Nprobe: Network protocol analysis
|
 |
Nprobe Further Information
Architecture
Click on the picture above to show the full details of the current Nprobe
architecture.
Example usage
As an example of a use of Nprobe, we could monitor WWW traffic, which for
a wide set of networks forms the largest single constituent protocol.
Nprobe performs the following operations:
- TCP: Nprobe models the state machines at
each end of the TCP connection, determining the causality relationship
between packets to enable it to inferr RTTs, loss, and network path
performance characteristics.
- HTTP: The contents of the TCP connections are reassembled and parsed,
enabling request headers to extracted and responses "fingerprinted".
- HTML: Objects returned from the server containing HTML are parsed to
extract references to in-lined images, frames and style sheets, and
'clickable' links are identified.
- DNS: Name service requests and responses are tracked and recorded.
Post-processing can then be used to combines the data to determine
exactly what happens when a user clicks on a link. The time to
download a web page can be broken down in to its constitute
components, identifying server & browser processing delays, delays due
to data dependence between objects, delays due to protocol RTTs,
bandwidth restrictions, etc.
|
