Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement
|
|
- Kory West
- 5 years ago
- Views:
Transcription
1 Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement Petr Velan, Tomáš Jirsík, Pavel Čeleda {velan jirsik 19th EUNICE Workshop on Advances in Communication Networking August 2013, Chemnitz, Germany
2 Part I Introduction Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 2 / 19
3 Motivation and R&D Goals I Is NetFlow still sufficient? FTP 20/21 SSH 22 SMTP 25 HTTP 80 POP3 110 IMAP 143 HTTPS 443 Well-known Ports Applications Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 3 / 19
4 Motivation and R&D Goals I Is NetFlow still sufficient? FTP 20/21 SSH 22 SMTP 25 HTTP 80 POP3 110 IMAP 143 HTTPS 443 Well-known Ports Applications Today Applications Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 3 / 19
5 Motivation and R&D Goals I Is NetFlow still sufficient? FTP 20/21 SSH 22 SMTP 25 HTTP 80 POP3 110 IMAP 143 HTTPS 443 Well-known Ports Applications Today Applications HTTP - new Transmission Control Protocol - new TCP Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 3 / 19
6 Motivation and R&D Goals II How to add application visibility to flow? Application labeling (protocol recognition) Application data (deep packet inspection) Use the best DPI parsers to extend the flow Speed and accuracy is the most important factor We set out to find the best parser for HTTP protocol Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 4 / 19
7 Part II HTTP Parser Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 5 / 19
8 General HTTP Parser Design GET /wiki/hypertext_transfer_protocol HTTP/1.1\r\n Host: en.wikipedia.org\r\n User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/ Firefox/23.0\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: cs,en-us;q=0.7,en;q=0.3\r\n Accept-Encoding: gzip, deflate\r\n Referer: Connection: keep-alive\r\n If-Modified-Since: Sat, 22 Jun :32:12 GMT\r\n Cach-Control: max-age=0\r\n \r\n Find one of HTTP, POST, GET, CONNECT, PUT, DELETE, HEAD, TRACE method Parse status code or URI Try to find matching header fields for User-Agent, Content-Type, Host, Referer End when double end of line ( \r\n ) is encountered Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 6 / 19
9 Evaluated Parser Types No application parser - L2 through L4 flow exporters No HTTP - no special parser, reference measurement String compare - nprobe, FlowMon strcmp - hand-written parser standard version optimized strcmp - highly optimized hand-written parser Regular expression - YAF pcre - parser using Perl Compatible Regular Expressions Finite automaton - our approach flex - parser using flex generated finite automaton optimized flex - optimization of flex parser Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 7 / 19
10 Flex Parser Schema Protocol labeling Start Initial HTTP Headers User-Agent Content-Type Referer Host Invalid character or \r or \n Not HTTP HTTP Request HTTP Response + status code Protocol parsing Method + URL Invalid character or \r or \n HTTP HTTP End EOF or \r\n\r\n Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 8 / 19
11 Part III Experiment Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 9 / 19
12 Measurement Setup Hard Drive HTTP Dataset Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 10 / 19
13 Measurement Setup FlowMon Exporter Hard Drive HTTP Dataset Memory HTTP Parser Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 10 / 19
14 Measurement Setup FlowMon Exporter Hard Drive HTTP Dataset Memory HTTP Parser Packet Rate Measurement Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 10 / 19
15 Measurement Setup II Dataset HTTP request and response packets Data packets with binary payload Created data sets containing % of HTTP packets Modified data packets with End of Line only at start and end Measurement 1) Throughput measurement 2) Parsed HTTP header fields impact 3) Packet content effect Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 11 / 19
16 Part IV Results Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 12 / 19
