User login

WAND News

07

Jul

2014

Libtrace 3.0.20 has been released -- more info here

21

Feb

2014

Libtrace 3.0.19 has been released -- more info here

05

Nov

2013

Libprotoident 2.0.7 has been released - more info.

28

Jun

2013

Libtrace 3.0.18 has been released -- more info here

24

Apr

2013

Libtrace 3.0.17 has been released -- more info here

Syndicate content

WAND Group

board
WAND is a research group at the University of Waikato Computer Science Department. The group is involved with a range of computer networks projects mostly focused around network measurement. The group has a strong international reputation and has close links, including collaborative research, with several other network measurement groups. These include CAIDA, Sprint and Agilent.

Our work includes collection of very long trace sets, network analysis and software to support this, active measurement systems, wireless networks for rural communities, rapid deployment networks, OS code based network simulation and network visualisation. Spinoffs from our work include Endace and Rural Link.

WAND Interesting Blogs

03

Jan

2013

Libtrace 3.0.16 has been released.

This release includes the new ring: format which is a much more efficient version of the existing int: format. More details on how ring: works and how much better it is than int: can be found here.

People currently using int: are encouraged to give ring: a try - at best, there should be no obvious difference between the two aside from your program using a lot less CPU time. If there are problems, bugs or strange behaviour, please let us know (email contact at wand.net.nz) so we can fix it in the next release.

This release also fixes the problems that occur when trying to capture packets using 'pcapint:any' as input and write them to disk using a different (i.e. non pcap) format and the double free bug that would occur when calling trace_destroy after using trace_event to read packets from a trace file.

The full list of changes in this release can be found in the libtrace ChangeLog.

You can download the new version of libtrace from the libtrace website.

07

Dec

2012

L7 Filter is used as a source of ground truth in the traffic classification field because it has been around for a long time and is widely known. However, my experiences with L7 Filter had raised a few questions in my mind with regard to its accuracy. After looking online, I did not find any evidence that L7 Filter is actually an accurate or reliable traffic classifier. In this blog post, I present some preliminary results from my own investigation into the correctness (or lack thereof) of L7 Filter's classifications using packet traces containing traffic for only a single known application.

07

Nov

2012

Libprotoident 2.0.6 has been released today.

This release adds support for 17 new protocols including Spotify, Runescape, Cryptic and Apple Facetime. The rules for a further 7 protocols have been improved.

This release also fixes a couple of bugs - in particular one where lpi_live would report erroneously high packet or byte counts.

We've also deprecated the P2P_Structure category as it was no longer serving the intended purpose due to the rise in BitTorrent file transfers over UDP that are indistinguishable from DHT traffic. All protocols that used to be P2P_Structure are now placed in the P2P category.

The full list of changes can be found in the libprotoident ChangeLog.

Download libprotoident 2.0.6 here!

25

Oct

2012

Updated on October 26, 2012 to reflect that the P2P_Structure category was not entirely reliable.

Introduction

Earlier this year, we managed to generate a bit of interest by studying changes in application protocol usage at one New Zealand ISP after the Copyright Amendment Act came into effect. This eventually led to a publication at IMC 2012, which can be accessed here.

One outstanding question from this work was whether the changes that we observed would persist, particularly given that there have been no notable instances of people being brought before the Copyright Tribunal and punished. Would people eventually revert back to their old methods of file-sharing or would they continue to use more obfuscated methods? Would those people that stopped file sharing return once they felt more secure in not being caught out?

With this in mind, we have updated our results with data captured from the same New Zealand ISP during September 2012, one year on from the CAA coming into force. Again, we have looked at the traffic for a subset of the ISP's DSL subscribers only. Unfortunately, we do not have detailed information about the number of subscribers using each protocol, but we do have statistics about the number of flows and bytes for each protocol (both incoming and outgoing) which we can make use of. In this blog post, I'll be comparing the most recent measurements with our earlier results to determine if anything has changed in the past few months.

08

Oct

2012

Libtrace 3.0.15 has been released.

This release fixes a few bugs in the previous release and adds a few minor improvements. In particular, this release fixes the problem where libtrace will claim pcap transmit is unsupported and the bug where Linux Native capture does not work on the loopback address. It also fixes some potential build errors introduced in the last release as a result of creating a separate library for libwandio.

The full list of changes in this release can be found in the libtrace ChangeLog.

You can download the new version of libtrace from the libtrace website.

23

Jul

2012

Last week REANNZ made an announcement launching their new New Zealand Broadband Test website. We heard a few reports of inconsistent or unexpected results when compared to expected or speedtest.net results and thought it worth a look to see how well it did in fact perform. If there were any problems then hopefully we could work with REANNZ to get them fixed and improve the experience for their users. The main part of this testing ended up involving getting the Network Diagnostic Tool (NDT) working satisfactorily in a lab environment, though our extra vantage point did help guide some improvements in the NZBT infrastructure.

Syndicate content