local area network layer-2 topology mapping local area network layer-2 topology mapping doron peled...
Post on 20-Dec-2015
215 views
TRANSCRIPT
Local Area Network Layer-2 Topology Mapping
Doron PeledDoron PeledMichal RimmerMichal RimmerSupervisor: Zigi WalterSupervisor: Zigi Walter
Networked Software Systems LabNetworked Software Systems Lab Department of Electrical Engineering Department of Electrical Engineering
Technion - Israel Institute of TechnologyTechnion - Israel Institute of Technology
Winter semester 2009
DescriptionDescription Goal: Determining the layer-2 topology for an unknown LAN.
Means: One end-point member of the LAN, without any special equipment.
The Challenge: Layer-2 equipment has no signature of its own in the LAN so there is no known straightforward way to map the LAN’s layer-2.
Our solution: A statistical estimation approach that we have developed. This approach is based on correlation measures that was used in the articles [1],[2] .
[1] “Network Radar: Tomography from Round Trip Time Measurements” , Yolanda Tsang, Mehmet Yildiz, Paul Barford, Robert Nowak[2] “Maximum Likelihood Network Topology Identification from Edge-based Unicast Measurements” , Mark Coates, Rui Castro, Robert Nowak
a b c dS
Unknown LANUnknown LAN
Our Solution – The Mathematical Our Solution – The Mathematical ConceptConcept
Estimate the shared path between each 2 members by finding statistic correlation behavior between members of the LAN:
The solution is based on sending a large number of combinations to all possible combination of couple LAN members.
Each combination is 2 ICMP messages (pings) sent to 2 different members in the LAN.
The estimation of the path which 2 members of the LAN are sharing is based on the RTT (Round Trip Time) data which was collected and analyzed by our tools.
By cross analyzing all the statistics which is gathered it is possible to estimate the topology of the LAN.
a b c dS
R
Split Point
Shared Path
between a and b
Our Solution – The Software Our Solution – The Software ToolsTools Packet Generator (we developed in C++ , Linux) :
Prepares and sends the ICMP combinations rapidly. Designed to send all the messages in the same combinations as adjust as possible.
Wireshark Sniffer (Open Source in C++, Linux): Records all network traffic. For this solution we record only ICMP protocol
by a built in filter.
Parser (we developed in Perl , Linux): By parsing the huge Wireshark output files we receive smaller files
containing only relevant information in the right format for the Results Analyzer. Also, we filter any package which is not a ping or the response (“pong”) between the relevant members.
Results Analyzer (we developed in Matlab, Windows) : Analyzes the data and gives the statistics results in tables and graphs.
Overview - source computerOverview - source computer
WireShark(open source)
NE
TW
OR
K A
DP
TE
R Packet
Generator)c(++
Ou
tpu
t F
ile
Parser(Perl)
Ou
tpu
t F
ileStatistics
Analyze Function (Matlab)
ONLINE Software Tools
“real time”
OFFLINESoftware Tools
Hardware
Examples and Results
Results: All the tools were examined and proved to be working correctly. From all the experiments the final results were inconclusive, yet
have shown that our suggested approach is probable.
1450 1500 1550 1600
2.05
2.1
2.15
2.2
2.25
2.3
x 10-4
Combo number
RT
T [
sec]
RTT Raw Data
132.68.61.238
132.68.61.222Avrege
132.68.61.238
Avrege132.68.61.222
1200 1220 1240 1260 1280 1300
2
2.2
2.4
2.6
2.8
3
3.2
3.4
x 10-4
Combo numberR
TT
[se
c]
RTT Raw Data
132.68.56.164
132.68.49.191Avrege
132.68.56.164
Avrege132.68.49.191
High correlation behavior of RTT 2 members which share the same layer-2 switch in the LAN
Low correlation behavior of RTT 2 members which are distant from each other in the layer-2 topology