17 Throughput 1500 B Snaplen 11 Packets/s (x 10 6 ) no HTTP optimized strcmp strcmp optimized flex flex pcre 1 0 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% : Throughput for data with x % of HTTP header packets Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 13 / 19
18 Throughput 384 B Snaplen 12 Packets/s (x 10 6 ) no HTTP optimized strcmp strcmp optimized flex flex pcre 1 0 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% : Throughput for data with x % of HTTP header packets Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 14 / 19
19 Parsed HTTP Header Fields Impact Packets/s (x 10 6 ) optimized strcmp strcmp optimized flex flex pcre : An HTTP parser throughput for 1500 B packets; supported fields - (0) none - HTTP protocol labeling, (1) +host, (2) +method, (3) +status code, (4) +request URI, (5) +content type, (6) +referer, (7) +user agent Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 15 / 19
20 Packet Content Effect - Strcmp Parser 3 beginning end unchanged Packets/s (x 10 6 ) % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% : Packet content effect - packet length 1500 B. Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 16 / 19
21 Part V Conclusion Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 17 / 19
22 Conclusion Summary Application data is required to ensure high level of security Fast parsing algorithms, throughput deterioration Hand-written parsers vs. generated parsers Future Work Extensibility - new protocols, more thorough inspection Increasing throughput - examine only necessary data Data processing - storage and evaluation Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 18 / 19
23 Thank You For Your Attention! Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement Petr Velan Tomáš Jirsík Pavel Čeleda HTTP HTTPHTTP IPFIX IPFIX IPFIX IPFIX IPFIX IPFIX Plugins for HTTP Monitoring Petr Velan et al. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 19 / 19
Identifying Operating System Using Flow-based Traffic Fingerprinting
Identifying Operating System Using Flow-based Traffic Fingerprinting Tomáš Jirsík, Pavel Čeleda {jirsik celeda}@ics.muni.cz Institute of Computer Science, Masaryk University EUNICE 2014 September, 1. 5.,
More informationWire Shark Lab1. Intro
Jae Sook Lee FA16 CSIT 340 01 Dr. Constantine Coutras Wire Shark Lab1 Intro 1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above. : 1)
More informationEnhancing Network Security: Host Trustworthiness Estimation
Enhancing Network Security: Host Trustworthiness Estimation Tomáš Jirsík, Pavel Čeleda {jirsik celeda}@ics.muni.cz Institute of Computer Science, Masaryk University Goal 25,739% Tomáš Jirsík, Pavel Čeleda
More informationNETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS
NETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS Wednesday 27 th April, 2016 Petr Velan Jana Medková, Tomáš Jirsík, Pavel Čeleda Introduction We need to be able to describe the network traffic.
More informationHardware-Accelerated Flexible Flow Measurement
Hardware-Accelerated Flexible Flow Measurement Pavel Čeleda celeda@liberouter.org Martin Žádník zadnik@liberouter.org Lukáš Solanka solanka@liberouter.org Part I Introduction and Related Work Čeleda, Žádník,
More informationLarge-Scale Geolocation for NetFlow
Large-Scale Geolocation for NetFlow Pavel Čeleda, Petr Velan, Martin Rábek Rick Hofstede, Aiko Pras {celeda velan xrabek1}@ics.muni.cz, {r.j.hofstede a.pras}@utwente.nl IFIP/IEEE IM 2013, 27-31 May 2013,
More informationKaazing Gateway: An Open Source
Kaazing Gateway: An Open Source HTML 5 Websocket Server Speaker Jonas Jacobi Co-Founder: Kaazing Co-Author: Pro JSF and Ajax, Apress Agenda Real-Time Web? Why Do I Care? Scalability and Performance Concerns
More informationCS 43: Computer Networks. HTTP September 10, 2018
CS 43: Computer Networks HTTP September 10, 2018 Reading Quiz Lecture 4 - Slide 2 Five-layer protocol stack HTTP Request message Headers protocol delineators Last class Lecture 4 - Slide 3 HTTP GET vs.
