Network troubleshooting usually requires packet level traffic capturing and analyzing. Indeed, the observation of emission patterns sheds some light on the kind of degradation experienced by a ...connection. In the case of reliable transport traffic where congestion control is performed, such as TCP and QUIC traffic, these patterns are the fruit of decisions made by the congestion control algorithm (CCA), according to its own perception of network conditions. The CCA estimates the bottleneck’s capacity via an exponential probing, during the so-called “Slow-Start” (SS) state. The bottleneck is considered reached upon reception of congestion signs, typically lost packets or abnormal packet delays depending on the version of CCA used. The SS state duration is thus a key indicator for the diagnosis of faults; this indicator is estimated empirically by human experts today, which is time-consuming and a cumbersome task with large error margins. This paper proposes a method to automatically identify the slow-start state from actively and passively obtained bidirectional packet traces. It relies on an innovative timeless representation of the observed packets series. We implemented our method in our active and passive probes and tested it with CUBIC and BBR under different network conditions. We then picked a few real-life examples to illustrate the value of our representation for easy discrimination between typical faults and for identifying BBR among CCAs variants.
The Internet is a complex and constantly evolving system, and congestion control algorithms play a crucial role in ensuring its functioning by managing network performance. These algorithms regulate ...the flow of data within a network and optimize data transmission for efficiency and effectiveness. They do this by continuously estimating available network resources and adjusting the data transmission rate accordingly.For network operators, identifying the congestion control algorithms being used on their network is essential to gain valuable insights into network performance and device behavior. This information can help them gain a better understanding of how the network is being utilized and which algorithms are most effective in different scenarios. With a clear understanding of the congestion control algorithms in use, they can make decisions about network design, configuration, and management.Nowadays, over 85% of total Internet traffic is TCP traffic. TCP uses different congestion control algorithms, of which BBR and CUBIC represent 73% of the total TCP traffic. In this work, we present a method for automatically identifying BBR traffic on the Internet. Our method relies on analyzing packet inter-arrival times, specifically comparing the distribution of packet inter-arrival times during the Slow-Start state of a BBR capture with those of a CUBIC capture. We introduce a model that allows us to detect the silence period after packet bursts that are present in almost all non-BBR congestion control algorithms. This method is characterized by a very simple frontend signal processing that exploits the algorithms' core principles, allowing for a tiny parameter space dimension (two), which is sufficient for robust discrimination: an error rate of 4.1% was obtained on a test dataset independent from training.
The article presents the statistical analysis results of network packet inter-arrival time distribution in academic computer network. Most popular transport protocols TCP and UDP are addressed in the ...research. Data was gathered using NetFlow protocol. Network traffic was divided into sections according its direction and usage trends, then packet inter-arrival time distributions were found. Kolmogorov-Smirnov test was used to evaluate goodness-of-fit of packet inter-arrival time distributions and it was determined, that Pareto Second Kind distribution fits the majority of the experimental distributions. Index Terms--Computer networks, packet inter-arrival time distribution, statistical analysis, statistical distribution.
Wireless connection technologies provide users (Internet Protocol) IP network access without the physical hardware connection of the wired networks. One of the applications of these technologies is ...the Wireless Local Area Network (WLAN), which is based on the IEEE802.11x Wireless Fidelity (WiFi) standard and is widely deployed as a flexible extension to data network or an alternative for the wired Local Area Network (LAN). In this context, the design, control and performance analysis of future wireless networks requires the study and credible characterisation of WLAN traffic. This tutorial presents measurements and analytic studies of IP traffic in a WLAN environment. Moreover, an investigation is reported into the characterisation on protocol distribution and modelling of IP packet inter-arrival times.
Cyber criminals often use a sequence of intermediate "stepping-stone" hosts to attack a target machine in order to maintain anonymity. This type of attack of using a connection chain is called ...stepping-stone attack. Most existing algorithms to detect such attack is to use timing-based correlation on the connections. However, these timing-based approaches are vulnerable if the intruders add chaff packets to evade the detection. The stepping-stone detection rate decreases as the chaff rate increases. We developed a novel anomaly detection algorithm to detect the presence of chaff in a connection by monitoring the packet inter-arrival times. Our study shows the probability distribution of the inter-arrival time of a chaffed connection differs from that of one without chaff. Our experiments show the detection rate as a function of the chaff rate under a variety of complex circumstances. The new algorithm complements the existing correlation-based stepping-stone detection algorithms in providing a more robust solution to stepping-stone detection.
Medical device manufacturers have recently begun to incorporate wireless communication, such as ZigBee and Bluetooth operating in the unlicensed 2.4 GHz industrial, scientific, and medical (ISM) ...band, into their medical devices. Wi-Fi, however, is a major source of interference in the ISM band. With patient safety in mind, the FDA has mandated coexistence testing for wireless medical devices 1. An initial step toward supporting this mandate is to be able to accurately characterize the interfering network in a typical environment. In this paper, a software defined radio (SDR) is employed to serve as a platform for measuring channel duty cycle, packet arrival rate, node distribution, and packet inter-arrival time distribution of 802.11g networks. Theoretical and technical concerns are discussed, and tests performed to assess system integrity are described. Experimental tests examining channel characteristics of an 802.11g network are also reported.