1 / 17

First step into Trace Analysis

First step into Trace Analysis. What is Trace. Measurement data from real world networks Wired networks: netflow traces Wireless networks: Association trace, encouter trace…… More general traces which represent other types of networks: GPS trace (Cabspoting). Different types of Traces.

ldrummond
Download Presentation

First step into Trace Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. First step into Trace Analysis

  2. What is Trace • Measurement data from real world networks • Wired networks: netflow traces • Wireless networks: Association trace, encouter trace…… • More general traces which represent other types of networks: GPS trace (Cabspoting)

  3. Different types of Traces • Encounter traces • The Intel/Cambridge Haggle/Pocket Switch Network project • The U of Toronto PDA-based encounter experiments • Your own encounter trace • Cellphone traces • MIT Reality Mining: encounter, location of users (by cellphone tower/bluetooth), call log

  4. Different types of Traces • WLAN traces • UF traces, USC traces, Dartmouth • Vehicular traces • Cabspotting

  5. Format of UF WLAN trace • The format shown below is not the format from raw trace data • Association Trace • <time of the event in seconds>  <Access Point> <Event>  <MAC> • Login Trace • <Time of the event in seconds> <Gateway>  LOGIN  <MAC> <Username> <Session ID>

  6. Format of UF WLAN trace • Logout trace • <Time of the event in seconds> <Gateway>  LOGOUT  <MAC> <Username> <Session ID> <duration of session in seconds> <bytes_in> <bytes_out> <packet_in> <packet_out>

  7. The TRACE framework Analyze Represent Trace Characterize (Cluster) MobiLib Employ (Modeling & Protocol Design)

  8. Analyze the trace • You should have your own perspective about what to investigate • Make sure that the trace itself or together with some other possible resource can provide enough information you need • Decide a scheme to parse the trace or decide what kind of tools(database…) to use to get the information out of trace in your desired format (representation)

  9. Analyze the trace • Now, its time to sit down and extract useful information from the trace! • Then, you already convert the trace into a special representation or format. Try to identify a way to analyze it, many possibilities

  10. Example • Study the daily user flow relationship among locations • From the association trace, we can build a network among all the building around campus • If there is a user which first associates with one AP in Building A and then go to Building B and make another association, we draw an edge between A and B • The weight of the edge donates the number of users transition from A to B in a day

  11. Cont • Representation • Matrix with (a,b) donates the outflux from A to B • Then process the trace and populate the entries of the matrix, in the same run you may also want to get some other details (lags, sequence….)

  12. Cont • Get your results • Analyze it with any software, algorithm you want

  13. Access Points Syslogs • Users are reported by MAC addresses • When they associate with a AP • When they disaccosiate from a AP • When they roam away from a AP • When some other event happens (error in packet checksum, max retry for a packet reached, etc.)

  14. Authentication server syslogs • The authentication server reports the following events • DHCP lease – IP xxx is given to MAC yyy • User log in – User Gatorlink-ID logs in from MAC yyy • User log out – User Gatorlink-ID logs out, and it has been online for time ttt, sent/received bbb bytes • Every 30 minutes, each online user is reported for its traffic usage in the past 30 mins

  15. Tricks of Trace Processing • Identify a common format that you can convert multiple traces into • I use one file for each user, within each file, each line represents “time location duration” • Abuse your hard drive • Keep intermediate results if they take long time to generate.... You will thank your former self years after you generated those files

More Related