Evaluation of packet capturing systems for passive monitoring

Computer Network monitoring is a part of network managements. There are active and passive monitoring techniques. Evaluation and comparison of both techniques have been done in previous works. Only one previous work was focusing on passive monitoring such as TAP and Port mirroring, specifically on P...

Full description

Bibliographic Details
Main Authors: Mickevičiūtė, Asta, khan, Hasan
Format: Others
Language:English
Published: Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE) 2013
Subjects:
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-23451
Description
Summary:Computer Network monitoring is a part of network managements. There are active and passive monitoring techniques. Evaluation and comparison of both techniques have been done in previous works. Only one previous work was focusing on passive monitoring such as TAP and Port mirroring, specifically on Port-mirroring technique. This motivated us to repeat the experiment, which was primary done by J. Zhiang and A. Moore, and evaluate existing passive monitoring techniques TAP and Port- mirroring in more detail. We have done a qualitative experiment in the laboratory and we noted that Port-mirror used a significant amount of the Central Processor Unit (CPU) during the process. White papers introduced Port-mirroring as a passive network monitoring method without affecting the performance, but our results showed it does have an effect. Also, can confirm, that Port-mirroring was reordering packets, had process delay and in case of congestion it dropped packets. TAP operated without packet loss. The packets sequence does not change, so saves operating time and is fully passive. Captured packets contain such information as the source address, destination address, and different protocols information. It was also possible to get the information about connected resources.