Abstract

Creating high quality network trace files is a difficult task to accomplish on a limited budget. High network speeds may overburden an individual system running packet logging software such as tcpdump, resulting in trace files with missing information and making analysis difficult or incomplete. High end specialized systems may perform the job well, but may be out of reach due to financial constraints. To the end we developed the Cheap Logger (CLog) system which utilizes inexpensive COTS hardware to create a high quality, complete network trace files. A scalable distributed storage system enables the CLog system to expand and continue to create high quality, complete network data trace files even at extremely high data rates.

References

  1. 1.
    Conduant corporation, http://www.conduant.com/
  2. 2.
  3. 3.
  4. 4.
    Libpcap c library, http://www.tcpdump.org
  5. 5.
    Network flight recorder, http://www.nfr.net/
  6. 6.
  7. 7.
  8. 8.
    Kim, H.-A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of USENIX Security Symposium, San Diego, CA, August 2004, pp. 271–286 (2004)Google Scholar
  9. 9.
    Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Communications of the ACM 21(7), 558–565 (1978)CrossRefMATHGoogle Scholar
  10. 10.
    McCanne, S., Floyd, S.: ns Network Simulator, http://www.isi.edu/nsnam/ns/
  11. 11.
    Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of USENIX OSDI, San Francisco, CA (December 2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Chad D. Mano
    • 1
  • Jeff Smith
    • 1
  • Bill Bordogna
    • 1
  • Aaron Striegel
    • 1
  1. 1.Department of Computer Science and EngineeringUniversity of Notre DameNotre DameUSA

Personalised recommendations