More informationApplication Layer: The Web and HTTP Sec 2.2 Prof Lina Battestilli Fall 2017
CSC 401 Data and Computer Communications Networks Application Layer: The Web and HTTP Sec 2.2 Prof Lina Battestilli Fall 2017 Outline Application Layer (ch 2) 2.1 principles of network applications 2.2
More informationDATA COMMUNICATOIN NETWORKING
DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach By: Kurose, Ross Introduction Course Overview Basics of Computer Networks Internet
More informationCS 43: Computer Networks. Layering & HTTP September 7, 2018
CS 43: Computer Networks Layering & HTTP September 7, 2018 Last Class: Five-layer Internet Model Application: the application (e.g., the Web, Email) Transport: end-to-end connections, reliability Network:
More informationFlow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018
Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow
More informationNetwork delay estimation to remote locations based on passive RTT measurements A digest of recent related works at Salzburg Research
Network delay estimation to remote locations based on passive RTT measurements A digest of recent related works at Salzburg Research Felix Strohmeier Salzburg Research Forschungsgesellschaft m.b.h. Jakob-Haringer-Straße
More informationTraceroute. Communication Networks. Decipher a Packet Route. Exercises week 1 and 2 Introduction. Prof. Laurent Vanbever Networked Systems Group
Prof. Laurent Vanbever Networked Systems Group Communication Networks Exercises week 1 and 2 Introduction Traceroute Decipher a Packet Route The traceroute (or tracert on Windows) command a is a useful
More informationCommunication Networks. Prof. Laurent Vanbever. Exercises week 1 and 2 Introduction. a https://linux.die.net/man/8/traceroute
Communication Networks Prof. Laurent Vanbever Exercises week 1 and 2 Introduction Traceroute Decipher a Packet Route The traceroute (or tracert on Windows) command a is a useful tool to observe the route
More informationCSC358 Week 2. Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved
CSC358 Week 2 Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Logistics Tutorial this Friday Assignment 1 will be out shortly
More informationChapter 2. Application Layer
Chapter 2 Application Layer 2.1. 2-1 INTRODUCTION - The application layer provides services to the user - Communication is provided using a logical connection means that the two application layers assume
More informationLecture 25. Tuesday, November 21 CS 475 Networks - Lecture 25 1
Lecture 25 Reminders: Homework 7 due today. Homework 8 posted. Due at the beginning of the last day of class for final exam review. Programming Project 6 posted. Final project worth double. Due by 4:30pm,
More informationChapter 2 Application Layer
Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Application Layer 2-1 Some network apps e-mail web text messaging remote
More informationBrowser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.
Lab Exercise HTTP Objective HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. HTTP functions as a request response protocol in the client server computing model. A web browser,
More informationChapter 2 Application Layer
Chapter 2 Application Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations;
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 8. Internet Applications Internet Applications Overview Domain Name Service (DNS) Electronic Mail File Transfer Protocol (FTP) WWW and HTTP Content
More informationTechnology Overview. Overview CHAPTER
CHAPTER 2 Revised: July 29, 2013, This overview of AVC technology includes the following topics: Overview, page 2-1 AVC Features and Capabilities, page 2-2 AVC Architecture, page 2-4 Interoperability of
More informationComputer Systems and Networks
University of the Pacific LECTURE 12: PYTHON BYTES, TCP/IP (LAB 08) Computer Systems and Networks Dr. Pallipuram (vpallipuramkrishnamani@pacific.edu) Today s Agenda Python exercises to simulate network
More informationFun with Flow. Richard Friedberg rf [at] cert.org Carnegie Mellon University
Fun with Flow Richard Friedberg rf [at] cert.org Objectives Flow Primer Why do I care? Tools Capabilities and examples Almost live demo Build it! Where to go for more 2 What is flow? The simple version:
More informationLecture 04: Application Layer (Part 01) Principles and the World Wide Web (HTTP) Dr. Anis Koubaa
NET 331 Computer Networks Lecture 04: Application Layer (Part 01) Principles and the World Wide Web (HTTP) Dr. Anis Koubaa Reformatted slides from textbook Computer Networking a top-down appraoch, Fifth
More informationSession 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes
Session 8 Deployment Descriptor 1 Reading Reading and Reference en.wikipedia.org/wiki/http Reference http headers en.wikipedia.org/wiki/list_of_http_headers http status codes en.wikipedia.org/wiki/_status_codes
More informationProduced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar
Mobile Application Development Higher Diploma in Science in Computer Science Produced by Eamonn de Leastar (edeleastar@wit.ie) Department of Computing, Maths & Physics Waterford Institute of Technology
More informationChapter 2: outline. 2.6 P2P applications 2.7 socket programming with UDP and TCP
Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.2 Web and HTTP 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS 2.6 P2P applications 2.7 socket programming
More informationChapter 2: outline. 2.6 P2P applications 2.7 socket programming with UDP and TCP
Chapter 2: outline 2.1 principles of network applications 2.2 Web and HTTP 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS 2.6 P2P applications 2.7 socket programming with UDP and TCP Application
More informationFoundations of Python
Foundations of Python Network Programming The comprehensive guide to building network applications with Python Second Edition Brandon Rhodes John Goerzen Apress Contents Contents at a Glance About the
More informationHP Load Balancing Module
HP Load Balancing Module Load Balancing Configuration Guide Part number: 5998-4218 Software version: Feature 3221 Document version: 6PW100-20130326 Legal and notice information Copyright 2013 Hewlett-Packard
More informationstatic phlapa.east.verizon.net /
The ICSI Netalyzr Beta Introduction» Analysis» Results Result Summary static-71-242-253-198.phlapa.east.verizon.net / 71.242.253.198 Recorded at 21:25 EDT (01:25 UTC next day) on Thu, August 27 2009. Permalink.
