Network Traffic Analysis: A Case Study of ABU Network



Similar documents
Policy Creation Model for Policy based Bandwidth Management in the Core Network (A Case Study of Abu Data Network)

Impact of Computer Education on Students Interest and Performance in Automobile Trade, in Nigerian Secondary Schools and Colleges

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark

Achieving Success through Effective Business Communication

Database Management System for a Digitized Medical Image

Investigating the Performance of VOIP over WLAN in. Campus Network

EXPLORER. TFT Filter CONFIGURATION

Present and Desired Network Management to Cope with the Expected Expansion, NM-AIST Study Case.

Application of Variance Analysis for Performance Evaluation: A Cost/Benefit Approach.

A Proposed Decision Support System/Expert System for Guiding. Fresh Students in Selecting a Faculty in Gomal University, Pakistan

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Bandwidth Management and Optimization System Design (draft)

The Impact of Operational Risk Management on the Financial Development and Economic Growth: A Case Study of Saudi SME Companies

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Truffle Broadband Bonding Network Appliance

Developing an In-house Computerized Maintenance Management System for Hospitals

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

Effect of the learning support and the use of project management tools on project success: The case of Pakistan

A Protocol Based Packet Sniffer

A Study of the Recruitment and Selection process: SMC Global

Adoption of Point of Sale Terminals in Nigeria: Assessment of Consumers Level of Satisfaction Abstract Key words 1. INTRODUCTION

Use and satisfaction with online public access catalogue in selected university libraries in Ogun State, Nigeria

A Study of Network Security Systems

White Paper: Broadband Bonding with Truffle PART I - Single Office Setups

Is the Cloud Educational Enterprise Resource Planning the Answer to Traditional Educational Enterprise Resource Planning Challenges in Universities?

SLA Driven Load Balancing For Web Applications in Cloud Computing Environment

Introduction to computer networks and Cloud Computing

Reliable high throughput data connections with low-cost & diverse transport technologies

DOMINO Broadband Bonding Network

Computer Networks and the Internet

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Working Capital Management & Financial Performance of Manufacturing Sector in Sri Lanka

White Paper: Virtual Leased Line

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

IT4405 Computer Networks (Compulsory)

Local Area Networks (LANs) Blueprint (May 2012 Release)

The role of business intelligence in knowledge sharing: a Case Study at Al-Hikma Pharmaceutical Manufacturing Company

Role of Academic Leadership in Change Management for Quality in Higher Education in Pakistan Ijaz Mehmood

Chapter 9A. Network Definition. The Uses of a Network. Network Basics

IT Data Communication and Networks (Optional)

Layered protocol (service) architecture

Types of Achievement Tests Which Are Preferred By Outstanding Students at Al-Hussein Bin Talal University

TCP/IP Protocol Suite. Marshal Miller Chris Chase

Broadband Bonding Network Appliance TRUFFLE BBNA6401

Network Security: Workshop

Computer Networking Networks

Application Note. Network Optimization with Exinda Optimizer

Multi-Homing Dual WAN Firewall Router

Transport and Network Layer

Lab VI Capturing and monitoring the network traffic

Application Note Gigabit Ethernet Port Modes

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

NSC E

Local-Area Network -LAN

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks

Management Information System and Senior Staff Job Performance in Polytechnics, Kwara State, Nigeria

ISSN X (Paper) ISSN (Online) Vol.3, No.3, Abstract

Lecture 1. Lecture Overview. Intro to Networking. Intro to Networking. Motivation behind Networking. Computer / Data Networks

COMPUTER NETWORK TECHNOLOGY (40)

Cover. White Paper. (nchronos 4.1)

Using a Sierra Wireless AirLink Raven X or Raven-E with a Cisco Router Application Note

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

COMPUTER NETWORK TECHNOLOGY (300)

European Journal of Business and Management ISSN (Paper) ISSN (Online) Vol.5, No.24, 2013

Course Description and Outline. IT Essential II: Network Operating Systems V2.0

PANDORA FMS NETWORK DEVICE MONITORING

Network Security. Vorlesung Kommunikation und Netze SS 10 E. Nett

AppDirector Load balancing IBM Websphere and AppXcel

PANDORA FMS NETWORK DEVICES MONITORING

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Networks 2. Gabriela Ochoa University of Stirling CSCU9B1 Essential Skills for the Information Age. Content

DoS: Attack and Defense

The Effectiveness of the Accounting Information System Under the Enterprise Resources Planning (ERP)

European Journal of Business and Management ISSN (Paper) ISSN (Online) Vol.7, No.1, 2015

Some Special Artex Spaces Over Bi-monoids

Packet Sniffer Detection with AntiSniff

Layer 3 Network + Dedicated Internet Connectivity

Chapter 5. Data Communication And Internet Technology

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

Kick starting science...

