|
|
Memory Reduction of Stateful Network Traffic Processing
Hlaváček, Martin ; Puš, Viktor (referee) ; Kořenek, Jan (advisor)
This master thesis deals with the problems of memory reduction in the stateful network traffic processing. Its goal is to explore new possibilities of memory reduction during network processing. As an introduction this thesis provides motivation and reasons for need to search new method for the memory reduction. In the following part there are theoretical analyses of NetFlow technology and two basic methods which can in principle reduce memory demands of stateful processing. Later on, there is described the design and implementation of solution which contains the application of these two methods to NetFlow architecture. The final part of this work summarizes the main properties of this solution during interaction with real data.
|
|
|
Adaptive Sampling of Input Packets Implemented in FlowMon Probe
Kaštovský, Petr ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
There is a FlowMon probe being developed in a Libeouter project that is used for passive network measurements. The probe has better stability and accuracy than sofware based solutions even under a heavy load or network attack. To guarantee a precision of results there is a need to data reduction to prevent measuring system overload. There are few kinds of data reduction. Method used in the FlowMon probe is called sampling. Adaptive sampling unit sets the sampling rate (rate of processed and discarded packets) according to actual state of measured network.
|
|
|
BigData Approach to Management of Large Netflow Datasets
Melkes, Miloslav ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
This master‘s thesis focuses on distributed processing of big data from network communication. It begins with exploring network communication based on TCP/IP model with focus on data units on each layer, which is necessary to process during analyzation. In terms of the actual processing of big data is described programming model MapReduce, architecture of Apache Hadoop technology and it‘s usage for processing network flows on computer cluster. Second part of this thesis deals with design and following implementation of the application for processing network flows from network communication. In this part are discussed main and problematic parts from the actual implementation. After that this thesis ends with a comparison with available applications for network analysis and evaluation set of tests which confirmed linear growth of acceleration.
|
|
|
Correlating IPFIX Records of Proxy Server Traffic
Krůl, Michal ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This thesis engages the problem of correlation the network flow records. It tries to find solution, which would allow to automatically pinpoint correlating flows on both sides of the proxy server. For this purpose, a dataset containing captured network traffic is created, which then serves as a base for analysis. Based on the results of the analysis a solution is presented, which is consequently tested and discussed.
|
|
|
Zero Copy Packet Processing
Plotěný, Ondřej ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
Cílem této magisterské práce je návrh a implementace síťové sondy pro sledování toků na 10GbE rozhraní. Text se zabývá přehledem GNU/Linux nástrojů využívaných ve vysokorychlostních sítích a principů jejich fungování. Dále pak je uveden návrh a implementace sondy využívající mechanismu zero-copy pro sledování provozu na 10GbE rozhraní. Aplikace využívá Expresní datové cesty (XDP) a jeho AF_XDP soketu pro zachycení provozu na rozhraní. Jako testovací platforma byla vybrána platforma NETX používaná na FIT VUT.
|
|
|
Traffic Analysis of Network Protocols Kerberos, NTLM, and SAML 2.0
Krůl, Michal ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
This thesis engages the problem consisting of analysis and detection of the attacks carried out on the authentication protocols in the environment of network structures, like those used in big corporations. In~this thesis, the problem is examined in the light of the netflow analysis. Main content of the thesis is a simulation of the attacks targeting network architectures, where the authentication is served by mentioned protocols, and effort to detect these attack by the netflow monitoring. The outcome of this thesis is a draft, how to automatically detect the attacks carried out in the network structures, and plugin for the exporter of the Flowmon sond, the product of Flowmon Networks company, which will be extracting the information needed for the performance of the detection.
|
|
|
Correlating IPFIX Records of Proxy Server Traffic
Krůl, Michal ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This thesis elabortes the problem of correlation of the network flow records. It tries to find solution, which would allow to automatically correlate flows from both sides of the proxy server. For this purpose, a dataset containing captured network traffic is created, which then serves as a base for analysis. Based on the results of the analysis a solution is presented, which is consequently tested and discussed.
|
|
|
Fast Generator of Network Flows
Budiský, Jakub ; Dvořák, Milan (referee) ; Matoušek, Jiří (advisor)
Tato diplomová práce se věnuje analýze existujících řešení pro generování síťového provozu určeného k testování síťových komponent. Zaměřuje se na generátory na úrovni IP síťových toků a pokrývá návrh a implementaci generátoru, zvaného FLOR, schopného vytvářet syntetický síťový provoz rychlostí až několik desítek gigabitů za sekundu. K plánování toků využívá náhodného procesu. Vytvořená aplikace je otestována a porovnána s existujícími nástroji. V závěru jsou navrženy další vylepšení a optimalizace.
|
|
|
Testing of Probes for Network Traffic Monitoring
Sobol, Jan ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
In order to ensure a secure and stable Internet, administrators need tools for network monitoring which will allow them to analyze ongoing network traffic and respond to situations in a timely manner. One way to monitor traffic is to use monitoring probes. This thesis focuses on a thorough verification of the parameters of existing probes IPFIX probe and FlexProbe. FlexProbe is a network probe designed for the implementation of lawful interceptions developed at FIT BUT in cooperation with the Police of the Czech Republic. The IPFIX probe is developed by the CESNET association and is used for flow monitoring within the FlexProbe probe. In order to be able to operate the probes in the target environment for a long time, it is necessary to thoroughly test the device. The exact behavior of the probe is defined by the specification requirements that are developed for both probes. Based on the requirements, a comprehensive test system covering functional and performance parameters of the probes was designed. The tests are unified using a test framework and included in automated scenarios implemented in system Jenkins. At the end of the thesis, the coverage of the required properties of the probes and their performance is evaluated.
|
|
|
Correlating IPFIX Records of Proxy Server Traffic
Krůl, Michal ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This thesis elabortes the problem of correlation of the network flow records. It tries to find solution, which would allow to automatically correlate flows from both sides of the proxy server. For this purpose, a dataset containing captured network traffic is created, which then serves as a base for analysis. Based on the results of the analysis a solution is presented, which is consequently tested and discussed.
|
guest ::