More informationFlow-Based Network Monitoring using nprobe and ntopng
Flow-Based Network Monitoring using nprobe and ntopng Simone Mainardi, PhD @simonemainardi mainardi@ntop.org Agenda About ntop Flow-based network monitoring, beyond SNMP nprobe: NetFlow/IPFIX/sFlow probe
More informationIntroduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁
II Sören Schwertfeger 师泽仁 Outline Review Network Layer Routing Transport Layer Applications HTTP Demos Internet: Huge network of networks Billions of hosts (computers) Internet Structure Network Edge:
More informationApplication Level Protocols
Application Level Protocols 2 Application Level Protocols Applications handle different kinds of content e.g.. e-mail, web pages, voice Different types of content require different kinds of protocols Application
More informationConnecting with Computer Science Chapter 5 Review: Chapter Summary:
Chapter Summary: The Internet has revolutionized the world. The internet is just a giant collection of: WANs and LANs. The internet is not owned by any single person or entity. You connect to the Internet
More informationCOMP2330 Data Communications and Networking
COMP2330 Data Communications and Networking Dr. Chu Xiaowen (Second semester, 2009-2010 academic year) Laboratory 3 Last update: Feb-3-2009 Use Wireshark to Analyze IP Packet Objectives: (1) Use Wireshark
More informationDetection of DNS Traffic Anomalies in Large Networks
Detection of Traffic Anomalies in Large Networks Milan Čermák, Pavel Čeleda, Jan Vykopal {cermak celeda vykopal}@ics.muni.cz 20th Eunice Open European Summer School and Conference 2014 1-5 September 2014,
More informationEECS 3214: Computer Network Protocols and Applications
EECS 3214: Computer Network Protocols and Applications Suprakash Datta Course page: http://www.eecs.yorku.ca/course/3214 Office: LAS 3043 Email: datta [at] cse.yorku.ca These slides are adapted from Jim
More informationLab 2. All datagrams related to favicon.ico had been ignored. Diagram 1. Diagram 2
Lab 2 All datagrams related to favicon.ico had been ignored. Diagram 1 Diagram 2 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? According to the diagram
More informationPLEASE READ CAREFULLY BEFORE YOU START
MIDTERM EXAMINATION #1 NETWORKING CONCEPTS 03-60-367-01 U N I V E R S I T Y O F W I N D S O R - S c h o o l o f C o m p u t e r S c i e n c e Intersession 2009 Question Paper NOTE: Students may take this
More informationSirindhorn International Institute of Technology Thammasat University
1 Name...ID....Section. Seat No.. Sirindhorn International Institute of Technology Thammasat University Midterm Examination: Semester 2/2007 Course Title : ITS 332 Information Technology II Lab (Networking)
More informationCOSC4377. Chapter 2: Outline
Lecture 5 Chapter 2: Outline 2.1 principles of network applications app architectures app requirements 2.2 Web and HTTP 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS 2.6 P2P applications 2.7 socket
More informationCPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION
CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION Department of Computer Science University of Calgary Professor: Carey Williamson March 2, 2012 This is a CLOSED BOOK exam. Textbooks, notes, laptops,
More informationWorld-Wide Web Protocols CS 571 Fall Kenneth L. Calvert All rights reserved
World-Wide Web Protocols CS 571 Fall 2006 2006 Kenneth L. Calvert All rights reserved World-Wide Web The Information Universe World-Wide Web structure: hypertext Nonlinear presentation of information Key
More informationApplication Detection
