ELEC-E7130 - Internet Traffic Measurements and Analysis, Lecture, 7.9.2022-5.12.2022
This course space end date is set to 05.12.2022 Search Courses: ELEC-E7130
Assignment 4. Traffic with probe packets
Prerequisites
To complete this assignment, a certain amount of network capture knowledge is required.
If you are not very familiar with network capture skills (TCPdump, Wireshark or tshark), you can refer to previous assignment instructions on packet capture.
Learning outcomes
At the end of this assignment, students should be able to
- Capture internet traffic including test traffic.
- Collect basic statistics about the traffic generated using counters.
- Analyze the traffic captured in the network from different aspects.
- Differentiate between active and passive measurements.
Introduction
The present assignment contains two tasks to introduce the active measurements and compare them with the passive measurements. Please read all instructions before starting because it is helpful to identify common work.
- Task 1: Packet capture with and without probe packets
- Task 2: Compare active and passive measurements
In this assignment, capture the traffic data from your computer. In the case of using a virtual machine (VM), generate traffic within that virtual computer instead of the usual host because it acts as a separate computer.
Task 1: Packet capture with and without probe packets
Choose one of the packet-capturing tools available such as dumpcap, Wireshark, tcpdump, etc. For this task, there are two phases to capture the traffic data.
First phase, capture network traffic for one hour or more while using the computer as your normally do (browse web, check e-mails, watch video, listen music, do assignments, and so on).
Note: Record interface counters and overall statistics at the beginning and end of the packet capture
Second phase, capture again with a duration of 15 minutes while running scripts according to the table below selecting the servers listed as the assignment 2 “Basic measurements”
Servers Tool 3 research servers ping
2 iperf servers ping
,iperf3
Note: Record interface counters and overall statistics at the beginning and end of the packet capture as well as store the result of these active measurements (the command outputs) for the next task.
Once the packet capture is complete, do the first sanity checks on captured data for 1. Size of trace files. 2. Number of packets in trace file. 3. Total size of packets. 4. Compare values from interface counters to capture file. Is there any difference?
Hint: Make a table comparing the results for both pcap files as well as the statistics obtained with the interface counters and the capture file.
Answer the next questions based on the obtained pcap files for both phases using one of the mass analysis tools** to use such as shown in the Table 1. Mass analysis tools or another suitable too.
- Plot the traffic volume considering all packets over time (chose the most suitable interval) both phases captured.
- For the second phase:
Plot the traffic volume without the
ping
packets andiperf3
packets over time (select the same interval selected in the previous plot).Plot the traffic volume comparing the
ping
packets with theiperf3
packets over time (keeping the same interval).Hint: You can use filters to check especific protocols (
ping
traffic using ICMP protocol andiperf3
traffic using TCP protocol and ports defined) and/or IP addresses (target server’s addresses).
- What do you observe in the plots? Make a conclusion about the network traffic captured.
- Provide the average throughput for both phases captured. Are there differences?
Hint: One of the tools that can be useful is Wireshark to plot and apply filters easily, or another way is converting the pcap file into a CSV file through
tshark
or another similar tool to process, plot, and filter the data using python or R.
Hint: In terms of recording counters to see overall statistics (only capturing sent and received packet counts are sufficient) for all network interfaces, you can use the command
ip -s link
on Linux.
Report, task 1
- Describe your measurement setup (tools and workflow).
- Summary of capture data for both phases.
- Were there differences between capture file statistics and counters?
- Plot traffic volume with different filters for both phases.
- Any observations on those two phases?
- Draw appropriate conclusions about the problems
Task 2: Compare active and passive measurements
In this task, use the captured data of the second phase from the previous task to compare the results obtained by the active measurements (what you get from ping
and ipef3
log files) and by the passive measurement (what you get from packet capture). Some helpful guides can be found in the supporting material.
Extract information appropriately from the iperf3
and ping
sessions
- For the
iperf3
sessions, calculate throughput where there are two different options:- You can use flow tools as the previous assignment (converting packet capture into flows) because most likely, each
iperf3
run will result in a different flow. - Another option is to use
tcptrace
to extract information on TCP connections.
- You can use flow tools as the previous assignment (converting packet capture into flows) because most likely, each
- In the case of the
ping
results, extract ICMP messages from traces or flows, correlate requests to responses and calculate delay and identify possible packet loss.
Hint: You can use filters to check protocol (
ping
traffic using ICMP protocol andiperf3
traffic using TCP protocol) and/or IP addresses (target server’s addresses). Besides, there are different ways to obtain the filtered data set using Wireshark, tshark, CoralReef, pyshark, tcptrace.
Analyze the captured data** and answer the following questions:
- How much traffic was there that was not
iperf
orping
traffic? - Compare
iperf
results from active and passive measurements. Provide a table and plot a time series. - Compare
ping
results from active and passive measurements. Provide a table and plot a time series.
Make a table comparing the active and passive measurements according to the following points:
- What other active measurement tools can be useful and what measured characteristics? (e.g.
ping
for the latency and packet loss) - Mention some passive measurement tools that can be useful in terms of availability, bandwidth utilization, errors, and discards? (e.g. CoralReef for description of traffic flows)
- Describe some problems and limitations for both measurements.
Report, task 2
- Describe your analysis setup. Include code snippets.
- Answers to questions above.
- Were there any systematic bias on active and passive measurements?
- Make a table with the main differences between active and passive measurements.
Grading standard
To pass this course, you need to achieve at least 15 points in this assignment. And if you submit the assignment late, you can get a maximum of 15 points.
You can get up to 30 points for this assignment:
Task 1
- Use the correct method for traffic capture. (1p)
- Do the first sanity checks. (2p)
- Make a basic summary based on the first sanity checks. (3p)
- Plot time series to compare the traffic data in different conditions. (4p)
- Draw appropriate conclusions about the differences (2p)
Task 2
- Extract the throughput and latency data from the packet captured. (4p)
- Accurately answer the 3 questions raised in the data analysis (plot and table). (8p)
- Summarize based on the answers to the questions you answered. (3p)
- Compare active and passive measurements using a table (3p)
The quality of the report (bonus 2p)
The instruction of assignment
For the assignment, your submission must contain (Please don’t contain original data in your submission):
- A zip file that includes your codes and scripts.
- A PDF file as your report.
Regarding the report, your report must have:
- A cover page indicating your name, student ID and your e-mail address.
- The report should include a description of measurements, a summary of the results and conclusions based on the results.
- An explanation of each problem, explain how you solved it and why you did it.
- 4 October 2022, 1:07 PM