Consistency of Network Traffic Repositories: An Overview
Traffic repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffic that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the traffic capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions.
This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps”. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.
- 1.Timmer, M.: How to identify the speed limiting factor of a TCP flow, http://dacs.ewi.utwente.nl/assignments/completed/bachelor/reports/B-assignment_Timmer.pdf (retrieved October 5, 2008)
- 2.Slomp, G.: Consistency of repositories. Presented at: 8th TSConIT, http://referaat.cs.utwente.nl/new/paper.php?paperID=377 (retrieved October 5, 2008)
- 3.Lastdrager, E.E.H.: Consistency analysis of network traffic repositories. Presented at: 10th TSConIT, http://referaat.cs.utwente.nl/new/paper.php?paperID=464 (retrieved February 20, 2009)
- 4.van de Meent, R., Pras, A.: Simpleweb/University of Twente – Traffic Measurement Data Repository, http://traces.simpleweb.org (retrieved October 5, 2008)
- 5.Cho, K., Mitsuya, K., Kato, A.: Traffic data repository at the WIDE project. In: Proc. USENIX Annual Technical Conference, p. 51 (2000)Google Scholar
- 6.Lastdrager, E.E.H.: Prototype and results, http://www.vf.utwente.nl/~lastdragereeh/referaat