Globecom 2004

Tu18: Internet Traffic Monitoring and Analysis: Methods and Applications

Duration: Half Day (Friday am, Dec. 3)

Instructor:
James W. Hong, Dept. of Computer Science and Engineering, POSTECH, Korea

Abstract:
Today, multi-gigabit networks are becoming common in Internet service providers
(ISP) and enterprise networks. The bandwidth of ISP's backbone networks is evolving from OC-48 (2.5 Gbps) to OC-192 (10 Gbps) to support rapidly increasing Internet traffic. Also, enterprise networks are evolving from 100-Mbps or 1-Gbps to 10-Gbps networks. Further, the types of traffic on these networks are changing from simple text and image based traffic to more sophisticated and higher volume traffic (such as streaming rich media, voice and peer-to-peer). Monitoring and analyzing such high-speed, high-volume and complex network traffic is needed, but it lies beyond the boundaries of most traditional monitoring systems. Various application areas are requiring information generated from such traffic monitoring and analysis. For example, such information can be used for 1) usage-based billing, 2) network security attack analysis, 3) user network usage analysis, 4) network capacity planning, 5) customer relationship management, and so on. Many of these applications are critical to the business, operations and management of ISPs and enterprises.
This tutorial will present the techniques involved in capturing and examining packets, generating and storing flows, and analyzing them for various purposes and applications. Active and passive packet monitoring techniques and tools are compared and discussed. Monitoring and analysis tools such Cisco NetFlow, cflowd, CoralReef, argus, and NG-Mon are examined. Application areas of such monitoring and analysis tools will also be explored.

Instructor Bios:
James Won-Ki Hong is an associate professor in the Dept. of Computer Science
and Engineering, POSTECH ( www.postech.ac.kr ), Pohang, Korea. He received
a Ph.D. degree from the University of Waterloo, Canada in 1991 and an M.S.
degree from the University of Western Ontario in 1985. He has worked on
various research projects on network and systems management, with a special
interest in applying Web, Java, CORBA, and XML technologies. His research
interests include network and systems management, distributed computing, and
network monitoring and planning. He has published more than 100 international
journal and conference papers. He is the Director of Distributed Processing
and Network Management Lab (dpnm.postech.ac.kr) at POSTECH. He has served as
Technical Chair (1998-2000) and Vice Chair (2003-present) for IEEE CNOM.
He is also serving as Director of Online Content for the IEEE Comsoc for two
years starting Jan. 2004. He is a NOMS/IM Steering Committee Member and
a Standing Committee Member of APNOMS ( www.apnoms.org ). He was technical
co-chair of NOMS 2000 and APNOMS'99. He was Finance Chair and Chair of Local
Planning Committee for NOMS 2004 ( www.noms2004.org ). He is Finance Chair for IM 2005 ( www.im2005.org ). He is an editorial advisory board member of International Journal on Network Management (IJNM). He is also editor-in-chief of KNOM Review Journal. He is also serving as Chair of KICS KNOM ( www.knom.or.kr ). He is a member of IEEE, KICS, KNOM, and KISS.