The following topics describe Firepower System application detection : Overview:, on page 1 Custom Application Detectors, on page 6 Viewing or Downloading Detector Details, on page 14 Sorting the Detector
More informationReview of Previous Lecture
Review of Previous Lecture Network access and physical media Internet structure and ISPs Delay & loss in packet-switched networks Protocol layers, service models Some slides are in courtesy of J. Kurose
More information4. The transport layer
4.1 The port number One of the most important information contained in the header of a segment are the destination and the source port numbers. The port numbers are necessary to identify the application
More informationINTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET
INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET 1. INTRODUCTION Hello friends are topic is Internet and World Wide Web the most popular services of our topic is social networking and online shopping
More information6.1. Getting Started Guide
6.1 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License
More informationOn the challenges of network traffic classification with NetFlow/IPFIX
On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate Professor at UPC BarcelonaTech (pbarlet@ac.upc.edu) Joint work with: Valentín Carela-Español, Tomasz Bujlow
More informationCSE 333 Lecture HTTP
CSE 333 Lecture 19 -- HTTP Hal Perkins Paul G. Allen School of Computer Science & Engineering University of Washington Administrivia HW4 due a week from Thursday - How s it look? Today: http; finish networking/web
More informationData Communications and Networks Spring Syllabus and Reading Assignments
Data Communications and Networks Spring 2018 Syllabus and Assignments Revision Date: January 24, 2018 Course : This course teaches the design and implementation techniques essential for engineering robust
More informationHTTP Reading: Section and COS 461: Computer Networks Spring 2013
HTTP Reading: Section 9.1.2 and 9.4.3 COS 461: Computer Networks Spring 2013 1 Recap: Client-Server Communication Client sometimes on Initiates a request to the server when interested E.g., Web browser
More informationKey Points for the Review
Key Points for the Review Network Basics What is internet and Internet? Does WWW equal to Internet? How do machines communicate with one another on the Internet? What are the major components of Internet?
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationSmart Home Network Management with Dynamic Traffic Distribution. Chenguang Zhu Xiang Ren Tianran Xu
Smart Home Network Management with Dynamic Traffic Distribution Chenguang Zhu Xiang Ren Tianran Xu Motivation Motivation Per Application QoS In small home / office networks, applications compete for limited
More informationCSE 333 Lecture HTTP
CSE 333 Lecture 19 -- HTTP Hal Perkins Department of Computer Science & Engineering University of Washington Administrivia Server-side programming exercise due Wed. morning HW4 due a week later - How s
More informationMuhammad Farooq-i-Azam CHASE-2006 Lahore
Muhammad Farooq-i-Azam CHASE-2006 Lahore Overview Theory Existing Sniffers in action Switched Environment ARP Protocol and Exploitation Develop it yourself 2 Network Traffic Computers and network devices
More informationSCRIPT: An Architecture for IPFIX Data Distribution
SCRIPT Public Workshop January 20, 2010, Zurich, Switzerland SCRIPT: An Architecture for IPFIX Data Distribution Peter Racz Communication Systems Group CSG Department of Informatics IFI University of Zürich
More informationCS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.
