Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers.

Published byMyles Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers."— Presentation transcript:

1 Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University of Technology Göteborg, Sweden

2 2007-11-24IMC 2007 Overview 1.Introduction 2.Traffic properties IP properties TCP properties 3.Header anomalies 4.Conclusions

3 2007-11-24IMC 2007 Introduction: Measurement location Internet Regiona l ISPs Göteborg Stockholm Other smaller Univ. and Institutes Göteborgs Univ. Student- Net 2x 10 Gbit/s (OC-192) 2x DAG6.2SE Cards capturing headers only IP addresses anonymized Chalmers Univ.

4 2007-11-24IMC 2007 Traffic Properties Data from 20 days in April 2006 2x74 traces, 7.5 TB 10.77 billion frames 99.97% IPv4 packets PacketsData TCP92.0 %..97.2 %.. UDP7.6 %..2.6 %.. ICMP0.2 %..0.1 %.. ESP, GRE0.2 %..0.1 %.

5 2007-11-24IMC 2007 Traffic Properties (2) Packet size distribution (former) default: 576 bytes 1300 bytes 628 bytes

6 2007-11-24IMC 2007 Traffic Properties: IP IP properties –No IP options (only 68 instances) –91.3% set DF bit –TOS: 0.02% ECN enabled packets

7 2007-11-24IMC 2007 Traffic Properties: IP (2) IP fragmentation rare (0.06%) 90% of fragmented packets incoming –97% UDP 10% outgoing –63% ESP, between 1 pair of hosts –VPN header causes fragmentation 72% of the fragmented traffic during office hours (10AM, 2PM)

8 2007-11-24IMC 2007 Traffic Properties: TCP TCP options in SYN segments TCP options values –MSS: from 0 to 65535 94% 1400-1460 (Ethernet max.) –WS: scale factors up to 14 58% scale factor zero 31% scale factor 2 MSSSACK perm.WSTS 99.2 %89.9 %17.9 %14.5 %

9 2007-11-24IMC 2007 Header Anomalies 10.7 billion IP packets 9.8 billion TCP segments

10 2007-11-24IMC 2007 Summary and Conclusions Updated packet-level characteristics of Internet traffic Inconsistencies in headers will appear –Network attacks and malicious traffic –Active OS fingerprinting –Buggy applications or protocol stacks

11 Thank you very much for you attention! Questions?

Download ppt "Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.

IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
Network Layer – IPv4 Dr. Sanjay P. Ahuja, Ph.D.

Network Layer – IPv4 Dr. Sanjay P. Ahuja, Ph.D.
NET0183 Networks and Communications Lectures 17 and 18 Measurements of internet traffic (IP) 8/25/20091 NET0183 Networks and Communications by Dr Andy.

NET0183 Networks and Communications Lectures 17 and 18 Measurements of internet traffic (IP) 8/25/20091 NET0183 Networks and Communications by Dr Andy.
COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.

11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
CSE331: Introduction to Networks and Security Lecture 7 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 7 Fall 2002.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.

Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker 2008-11-17.

IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
CS 6401 Internet Protocol Outline Introduction to Internet Protocol Header and address formats ICMP Tools.

CS 6401 Internet Protocol Outline Introduction to Internet Protocol Header and address formats ICMP Tools.
4: Network Layer4a-1 IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time.

4: Network Layer4a-1 IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

Similar presentations

Ads by Google