Chapter 4 Connecting to the Internet through an ISP

Load Balance Mechanism

Frequently Asked Questions

Please review the following common configurations to optimize performance.

Computer Networks CCNA Module 1

Broadband Bonding Network Appliance TRUFFLE BBNA6401

From Centralization to Distribution: A Comparison of File Sharing Protocols

Linux MDS Firewall Supplement

The OSI & Internet layering models

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

Building Secure Network Infrastructure For LANs

Barracuda Link Balancer

Computer Networks CS321

Proxies. Chapter 4. Network & Security Gildas Avoine

Elfiq Link Load Balancer Frequently Asked Questions (FAQ)

Transcription:

Network Traffic Analysis: A Case Study of ABU Network SB.A. Mohammed Dr.S.M Sani Dr. D.D. DAJAB Department of Electrical and Senior Lecturer, Department of Director ICT, ABU Zaria Computer Engineering, Electrical and Computer Engineering, Electrical and Computer Engineering, ABU, Zaria, Nigeria ABU, Zaria, Nigeria ABU, Zaria, Nigeria Abstract The Internet is being viewed as a critical component of success by the researchers, teachers and students in the Universities and Colleges. The Objectives of thesis is to identify unproductive network based applications responsible for consuming valuable bandwidth of University network system and to enhance utility of productive applications on a University network. This research work, geared towards analysis on the internet traffic network s of Ahmadu Bello University (ABU), Zaria as a case study. the monitoring of network traffic was conducted by bandwidth monitoring software, a packet sniffer (using Wireshark Version 165, SVR Rev 40429) configured as a gateway between the University network system and the internet over a 90-day monitoring period in a schedule of 15 minutes daily, 30 minutes weekly and 2 hours monthly. The data (packets) captures was further analysed using MATLAB which is a tool for graphing network data from which conclusions from the graphs was drawn that ABU s current network traffic is underutilized and far from optimal in terms of Internet Inbound/Outbound traffic generated by its users (staff/students). It has also been observed that defensive bandwidth management is insufficient in respect to the institution s aims and objectives on its network usage. This emphasises the need for improved bandwidth management and optimization. Keyword: Network monitoring traffic, Monitoring software (packet sniffer), Packet capture and Traffic analysis. 1. Introduction The rapid growth of the Internet in size, complexity and traffic types has made network management a challenging task. The ability of a monitoring system to provide accurate information about the nature and type of the network traffic cannot be over emphasized. Information about who is generating the most traffic, what protocols are in use, where is the traffic originating from or where is the destination of the traffic can be very important to solving congestion problems. Many network administrators spend a lot of time trying to know what is degrading the performance of their network [4]. A typical solution to congestion problem is to upgrade network infrastructure, i.e. replace servers with high end servers and increase the bandwidth. This solution is expensive, short term and does not scale. As soon as the upgrade is done the congestion problem will improve for a while and later gradually deteriorate as the users change their behavior in response to the upgrade. The alternative solution to this problem is to deploy a scalable network traffic monitoring and analysis system, in order to understand the dynamics of the traffic and changes in the internet and overall stability of the network. In addition to knowing the health status of the network, monitoring of network activity also has the benefits of detecting denial of service (DoS) and bandwidth theft attacks. In order to conduct analysis of wide range of network behaviors, it is necessary to collect network traffic on a continuous basis rather than as a onetime event which only captures transient behaviors that provides insight into network problems. Collecting long term network traffic data will provide valuable information for improving and understanding the actual network dynamics [1] 2. Background The type of connectivity used to link the Institution to the Internet Service Provider are Leased Line Fiber and Leased Line Radio link/wireless Satellite/VSAT (3.88m Dish). The University connects to the Cisco router, and the capacity connection for two satellite i.e. Intelsat satellite 33

(Downlink: 3.5Mbps/ Uplink: 512Kbps) and I- direct satellite (Downlink: 1.5Mbps/ Uplink: 512Kbps) and currently connect to the Line Fiber with Synchronous Transport Module level-1(smt-1) from GLO which has a bit rate of 155.52 Mbps. The Overall capacity is: Uplink (Mbps):156.52Mbps Downlink (Mbps):160.52Mbps Figure 1: Logical Diagram of the core and Distribution Layers of the ABU Network Figure 1 shows the core and distribution layer of the entire ABU network diagram based on the Cisco 3-layer model. It shows has shown the major nodes and connection points in the distribution layer of the institution s network and shows a direct connection of the Layer 3 Switch (MLS or ACS) to the Data Center backbone on interface Gig 1/3/3.The connections between the network nodes are implemented with optical fibers links ( i.e. Single Mode cable ) which interlink the nodes of the, Senate building, Institutes of Education, Faculty of Engineering, Agric, Art, Administration, Energy Research and NAPRI e.t.c The backbone network is based on Gigabit Ethernet technology. These connections are implemented via single-mode optical fiber which has the following features; i. Relatively narrow diameter, through which only one mode will propagate typically 1310 or 1550nm. ii. Higher transmission rate The small core and single light-wave virtually eliminate any distortion that could result from overlapping light pulses, providing the least signal attenuation and the highest transmission speeds of any fiber cable type. The TCP/IP suite of protocols is the set of protocols used to communicate across the internet. It is also widely used on many organizational networks due to its flexibility and wide array of functionality provided [4].These TCP/IP suites of protocols are the sources of different networked application. TCP/IP suites of protocols are assessed by showing the percentage each of the network protocols. Moreover, the TCP/IP protocols analysis can be used to clearly show the percentage of traffic consumption which can be used as input for bandwidth allocation in intercampus network. The TCP/IP suites of protocols that is interested in are: FTP, Telnet, SMTP, HTTP, TCP, UDP, ICMP, ARP, DNS, edonkey, SNMP, DHCP, SSH, Telnet, NetBIOS, and POP3. 2.1 Network monitoring: Is the ongoing process of collecting information about various aspects of network operations. By carefully analyzing this data, you can identify faults; find cases of waste and unauthorized access, and spot trends that may indicate future problems. Implementation is the step of implementing traffic shaping, filtering, caching, and other 34

technologies within your network to help bring actual usage in line with policy. The actions you need to take are indicated by the data collected through monitoring and analysis, and are constrained by the network policy. Many people expect to begin the task of bandwidth management by starting with this step. But without good monitoring techniques, network administrators are effectively blind to the problem [5] 2.2 Network Traffic Analysis Tools Monitoring tools are selected out of a variety of tools (Ntop, Iptarf, MRTG, Nagios and Web sense) available today. The following features have been considered while making the selection: i. Appropriateness i. Affordability ii. Lightweight iii. Flexibility, iv. Graphical support v. Data retention vi. User friendly and vii. Feature richness In this research, packet sniffer is selected because it is a piece of software capable of monitoring all network traffic. It has the following features that most monitoring tools do not posses. i. It is an open source tool with extensive support. ii. It stores data for a long time. iii. It is able to capture all incoming and outgoing traffic for example clear-text passwords, user names and other private or sensitive details. Internet bandwidth use by host and protocol, point to point traffic are crucial to know in order to manage and optimize the bandwidth. 3. Statement of Problem The ABU network is expected to have growing number of hosts with the growing number of staff and students, the following problems are encountered: i. A way of giving priority to traffic based on users classes, applications or time of the day to make maximum utilization and optimization of bandwidth has not been implemented, ii. A mechanism that makes sure that the University bandwidth is used for the intended purpose (Academic and research related) and discovering when it is not in place are not available iii. In addition bandwidth is often consumed by low priority, bandwidth-hungry uses for non-educational purposes. iv. Peer-to-Peer (P2P)-based network congestion; the primary cause of the bandwidth problems is P2P file-sharing software (such as Morpheus, Gnutella, and KaZaa). These programs allow an individual to connect to a network of other users and exchange music, video, and other types of files. 4. Methodology The methodology used in this research will focus on how to enhance the Internet users experience by eliminating processes caused by improper management and control of bandwidth. To identify unproductive web applications responsible for consuming valuable bandwidth of University network system through the following; i. Selection of Monitoring Software: A software that will monitor and adequately report in details the network usage, identified and preferably an open source software to take care of licensing and virus issues [6] 35

