In scope of my PhD as well as my work as researcher, among other things, I also researched the concept of dynamic distribute remote packet capturing. Some results of this work were published in the paper: “Monitoring Traffic in Computer Networks with Dynamic Distributed Remote Packet Capturing,” Ruediger Gad, Martin Kappes, Inmaculada Medina-Bulo, 2015 IEEE International Conference on Communications (ICC), London, UK.
For the evaluation of this approach, I developed the Distributed Remote Packet Capturing (DRePCap) prototype, which was released as Open Source Software. The empirical results in the paper mentioned above were obtained with this prototype.
Other approaches for remotely capturing packets are, e.g., rpcap or packet capturing via SSH. However, these approaches are typically comparably simple in the way that they only explicitly consider single sensor operation and point-to-point connections between remote packet capturing sensor and data receiver. The concept of dynamic distributed remote packet capturing aims on providing more advanced functionality like:
- providing an overarching infrastructure for network wide remote packet capturing that can be used by an arbitrary number of receivers and with an arbitrary number of sensors,
- dynamic configuration of packet capturing sensors,
- dynamic routing of the captured packet data to potentially multiple destinations,
- or easing packet capturing at multiple remote sensors at the same time.
Furthermore, for improving the performance and usability, the concept is also capable to:
- employ cooperative sensors for improving the packet capturing performance,
- self-adaptive sampling for avoiding overload situations at individual sensors,
- and self-adaptive sensor cooperation in order to ease the usability of operating multiple sensors.
DRePCap consists of four general components:
- a communication infrastructure,
- packet capturing sensors,
- mergers for merging packet data from multiple sensors,
- and a front-end for controlling DRePCap that, right now, also contains the self-adaptation logic.
In the following figure, an overview of the DRePCap architecture is shown:
In this post, I just briefly present the high-level overview of the dynamic distributed remote packet capturing concept and of DRePCap. For more details, please refer to the paper mentioned above, for now. As time permits, I will try to add some more posts about DRePCap as well as the associated sub-projects.