Dynamic Distributed Remote Packet Capturing with DRePCap

In scope of my PhD as well as my work as researcher, among other things, I also researched the concept of dynamic distribute remote packet capturing. Some results of this work were published in the paper: “Monitoring Traffic in Computer Networks with Dynamic Distributed Remote Packet Capturing,” Ruediger Gad, Martin Kappes, Inmaculada Medina-Bulo, 2015 IEEE International Conference on Communications (ICC), London, UK.

For the evaluation of this approach, I developed the Distributed Remote Packet Capturing (DRePCap) prototype, which was released as Open Source Software. The empirical results in the paper mentioned above were obtained with this prototype.

Other approaches for remotely capturing packets are, e.g., rpcap or packet capturing via SSH. However, these approaches are typically comparably simple in the way that they only explicitly consider single sensor operation and point-to-point connections between remote packet capturing sensor and data receiver. The concept of dynamic distributed remote packet capturing aims on providing more advanced functionality like:

  • providing an overarching infrastructure for network wide remote packet capturing that can be used by an arbitrary number of receivers and with an arbitrary number of sensors,
  • dynamic configuration of packet capturing sensors,
  • dynamic routing of the captured packet data to potentially multiple destinations,
  • or easing packet capturing at multiple remote sensors at the same time.

Furthermore, for improving the performance and usability, the concept is also capable to:

  • employ cooperative sensors for improving the packet capturing performance,
  • self-adaptive sampling for avoiding overload situations at individual sensors,
  • and self-adaptive sensor cooperation in order to ease the usability of operating multiple sensors.

DRePCap consists of four general components:

In the following figure, an overview of the DRePCap architecture is shown:

drepcap_architecture

In this post, I just briefly present the high-level overview of the dynamic distributed remote packet capturing concept and of DRePCap. For more details, please refer to the paper mentioned above, for now. As time permits, I will try to add some more posts about DRePCap as well as the associated sub-projects.

Advertisements
This entry was posted in DRePCap, Libs. and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s