ii. Installation and Configuration of Monitoring Software: Packet sniffers is installed and configured as a monitoring server on the network. It can be accessible from any part of the network iii. Verification of the Configuration: The server tested on a small office network to ensure that the configuration works well. iv. Installation of Software on Live Network: The software is installed on the University network operating centre. v. Data collected (packet traffic): Data is collected from the monitoring server daily over a period of 90 days continuously. vi. Extraction of data: Since the research is interested in the analysis of the network usage, a detailed analysis of data is done using MATLAB (Simulink) to figure out the type classification of applications as productive (academic and research related) and unproductive (personal, non academic and non research related) activities in addition to applications which are consuming high bandwidth [9]. 5. Results and Discussion This begins with the preparation and collection of data, which includes both transmitted and received rates per daily (15 Minute average), weekly (30 Minute average) and monthly (2 Hours average) of the various access points in the networks, at over the period of three months. A programme using M files and communication toolbox in MATLAB was used to plot the bandwidth utilization (Traffic IN and traffic OUT) of the daily, weekly and monthly bandwidth usage Co Fig.2.Chart configuration 5.1 Verification of the Configuration After the configuration the software is tested on the server. The following tasks are verified: i. Search for clear-text usernames and passwords from the network, ii. Convert network traffic into human readable form, iii. Analyze networks to detect bottlenecks and detect network intruders. 36

iv. Packets captured from a local area network and the capture network traffic is based on application. Figure 3 shows a Packet captured from local Area Network The matlab programme was run and the result was as shown in the following Figures; 3.1, 3.2 and 3.3. 1- Figure 3.1 gives the line chart of plot of daily average bandwidth utilization of different number of users of the various access points that are found within the network. 2- Figure 3.2 gives the line chart of plot of weekly average bandwidth utilization of users of the various access points that are found within the network. 3- Figure 3.3 gives the line chart of plot of monthly average bandwidth utilization of users of the various access points that are found within the network 5000 4500 Daily Graph(15 Minute Average) X: 12 Y: 4900 X: 14.25 Y: 4900 Kilobits per Second(Kb/s) 4000 3500 3000 2500 2000 1500 Download Upload 1000 500 X: 14.5 Y: 516.3 Figure 4 Daily Bandwidth Utilization Graphs 0 10 11 12 13 14 15 16 At Figure 3.1; the download the maximum occurs at 4.9Mbps at 12:00 noon while the Time (24 Hr Format) upload maximum is 516.3Kbps at 2:30pm. This shows that, the ABU Internet gateway saturate very quickly from 10:00 a.m. up to 4:00 p.m. this emphasises the need for improved bandwidth management and optimization. 37

WEEKLY GRAPH 30 MINUTES AVERAGE 3 x 104 X: 13 Y: 2.98e+004 X: 11 Y: 2.95e+004 X: 12 Y: 2.95e+004 X: 11.5 Y: 2.88e+004 X: 12.5 Y: 2.98e+004 2.5 2 X: 14 Y: 2.46e+004 X: 14 Y: 2.16e+004 X: 11 Y: 2.28e+004 X: 14.5 Y: 2.17e+004 X: 12 Y: 2.28e+004 Kilobits Per Second 1.5 1 0.5 0 10 12 14 10 12 14 10 12 14 10 12 14 10 12 14 16 Mon Tue Wed Thur Fri Time in 24hr format Figure 5 Weekly Bandwidth Utilization Graphs of Week 24 of 201 Figure 3.2 shows that, from Monday to Friday the maximum are download 29.4Mbps at different time i.e. 1:00pm, 11:00am, 12:00am, 11:55am and 12.05am, and a very percentage of the university community run windows operating systems which need daily updates of both the operating system and the antivirus software on them. Monthly Graph (2 Hour Average) 16000 Download Upload 12000 Bits Per Second 8000 4000 0 10 June july August September October November Figure 6 Monthly Bandwidth Utilization Graphs at 2011 i. Finally looking Figure 3.3 reveals that there are peer-to-peer connections using ABU context which indicates that there are users with download manager software in their computers. These software enable heavy down loaders congest internet connection restricting internet access to other users and servers that need global accessibility. ii. Websites accessed by each user of the network was identified and was found that bulk of Internet traffic is peer to peer access and downloads of music, video and Anti-virus updates and access of free e-mail services Although, is acknowledge that peer to peer access and download of music, video and Anti-virus updates and free e-mail services might be important for academic purpose. 38

