Abstract
In this paper, we introduce an interactive Internet traffic replay tool, TCPopera. TCPopera tries to accomplish two primary goals: (1) replaying TCP connections in a stateful manner, and (2) supporting traffic models for trace manipulation. To achieve these goals, TCPopera emulates a TCP protocol stack and replays trace records interactively in terms of TCP connection-level and IP flow-level parameters. Due to the stateful emulation of TCP connections, it ensures no ghost packet generation which is a critical feature for live test environments where the accuracy of protocol semantics are of fundamental importance. In our validation tests, we showed that TCPopera successfully reproduces trace records in terms of a set of traffic parameters. Also we demonstrated how TCPopera can be deployed in test environments for intrusion detection and prevention systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The InterOperability Laboratory (IOL) homepage, http://www.iol.unh.edu (accessed March 12, 2005)
The Wisconsin Advanced Internet Laboratory (WAIL) homepage, http://wail.cs.wisc.edu (accessed March 12, 2005)
The Network Simulator (NS-2) homepage, http://www.isi.edu/nsnam/ns (accessed March 12, 2005)
Scalable Simulation Framework Research Network (SSFNET) homepage, http://www.ssfnet.org (accessed March 12, 2005)
Vahdat, A., Yocum, K., Walsh, K., Mahadevan, P., Kosti, D., Chase, J., Becker, D.: Scalability and accuracy in a large-scale network emulator. SIGOPS Oper. Syst. Rev. 36, 271–284 (2002)
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An Integrated Experimental Environment for Distributed Systems and Networks. In: OSDIO2, Boston, MA, pp. 255–270 (2002)
Peterson, L., Anderson, T., Culler, A., Roscoe, T.: A blueprint for introducing disruptive technology into the Internet. SIGCOMM Comput. Commun. Rev. 33(1), 59–64 (2003)
Touch, J.: Dynamic Internet overlay deployment and management using the X-Bone. In: ICNP 2000: Proceedings of the 2000 International Conference on Network Protocols, pp. 59–67 (2000)
Bajcsy, R., Benzel, T., Bishop, M., Braden, B., Brodley, C., Fahmy, S., Floyd, S., Hardaker, W., Joseph, A., Kesidis, G., Levitt, K., Lindell, B., Liu, P., Miller, D., Mundy, R., Neuman, C., Ostrenga, R., Paxson, V., Porras, P., Rosenberg, C., Tygar, J.D., Sastry, S., Sterne, D., Wu, S.F.: Cyber defense technology networking and evaluation. Commun. ACM 47(3), 58–61 (2004)
POSIX Thread tutorial page: http://www.llnl.gov/computing/tutorials/workshops/workshop/pthreads/MAIN.html (accessed March 13, 2005)
Rizzo, L.: Dummynet: a simple approach to the evaluation of network protocols. ACM Computer Communication Review 27(1), 31–41 (1997)
MIT Lincoln Labs. DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/ (accessed March 13, 2005)
The Snort homepage, http://www.snort.org/ (accessed March 13, 2005)
The TCPREPLAY & FLOWRELAY homepage, http://tcpreplay.sourceforge.net/ (accessed March 14, 2005)
The TCPDUMP homepage, http://www.tcpdump.org/ (accessed March 14, 2005)
The libpcap project homepage, http://sourceforge.net/projects/libpcap/ (accessed March 14, 2005)
Feng, W.-c., Goel, A., Bezzaz, A., Feng, W.-c., Walpole, J.: TCPivo: a high-performance packet replay engine. In: MoMeTools 2003: Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, pp. 57–64 (2003)
Cheng, Y., Hölzle, U., Cardwell, N., Savage, S., Voelker, C.M.: Monkey See, Monkey Do: A Tool for TCP Tracing and Replaying. In: USENIX Annual Technical Conference, General Track, pp. 87–98 (2004)
The Tomahawk Test Tool homepage, http://tomahawk.sourceforge.net/ (accessed March 14, 2005)
The LIBNET project homepage, http://www.packetfactory.net/libnet/ (accessed March 16, 2005)
The libpcap project homepage, http://sourceforge.net/projects/libpcap/ (accessed March 14, 2005)
Stevens, W.R., Write, G.R.: TCP/IP illustrated: the implementation, vol. 2. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (1995)
Jacobson, V.: Congestion avoidance and control. SIGCOMM Comput. Commun. Rev. 18(4), 314–329 (1988)
Jacobson, V.: Berleley TCP Evolution from 4.3-Tahoe to 4.3-Reno. In: Proceedings of the Eighteenth Internet Engineering Task Force. University of British Columbia, Vancouver (1990)
Jacobson, V.: Modified TCP Congestion Avoidance Algorithm. end2end-interest mailing list (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hong, SS., Wu, S.F. (2006). On Interactive Internet Traffic Replay. In: Valdes, A., Zamboni, D. (eds) Recent Advances in Intrusion Detection. RAID 2005. Lecture Notes in Computer Science, vol 3858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663812_13
Download citation
DOI: https://doi.org/10.1007/11663812_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31778-4
Online ISBN: 978-3-540-31779-1
eBook Packages: Computer ScienceComputer Science (R0)