Transcript New CAIDA Initiatives: skitter, cflowd, security,coral

CoralReef:Analysis Tools
platform for passive network monitoring
collection of coral tools
[email protected]
outline
• what is CoralReef?
• software modules:
–
–
–
–
–
drivers
libcoral
CRL.pm
analysis programs
report generation
• status and future
what is CoralReef?
• software distribution
– collection of coral tools
– suggestions and automation for analysis
• operational side of caida's coral project
• collection point for enhancements
• platform for development/research
why is it desired?
• largely motivated by complaints about
existing state of coral tools and
configuration management
•
•
•
•
non-hardware costs of deployment
provides common methodologies
support for trend analysis
how often/what to collect
software modules: overview
libcoral - inputs
• capture devices
–
–
–
–
oc3mon
oc12mon
oc48mon
DAG cards
• trace files
• tcpdump
• headers-only, partial & full packets
• network configuration files
– encapsulation (LLC/SNAP, null, NLPID)
– filtering
– labeling
libcoral - APIs
• reading/processing
–
–
–
–
–
block
- buffer of ATM cells
cell
- single cell at a time
packet
- (partial) reassembly
callback - allows multiple modules
interface merging/timestamp reordering
• writing/capturing/encoding
• configuration controls
CRL.pm
•
•
•
•
perlized access to libcoral
header field extraction (ip_len, etc)
flows analysis support
statistics modules
analysis programs
• real-time, continuous
collection in C
• can avoid trace collection
• generate summaries
– text
– html
– arts++
analysis reporting
•
•
•
•
•
basic traffic characterization
AS matrices
configurable net-net matrices
checksum verification
traffic import and export
analysis reports: AS Matrices
report generation
• summaries transferred from
monitor to web server
• reports designed so they can be
easily parsed back to raw data
• periodic html generation
• on-demand CGI summaries
status and future
• initial 3.0 release on copyright approval
• priorities
–
–
–
–
–
regression testing suites
libcoral module API
better automation and management
Table.pm
Arts/cflowd file support/NeTraMet
acknowledgements
• CoralReef Team:
–
–
–
–
–
–
–
–
–
Nancy Bachman
Jambi Ganbar
Ken Keys
Ryan Koga
Esmond Lee
Sean McCreary
David Moore
Mike Tesch
Mike Young
• Steve Feldman (MAE west)
• Kevin Thompson (MCI)
• Bill Jensen (University Wisconsin
Madison)
• Hans-Werner Braun (NLANR)
• k claffy (CAIDA)
[email protected]
cooperative association for Internet data analysis
(CAIDA)
University of California’s
San Diego Supercomputer Center
http://www.caida.org/Tools/CoralReef/