Lahmadi et al Location-aware Network Monitoring (6/12)

Geotagged network flows Support of newly defined information elements is added to existing flow collector software: nfdump Lahmadi et al Location-aware Network Monitoring (7/12)

Network traffic of an Android device: first analysis Data set A single user: Nexus 4 with Android Cyanogen version 4.2.0 The user interacts with his device without any restrictions 24 hours of measurements: 2013-07-21 23:53, 2013-07-22 23:56 Only 3G network communications Installed applications: Chrome, Email, duckduckgo, Google Maps, Facebook, Facebook messenger, Google Plus, Google talk, Google Ears, Twitter, Xabber, adaway ahmadi et al Location-aware Network Monitoring (8/12)

Overview of android network flows total bidirectionnel flows: 1789 total bytes: 27.5 M, total packets: 64801 Destination Ports Total ports 80 443 53 993 5222 100 18% 29% 32% 9% 4% Protocols TCP UDP ICMP 67% 32% 1% Distinct Contacted servers TCP UDP 151 2 TCP flows=1204 Destination IP address ports Flows KBytes 173.194.34.8, 173.194.34.33 443 0.46% 7051.24 178.170.95.127 993,5222 13.9% 2143.88 193.51.193.146 993 6.5% 1042.24 31.13.80.49, 31.13.80.1, 31.13.80.33, 443 16.5% 1793.83 31.13.80.6, 69.171.224.45 91.198.174.236 80 1.07% 1215.03 54.230.185.184 443 0.2% 974.17 UDP flows = 582 192.168.10.110 53 99.82% 128.15 Lahmadi et al Location-aware Network Monitoring (9/12)

TCP Flows: amount of data over time Lahmadi et al Location-aware Network Monitoring (10/12)

TCP Flows: amount of data over locations Lahmadi et al Location-aware Network Monitoring (11/12)

Conclusions and Future directions Understanding mobile network activities Networked devices are moving NetFlow data extended with exporter location Measurements over time and over locations How to handle location-based expiration? Physical location may change frequently: a mobile in a car If we expire flows at each location change, the network will be flooded If we accumulate location records as a list, IPFIX messages will be very long How to analyze and organize measurement data? Existing tools are suitable for time-based measurement What about location-based measurements? We are developing more informations elements Battery usage, device state, application names,... Provide an aggregated view on mobile network traffic and their costs ahmadi et al Location-aware Network Monitoring (12/12)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information