CS 355 Computer Networking Wei Lu, Ph.D., P.Eng. Chapter 2: Application Layer Overview: Principles of network applications? Introduction to Wireshark Web and HTTP FTP Electronic Mail SMTP, POP3, IMAP DNS
More informationSession 9. Deployment Descriptor Http. Reading and Reference. en.wikipedia.org/wiki/http. en.wikipedia.org/wiki/list_of_http_headers
Session 9 Deployment Descriptor Http 1 Reading Reading and Reference en.wikipedia.org/wiki/http Reference http headers en.wikipedia.org/wiki/list_of_http_headers http status codes en.wikipedia.org/wiki/http_status_codes
More informationWireshark Tutorial. Chris Neasbitt UGA Dept. of Computer Science
Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction What is a network trace? What is Wireshark? Basic UI Some of the most useful parts of the UI. Packet Capture How do
More informationUNIT I. A protocol is a precise set of rules defining how components communicate, the format of addresses, how data is split into packets
UNIT I Web Essentials: Clients, Servers, and Communication. The Internet- Basic Internet Protocols -The World Wide Web-HTTP request message-response message- Web Clients Web Servers-Case Study. Markup
More informationChapter 2: Application layer
Chapter 2 Application Layer A note on the use of these ppt slides: Were making these slides freely available to all (faculty, students, readers). Theyre in PowerPoint form so you can add, modify, and delete
More informationApplication Layer Network Layer
Application Layer 1. What is job of Application Layer? 2. Which protocol is used at Application Layer? 3. What is DNS? How is works? 4. What protocols used is email? 5. Where to use SMTP protocol? 6. Where
More informationConfiguring Traffic Policies
CHAPTER 11 Date: 4/23/09 Cisco Application Networking Manager helps you configure class maps and policy maps to provide a global level of classification for filtering traffic received by or passing through
More informationGetting Started with Network Analysis Policies
The following topics describe how to get started with network analysis policies: Network Analysis Policy Basics, page 1 Managing Network Analysis Policies, page 2 Network Analysis Policy Basics Network
More informationEarly Application Identification
Early Application Identification Laurent Bernaille Renata Teixeira Kave Salamatian Université Pierre et Marie Curie - LIP6/CNRS Which applications run on my network? Internet Edge Network (campus, enterprise)
More informationComputer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University
Computer Networks More on Standards & Protocols Quality of Service Week 10 College of Information Science and Engineering Ritsumeikan University Introduction to Protocols l A protocol is a set of rules
More informationA Survey on Network Security Monitoring Implementations
A Survey on Network Security Monitoring Implementations Ibrahim Ghafir, Jakub Svoboda, Vaclav Prenosil Abstract Network monitoring is a difficult and demanding task that is a vital part of a network administrator
More information5105: BHARATHIDASAN ENGINEERING COLLEGE NATTARMPALLI UNIT I FUNDAMENTALS AND LINK LAYER PART A
5105: BHARATHIDASAN ENGINEERING COLLEGE NATTARMPALLI 635 854. NAME OF THE STAFF : R.ANBARASAN DESIGNATION & DEPARTMENT : AP/CSE SUBJECT CODE : CS 6551 SUBJECT NAME : COMPUTER NETWORKS UNIT I FUNDAMENTALS
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationliberate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently
liberate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently Fangfan Li, Abbas Razaghpanah, Arash Molavi Kakhki, Arian Akhavan Niaki, David Choffnes, Phillipa Gill,
More informationWireshark Lab: HTTP SOLUTION
Wireshark Lab: HTTP SOLUTION Supplement to Computer Networking: A Top-Down Approach, 7th ed., J.F. Kurose and K.W. Ross 2005-2012, J.F Kurose and K.W. Ross, All Rights Reserved The following screen shots
More informationIntroduction to TCP/IP
Introduction to TCP/IP Properties and characteristics of TCP/IP IPv4 IPv6 Public vs private vs APIPA/link local Static vs dynamic Client-side DNS settings Client-side DHCP Subnet mask vs CIDR Gateway TCP/IP
More informationSirindhorn International Institute of Technology Thammasat University
Name.............................. ID............... Section...... Seat No...... Thammasat University Final Exam: Semester, 205 Course Title: Introduction to Data Communications Instructor: Steven Gordon
More informationTRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016
TRANSMISSION CONTROL PROTOCOL ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016 ETI 2506 - TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember 1.
