CoralReef:Analysis Tools platform for passive network monitoring collection of coral tools...

CoralReef:Analysis Tools platform for passive network monitoring

collection of coral tools

dmoore@caida.org

outline

• what is CoralReef?

• software modules: – drivers

– libcoral

– CRL.pm

– analysis programs

– report generation

• status and future

what is CoralReef?

• software distribution– collection of coral tools– suggestions and automation for analysis

• operational side of caida's coral project

• collection point for enhancements

• platform for development/research

why is it desired?

• largely motivated by complaints about existing state of coral tools and configuration management

• non-hardware costs of deployment

• provides common methodologies

• support for trend analysis

• how often/what to collect

software modules: overview

libcoral - inputs

• capture devices– oc3mon– oc12mon– oc48mon– DAG cards

• trace files• tcpdump

• headers-only, partial & full packets

• network configuration files – encapsulation (LLC/SNAP, null, NLPID)– filtering– labeling

libcoral - APIs

• reading/processing– block - buffer of ATM cells

– cell - single cell at a time

– packet - (partial) reassembly

– callback - allows multiple modules

– interface merging/timestamp reordering

• writing/capturing/encoding

• configuration controls

CRL.pm

• perlized access to libcoral

• header field extraction (ip_len, etc)

• flows analysis support

• statistics modules

analysis programs

• real-time, continuous collection in C

• can avoid trace collection

• generate summaries– text

– html

– arts++

analysis reporting

• basic traffic characterization

• AS matrices

• configurable net-net matrices

• checksum verification

• traffic import and export

analysis reports: AS Matrices

report generation

• summaries transferred from monitor to web server

• reports designed so they can be easily parsed back to raw data

• periodic html generation

• on-demand CGI summaries

status and future• initial 3.0 release on copyright approval

• priorities– regression testing suites

– libcoral module API

– better automation and management

– Table.pm

– Arts/cflowd file support/NeTraMet

acknowledgements

• CoralReef Team:– Nancy Bachman

– Jambi Ganbar

– Ken Keys

– Ryan Koga

– Esmond Lee

– Sean McCreary

– David Moore

– Mike Tesch

– Mike Young

• Steve Feldman (MAE west)

• Kevin Thompson (MCI)

• Bill Jensen (University Wisconsin Madison)

• Hans-Werner Braun (NLANR)

• k claffy (CAIDA)

dmoore@caida.orgcooperative association for Internet data analysis

(CAIDA)University of California’s

San Diego Supercomputer Center

http://www.caida.org/Tools/CoralReef/