User login

Search Projects

Project Members

Web-based Application Protocol Monitor

Knowing the application protocol of packets is useful in a number of ways, notably in traffic shaping to optimize performance while achieving reduced latency and also, in analysing Internet usage patterns. Current techniques rely on Deep Packet Inspection which examines the entire payload of a packet when it passes through an inspection point which introduces a number of concerns, particularly with regard to privacy and security. As an alternative, the WAND group has developed a library called “Libprotoident” that identifies the application protocol(e.g HTTP, Skype, etc) using only a small amount of packet payload. However, Libprotoident only produces textual output which is difficult to explore and interpret.

Hence, the objective of my project is to create a web-based application protocol monitor to visualise the results produced by Libprotoident, which includes producing real-time interactive graphs that supports functions such as zooming and panning, and also allow users to customize the protocols displayed.

This honours project has been completed, but the work towards a web-based application protocol monitor has now been merged into the Cuz project.




Spent the week working on my collector.
Started with a simple Libtrace skeleton program and added features to it gradually with Shane's help. I played around with it and added code so that it would count the incoming and outgoing flows and output that every 2mins to the console using a Libwandevent timer. Also used Libwandevent to add and handle SIGINT signals. Then, I used Libflowmanager to keep track of flows and get rid of the ones that had expired and added code to keep counters for the new and expired flows, which were output to the console too. Finally, I had a look at Libprotoident's tool (lpi_live) and modified my code so that it used Libprotoident to identify the application protocol of flows.

Currently, the program outputs the results of processing the packets every n seconds(where n is a value specified in the command line arguments). Next, I have to modify the program to export the output over a network.




Started this week by meeting with Shane, where he went over Libprotoident, Libtrace, Libflowmanager, lpi_live, etc. Also had a look at a trace file with some packet capture data from an ISP. Spent most of my time taking care of assingments and assigned readings, though.

Going away for the weekend, but will try to have a look at the 301 lecture notes and lpi_live before next week.




Spent around an hour or so working on the blurb description last week, and more time than than I would have liked working on the proposal this week. Shane was very helpful, commenting on stuff I could add to the proposal and whatnot. That included going through a proposed implementation plan, which makes things much clearer now.

He was also kind enough to show me around and I finally got around to sorting out lab access to the WAND hardware lab. Will try to spend some time in the labs everyday -- chances are I'll be more productive in a "serious" environment.

For the next 2-3 weeks, the plan is to play around with Libprotoident and have a look at the examples, source code, etc but assignments are cropping up too, so not sure how well I'll be able to stick to the proposed schedule.