More informationTCP/IP Networking Basics
TCP/IP Networking Basics 1 A simple TCP/IP Example A user on host argon.tcpip-lab.edu ( Argon ) makes a web access to URL http://neon.tcpip-lab.edu/index.html. What actually happens in the network? 2 HTTP
More informationCisco Common Classification Policy Language
CHAPTER34 Cisco Common Classification Policy Language (C3PL) is a structured replacement for feature-specific configuration commands. C3PL allows you to create traffic policies based on events, conditions,
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationAn Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis
An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis Martin Elich, Petr Velan, Tomas Jirsik, Pavel Celeda Faculty of Informatics, Masaryk University, Brno, Czech Republic elich@mail.muni.cz
More informationInternet Applications and the Application Layer Material from Kurose and Ross, Chapter 2: The Application Layer
Midterm Study Sheet Below is a list of topics that will be covered on the midterm exam. Some topics may have summaries to clarify the coverage of the topic during the lecture. Disclaimer: the list may
More informationChapter 2: Application Layer. Chapter 2 Application Layer. Some network apps. Application architectures. Chapter 2: Application layer
Chapter 2 Application Layer Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 2: Application Layer Our goals: conceptual, implementation
More informationApplication Layer. Pure P2P architecture. Client-server architecture. Processes communicating. Hybrid of client-server and P2P. Creating a network app
Application Layer e- web instant messaging remote login P2P file sharing multi- network games streaming stored video (YouTube) voice over IP real-time video conferencing cloud computing Creating a network
More informationPaper solution Subject: Computer Networks (TE Computer pattern) Marks : 30 Date: 5/2/2015
Paper solution Subject: Computer Networks (TE Computer- 2012 pattern) Marks : 30 Date: 5/2/2015 Q1 a) What is difference between persistent and non persistent HTTP? Also Explain HTTP message format. [6]
More informationChapter 2. Application Layer. Chapter 2: Application Layer. Application layer - Overview. Some network apps. Creating a network appication
Mobile network Chapter 2 The Yanmin Zhu Department of Computer Science and Engineering Global ISP Home network Regional ISP Institutional network CSE Department 1 CSE Department 2 Application layer - Overview
More informationWeb Search An Application of Information Retrieval Theory
Web Search An Application of Information Retrieval Theory Term Project Summer 2009 Introduction The goal of the project is to produce a limited scale, but functional search engine. The search engine should
More informationPLEASE READ CAREFULLY BEFORE YOU START
Page 1 of 20 MIDTERM EXAMINATION #1 - B COMPUTER NETWORKS : 03-60-367-01 U N I V E R S I T Y O F W I N D S O R S C H O O L O F C O M P U T E R S C I E N C E Fall 2008-75 minutes This examination document
More informationPLEASE READ CAREFULLY BEFORE YOU START
Page 1 of 20 MIDTERM EXAMINATION #1 - A COMPUTER NETWORKS : 03-60-367-01 U N I V E R S I T Y O F W I N D S O R S C H O O L O F C O M P U T E R S C I E N C E Fall 2008-75 minutes This examination document
More informationDigging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network
1 / 37 Digging into Anonymous Traffic: A Deep Analysis of the Anonymizing Network Abdelberi Chaabane, Pere Manils, Mohamed Ali Kaafar INRIA Rhônes-Alpes, FRANCE pere.manils@inrialpes.fr NSS, September
More informationProtocol Compliance Statements for the CSG2
APPENDIXJ This appendix provides protocol compliance statements for the CSG2. Any RFCs that are not explicitly listed are not supported. Layer 4 Inspection (parse protocol=other) The Cisco Content Services
More informationApplied Networks & Security
Applied Networks & Security Applications http://condor.depaul.edu/~jkristof/it263/ John Kristoff jtk@depaul.edu IT 263 Winter 2006/2007 John Kristoff - DePaul University 1 HTTP/HTTPS The language of the
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationNetworking Fundamentals: IP, DNS, URL, MIME
Networking Fundamentals: IP, DNS, URL, MIME Computer Science and Engineering College of Engineering The Ohio State University Lecture 10 Internet Protocol (IP) Addresses A unique 32-bit number Assigned
More informationApplication Layer: HTTP
Application Layer: HTTP EECS 3214 Slides courtesy of J.F Kurose and K.W. Ross, All Rights Reserved 23-Jan-18 1-1 Chapter 2: outline 2.1 principles of network applications 2.2 Web and HTTP 2.3 electronic
More informationEDA095 HTTP. Pierre Nugues. March 30, Lund University
EDA095 HTTP Pierre Nugues Lund University http://cs.lth.se/pierre_nugues/ March 30, 2017 Covers: Chapter 6, Java Network Programming, 4 rd ed., Elliotte Rusty Harold Pierre Nugues EDA095 HTTP March 30,
More information