The Analyzer Project at Politecnico di Torino - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

The Analyzer Project at Politecnico di Torino

Description:

Some of the tools needed by a network administrator. Demarc. Nagios. Ethereal. Ettercap ... proto name='Ethernet' fields fixed name='dst' size='byte' vector='6' ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 14
Provided by: piergi6
Category:

less

Transcript and Presenter's Notes

Title: The Analyzer Project at Politecnico di Torino


1
The Analyzer Projectat Politecnico di Torino
  • Another network analysis tool?
  • Fulvio Risso (fulvio.risso_at_polito.it)

2
The project
  • Started in 1995 as a DOS sniffer
  • Moved to Windows in 1998
  • Versions 2.x
  • Re-written from scratch beginning in Jan 2002
  • Still an alpha
  • No longer a simple sniffer
  • License BSD-like

3
Objectives
  • Potentially cross-platform (although only the
    Win32 version exists right now)
  • Simple to use and to install
  • Suitable for small-size networks (not the best
    choice for ISP, NRENs, etc)
  • Includes several modules that implement the most
    important features needed by a network
    administrator
  • Each module looks like a limited version of some
    specialized tools available on the Internet

Easy to use!
4
KISS (Keep It Simple, Stupid)
Some of the tools needed by a network
administrator
Traffic monitoring
Host and services monitoring
Traffic sniffing
LAN monitoring
SNMP manager
ntop
Demarc
Ethereal
Ettercap
OpenView
Nagios
mping
5
What it does Network Sniffer (1)
6
What it does Network Sniffer (2)
  • NetPDL language for describing protocol headers
  • Simple and (rather) intuitive
  • Allows you to add / modify protocol definitions
    withouth recompiling the application

ltproto name"Ethernet"gt ltfieldsgt ltfixed
name"dst" size"byte" vector"6"/gt ltfixed
name"src" size"byte" vector"6"/gt ltfixed
name"type-length" size"short"/gt lt/fieldsgt  
ltnextprotogt ltswitch fieldref"type-length"gt
ltcase value"2048" protoref"IP"/gt
ltcase value"2054" protoref"ARP"/gt
lt/switchgt lt/nextprotogt lt/protogt
7
What it does End-to-end Monitor
8
What it does Events Logger
9
What it does LAN Node Discovery
10
What it does Remote Capture (1)
Supported in - Capture - LAN Node Discovery
11
What it does Remote Capture (2)
  • Most of the code is inside WinPcap
  • It works on Linux and BSD as well
  • Supports
  • IPv4/IPv6 data transfer
  • TCP/UDP transport
  • Sampling (although rather primitive)
  • Active Mode
  • For getting data from sources behind NATs /FWs

Probe
Analyzer
Starts capture
Private Network
12
What it does Experimental stuff
  • Flow collector
  • Netflow-like
  • Fields to be dumped for each sessions
    customizable
  • Data Mining Analysis
  • Processes data stored by the flow collector and
    prints the most important results
  • Effective to see if the standard behaviour of
    the network changed over time
  • It includes a compare against feature

13
Status of the project
  • Currently 3.0 alpha 8
  • Mainly bug fixing
  • What we would like to do next
  • Better web export (e.g. E2E Monitoring, Events
    Logger)
  • E.g. embedded web server
  • Monitoring of application-level services
  • HTTP, SNMP, DNS, FTP, Telnet, SSH
  • Downloadable from
  • http//analyzer.polito.it/30alpha/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Analyzer Project at Politecnico di Torino" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!