Computer Laboratory Home Page Search A-Z Directory Help
University of Cambridge Home Computer Laboratory
Further Information
Computer Laboratory > Research > Systems Research Group > NetOS > Nprobe > Further Information

Nprobe: Network protocol analysis

Nprobe Further Information


Click on the picture above to show the full details of the current Nprobe architecture.

Example usage

As an example of a use of Nprobe, we could monitor WWW traffic, which for a wide set of networks forms the largest single constituent protocol. Nprobe performs the following operations:

  • TCP: Nprobe models the state machines at each end of the TCP connection, determining the causality relationship between packets to enable it to inferr RTTs, loss, and network path performance characteristics.
  • HTTP: The contents of the TCP connections are reassembled and parsed, enabling request headers to extracted and responses "fingerprinted".
  • HTML: Objects returned from the server containing HTML are parsed to extract references to in-lined images, frames and style sheets, and 'clickable' links are identified.
  • DNS: Name service requests and responses are tracked and recorded.

Post-processing can then be used to combines the data to determine exactly what happens when a user clicks on a link. The time to download a web page can be broken down in to its constitute components, identifying server & browser processing delays, delays due to data dependence between objects, delays due to protocol RTTs, bandwidth restrictions, etc.