6 Conclusion This network traffic analyses show there is unwise bandwidth utilization in the campus network, and is a serious and emerging challenge for almost all organisations in the present world information technology. Lack of appropriate bandwidth management is preventing useful Internet access which in turn yielding low quality of academic and research works. Better management of bandwidth makes Internet access wider especially for those who need it in actual. Unfortunately there is relatively little understanding about the importance of managing bandwidth because of low awareness, lack of technical staff, improper implementation of Internet usage policy, non supportive attitude of authorities, etc. Bandwidth is a very valuable and limited resource, so there is a need to enhance awareness level among all stakeholders- students, researchers and staff within the university education system in addition to implement a common acceptable policy. Policy should encourage academic and research related activities and throttle of unproductive and individual centric activities [10]. The ICT professionals responsible for management of university network system have to monitor network traffic and users behaviour continuously on network followed by analysis of web applications eating valuable resource. Furthermore, provision of trainings and technical tools is not sufficient for bandwidth management but there is a need to have a rich coordination among all stakeholders, authority and ICT staff on a common acceptable Internet access policy. Hence, it is a necessary condition to implement appropriate bandwidth management so as to reduce the bandwidth starvation in the campus network. 7 Acknowledgments This paper is a part of M.Sc. research work of the first author and the author gives sincere thanks to both his Major and Minor supervisors who are also the other two authors of this work. The author also gives thanks to the management of Ahmadu Bello University ICT for their support of this work. 8 References [1] A practical guide to Bandwidth Management and Optimization Using Open Source Software, in October 2006 [2] Bandwidth management position paper, (Aptivate, June 2007); How to accelerate your internet, [3] Bo Yu Based on the network sniffer implement network monitoring Computer Application and System Modeling (ICCASM), 2010 International Conference on Volume: 7, 2010, Page(s): V7-1 - V7- [4] Dualwan (2009) Bandwidth Management and Traffic Optimization (2010). http://dualwan.org/ bandwidth-management.html [5] Flickenger, R. (2006). How to accelerate your Internet: A Practical Guide to Bandwidth Management and Optimization, Accessed on 20th November, 2010 [6] Graham, Robert. Sniffing (network wiretap, sniffer) FAQ. Version 0.3.3. 14 September 2011 [7] Ansari, Rajeev S.G. and Chandrasekhar H.S, Packet Sniffing: Brief Introduction, IEEE Potentials, Dec 2002- Jan 2003, Volume: 21 Issue: 5, pp: 17 19 [8] A. Dabir, A. Matrawy, Bottleneck Analysis of Traffic Monitoring Using Wireshark, 4th International Conference on Innovations in Information Technology, 2007, IEEE Innovations '07, 18-20 Nov. 2007, Page(s):158 162 [9] A scalable architecture for network traffic monitoring and analysis using free open source software. [10] S. Floyd and V. Jacobson, Link-sharing and resource management models for packet networks, IEEE Trans. Networking, vol. 3, 1995. 39

This academic article was published by The International Institute for Science, Technology and Education (IISTE). The IISTE is a pioneer in the Open Access Publishing service based in the U.S. and Europe. The aim of the institute is Accelerating Global Knowledge Sharing. More information about the publisher can be found in the IISTE s homepage: http:// CALL FOR PAPERS The IISTE is currently hosting more than 30 peer-reviewed academic journals and collaborating with academic institutions around the world. There s no deadline for submission. Prospective authors of IISTE journals can find the submission instruction on the following page: http:///journals/ The IISTE editorial team promises to the review and publish all the qualified submissions in a fast manner. All the journals articles are available online to the readers all over the world without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself. Printed version of the journals is also available upon request of readers and authors. IISTE Knowledge Sharing Partners EBSCO, Index Copernicus, Ulrich's Periodicals Directory, JournalTOCS, PKP Open Archives Harvester, Bielefeld Academic Search Engine, Elektronische Zeitschriftenbibliothek EZB, Open J-Gate, OCLC WorldCat, Universe Digtial Library, NewJour, Google Scholar

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information