Evaluation of packet capturing systems for passive monitoring

University essay from Högskolan i Halmstad/Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE); Högskolan i Halmstad/Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE)

Author: Asta Mickevičiūtė; Hasan Khan; [2013]

Keywords: ;

Abstract: Computer Network monitoring is a part of network managements. There are active and passive monitoring techniques. Evaluation and comparison of both techniques have been done in previous works. Only one previous work was focusing on passive monitoring such as TAP and Port mirroring, specifically on Port-mirroring technique. This motivated us to repeat the experiment, which was primary done by J. Zhiang and A. Moore, and evaluate existing passive monitoring techniques TAP and Port- mirroring in more detail. We have done a qualitative experiment in the laboratory and we noted that Port-mirror used a significant amount of the Central Processor Unit (CPU) during the process. White papers introduced Port-mirroring as a passive network monitoring method without affecting the performance, but our results showed it does have an effect. Also, can confirm, that Port-mirroring was reordering packets, had process delay and in case of congestion it dropped packets. TAP operated without packet loss. The packets sequence does not change, so saves operating time and is fully passive. Captured packets contain such information as the source address, destination address, and different protocols information. It was also possible to get the information about connected resources. 

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)