Skip to main content
Springer Nature Link
Log in

Passive, Streaming Inference of TCP Connection Structure for Network Server Management

  • Conference paper
Traffic Monitoring and Analysis (TMA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5537))

Included in the following conference series:

Abstract

We have developed a means of understanding the performance of servers in a network based on a real-time analysis of passively measured network traffic. TCP and IP headers are continuously collected and processed in a streaming fashion to first reveal the application-layer structure of all client/server dialogs ongoing in the network. Next, the representation of these dialogs are further processed to extract performance data such as response times of request-response exchanges for all servers. These data are then compared against archived historical distributions for each server to detect performance anomalies. Once found, these anomalies can be reported to server administrators for investigation.

Our method uncovers nontrivial performance anomalies in arbitrary servers with no instrumentation of the server nor even knowledge of the server’s function or configuration. Moreover, the entire process is completely transparent to servers and clients. We present the design of the tools used to perform this analysis, as well as a case study of the use of this method to uncover a significant performance anomaly in a UNC web portal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Feldmann, A.: BLT: Bi-Layer Tracing of HTTP and TCP/IP. In: Proc. of WWW-9 (2000)

    Google Scholar 

  2. Olshefski, D.P., Nieh, J., Nahum, E.: ksniffer: determining the remote client perceived response time from live packet streams. In: Proc. OSDI, pp. 333–346 (2004)

    Google Scholar 

  3. Olshefski, D., Nieh, J.: Understanding the management of client perceived response time. In: ACM SIGMETRICS Performance Evaluation Review, pp. 240–251 (2006)

    Google Scholar 

  4. Smith, F., Hernández-Campos, F., Jeffay, K.: What TCP/IP Protocol Headers Can Tell Us About the Web. In: Proceedings of ACM SIGMETRICS 2001 (2001)

    Google Scholar 

  5. Weigle, M.C., Adurthi, P., Hernández-Campos, F., Jeffay, K., Smith, F.: Tmix: a tool for generating realistic TCP application workloads in ns-2. ACM SIGCOMM CCR 36(3), 65–76 (2006)

    Article  Google Scholar 

  6. Hernández-Campos, F.: Generation and Validation of Empirically-Derived TCP Application Workloads. Ph.D. dissertation, Dept. of Computer Science, UNC Chapel Hill (2006)

    Google Scholar 

  7. Hernández-Campos, F., Jeffay, K., Smith, F.: Modeling and Generation of TCP Application Workloads. In: Proc. IEEE Int’l Conf. on Broadband Communications, Networks, and Systems (September 2007)

    Google Scholar 

  8. Broadhurst, R.E.: Compact Appearance in Object Populations Using Quantile Function Based Distribution Families. Ph.D. dissertation, Dept. of Computer Science, UNC Chapel Hill (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, USA

    Jeff Terrell, Kevin Jeffay & F. Donelson Smith

  2. ITS Communication Technologies, University of North Carolina, Chapel Hill, NC 27599

    Jim Gogan & Joni Keller

Authors
  1. Jeff Terrell
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin Jeffay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. F. Donelson Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jim Gogan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Joni Keller
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, F.O.R.T.H., Institute of Computer Science, Vassilika Vouton, P.O. Box 1385, 711 10, Heraklion, Greece, and University of Crete, P.O. Box 2208, 714 09, Heraklion, Crete, Greece

    Maria Papadopouli

  2. LAAS – CNRS, 7 Avenue du Colonel Roche, 31077, Toulouse, cedex 4, France

    Philippe Owezarski

  3. Dept. of Electrical Engineering, Mathematics and Computer Science, Design and Analysis of Communication Systems Group, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Aiko Pras

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Terrell, J., Jeffay, K., Smith, F.D., Gogan, J., Keller, J. (2009). Passive, Streaming Inference of TCP Connection Structure for Network Server Management. In: Papadopouli, M., Owezarski, P., Pras, A. (eds) Traffic Monitoring and Analysis. TMA 2009. Lecture Notes in Computer Science, vol 5537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01645-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01645-5_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01644-8

  • Online ISBN: 978-3-642-01645-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics