Consistency Analysis of Network Traffic Repositories

  • Elmer Lastdrager
  • Aiko Pras
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5733)


Traffic repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffic that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the traffic capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions.

This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps”. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.


Packet Loss Transmission Control Protocol Recording Device Consistency Analysis Java Virtual Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Timmer, M.: How to identify the speed limiting factor of a TCP flow, (retrieved at October 5, 2008)
  2. 2.
    Slomp, G.: Consistency of repositories. Presented at 8th TSConIT, (retrieved at October 5, 2008)
  3. 3.
    Lastdrager, E.E.H.: Consistency of network traffic repositories - an overview. In: Proceedings of 3rd Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 (2009)Google Scholar
  4. 4.
    Lastdrager, E.E.H.: Consistency analysis of network traffic repositories. Presented at 10th TSConIT, (retrieved at February 20, 2009)
  5. 5.
    Wessels, D., Fomenkov, M.: Wow, that’s a lot of packets. In: Proc. Passive and Active Measurements Workshop, PAM (2003)Google Scholar
  6. 6.
    van de Meent, R., Pras, A.: Simpleweb/University of Twente – Traffic Measurement Data Repository, (retrieved on October 5, 2008)
  7. 7.
    Deri, L.: Improving Passive Packet Capture: Beyond Device Polling. In: Proceedings of 4th International System Administration and Network Engineering Conference, SANE (October 2004)Google Scholar
  8. 8.
    Wu, W., Crawford, M., Bowden, M.: The performance analysis of linux networking - Packet receiving. Computer Communications 30(5), 1044–1057 (2007)CrossRefGoogle Scholar
  9. 9.
    Deri, L.: Towards 10 Gbit NetFlow Monitoring Using Commodity Hardware. Presentation at the joint Emanics / IRTF-NMRG workshop on NetFlow/IPFIX for network management, (retrieved on March 1, 2009)
  10. 10.
    Cho, K., Mitsuya, K., Kato, A.: Traffic data repository at the WIDE project. In: Proc. USENIX Annual Technical Conference, p. 51 (2000)Google Scholar
  11. 11.
    Lastdrager, E.E.H.: Prototype and results,
  12. 12.
    Postel, J.: RFC 793: Transmission Control Protocol, Internet Engineering Task Force (1981)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Elmer Lastdrager
    • 1
  • Aiko Pras
    • 1
  1. 1.University of Twentethe Netherlands

Personalised recommendations