Skip to main content
SpringerLink
Log in

On Interactive Internet Traffic Replay

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3858))

Included in the following conference series:

Abstract

In this paper, we introduce an interactive Internet traffic replay tool, TCPopera. TCPopera tries to accomplish two primary goals: (1) replaying TCP connections in a stateful manner, and (2) supporting traffic models for trace manipulation. To achieve these goals, TCPopera emulates a TCP protocol stack and replays trace records interactively in terms of TCP connection-level and IP flow-level parameters. Due to the stateful emulation of TCP connections, it ensures no ghost packet generation which is a critical feature for live test environments where the accuracy of protocol semantics are of fundamental importance. In our validation tests, we showed that TCPopera successfully reproduces trace records in terms of a set of traffic parameters. Also we demonstrated how TCPopera can be deployed in test environments for intrusion detection and prevention systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The InterOperability Laboratory (IOL) homepage, http://www.iol.unh.edu (accessed March 12, 2005)

  2. The Wisconsin Advanced Internet Laboratory (WAIL) homepage, http://wail.cs.wisc.edu (accessed March 12, 2005)

  3. The Network Simulator (NS-2) homepage, http://www.isi.edu/nsnam/ns (accessed March 12, 2005)

  4. Scalable Simulation Framework Research Network (SSFNET) homepage, http://www.ssfnet.org (accessed March 12, 2005)

  5. Vahdat, A., Yocum, K., Walsh, K., Mahadevan, P., Kosti, D., Chase, J., Becker, D.: Scalability and accuracy in a large-scale network emulator. SIGOPS Oper. Syst. Rev. 36, 271–284 (2002)

    Article  Google Scholar 

  6. White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An Integrated Experimental Environment for Distributed Systems and Networks. In: OSDIO2, Boston, MA, pp. 255–270 (2002)

    Google Scholar 

  7. Peterson, L., Anderson, T., Culler, A., Roscoe, T.: A blueprint for introducing disruptive technology into the Internet. SIGCOMM Comput. Commun. Rev. 33(1), 59–64 (2003)

    Article  Google Scholar 

  8. Touch, J.: Dynamic Internet overlay deployment and management using the X-Bone. In: ICNP 2000: Proceedings of the 2000 International Conference on Network Protocols, pp. 59–67 (2000)

    Google Scholar 

  9. Bajcsy, R., Benzel, T., Bishop, M., Braden, B., Brodley, C., Fahmy, S., Floyd, S., Hardaker, W., Joseph, A., Kesidis, G., Levitt, K., Lindell, B., Liu, P., Miller, D., Mundy, R., Neuman, C., Ostrenga, R., Paxson, V., Porras, P., Rosenberg, C., Tygar, J.D., Sastry, S., Sterne, D., Wu, S.F.: Cyber defense technology networking and evaluation. Commun. ACM 47(3), 58–61 (2004)

    Article  Google Scholar 

  10. POSIX Thread tutorial page: http://www.llnl.gov/computing/tutorials/workshops/workshop/pthreads/MAIN.html (accessed March 13, 2005)

  11. Rizzo, L.: Dummynet: a simple approach to the evaluation of network protocols. ACM Computer Communication Review 27(1), 31–41 (1997)

    Article  Google Scholar 

  12. MIT Lincoln Labs. DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/ (accessed March 13, 2005)

  13. The Snort homepage, http://www.snort.org/ (accessed March 13, 2005)

  14. The TCPREPLAY & FLOWRELAY homepage, http://tcpreplay.sourceforge.net/ (accessed March 14, 2005)

  15. The TCPDUMP homepage, http://www.tcpdump.org/ (accessed March 14, 2005)

  16. The libpcap project homepage, http://sourceforge.net/projects/libpcap/ (accessed March 14, 2005)

  17. Feng, W.-c., Goel, A., Bezzaz, A., Feng, W.-c., Walpole, J.: TCPivo: a high-performance packet replay engine. In: MoMeTools 2003: Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, pp. 57–64 (2003)

    Google Scholar 

  18. Cheng, Y., Hölzle, U., Cardwell, N., Savage, S., Voelker, C.M.: Monkey See, Monkey Do: A Tool for TCP Tracing and Replaying. In: USENIX Annual Technical Conference, General Track, pp. 87–98 (2004)

    Google Scholar 

  19. The Tomahawk Test Tool homepage, http://tomahawk.sourceforge.net/ (accessed March 14, 2005)

  20. The LIBNET project homepage, http://www.packetfactory.net/libnet/ (accessed March 16, 2005)

  21. The libpcap project homepage, http://sourceforge.net/projects/libpcap/ (accessed March 14, 2005)

  22. Stevens, W.R., Write, G.R.: TCP/IP illustrated: the implementation, vol. 2. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (1995)

    Google Scholar 

  23. Jacobson, V.: Congestion avoidance and control. SIGCOMM Comput. Commun. Rev. 18(4), 314–329 (1988)

    Article  Google Scholar 

  24. Jacobson, V.: Berleley TCP Evolution from 4.3-Tahoe to 4.3-Reno. In: Proceedings of the Eighteenth Internet Engineering Task Force. University of British Columbia, Vancouver (1990)

    Google Scholar 

  25. Jacobson, V.: Modified TCP Congestion Avoidance Algorithm. end2end-interest mailing list (1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Davis, CA, 95616, USA

    Seung-Sun Hong & S. Felix Wu

Authors
  1. Seung-Sun Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Felix Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SRI International, 333 Ravenswood Ave., 94025, Menlo Park, CA, USA

    Alfonso Valdes

  2. IBM Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Diego Zamboni

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hong, SS., Wu, S.F. (2006). On Interactive Internet Traffic Replay. In: Valdes, A., Zamboni, D. (eds) Recent Advances in Intrusion Detection. RAID 2005. Lecture Notes in Computer Science, vol 3858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663812_13

Download citation

  • DOI: https://doi.org/10.1007/11663812_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31778-4

  • Online ISBN: 978-3-540-31779-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation