Analysis of Internet Traffic in Educational Network

Analysis of Internet Traffic in
Educational Network
Presented by: Adib M. Monzer Habbal
InterNetWorks Research Group,
School of Computing, Universiti Utara Malaysia
1/15/2013
1
Agenda
1/15/2013
2
1. Introduction
The demand for Internet services and network resources
in Educational networks are increasing rapidly.
Specifically, the revolution of WEB2.0 has changed the way
of information exchange and distribution.
It becomes imperative to determine where network
resources are being utilized and where Internet traffic flows
for the purpose of creating a strategy that improves the
networks’ performance.
1/15/2013
3
2. Problem Statement
The never ending demand
for Internet services and
network resources in the
University campus
Lead to
Lead to
Complications in monitoring
network
performance
and
managing its activity
Especially after
high-traffic loads on network
Will create
dissatisfaction regarding
networking performance
New thoughts of exchanging
and distribution content
peer to peer applications appeared
real-time applications
This study attempts to gain an indepth understanding of the traffic
distribution in Educational network
1/15/2013
Etc.
4
3. Project Objectives
1- To analyse the
Internet traffic in
educational network
2-To identify users’
preferred web apps in
educational network
1/15/2013
5
4. Scope and Limitation
UUM Network
Staff
6000
1/15/2013
Students
Visitors
28000
Variable
number
6
Cont...
Sunday
Data collection
15th April, 2012
Monday
From 10:00 to 11:00
AM
16th April, 2012
Tuesday
17th April, 2012
Different
capturing,
analyzing
and
presentation tools working under Linux
open-source operating system were used.
Wednesday
18th April, 2012
Thursday
19th April, 2012
1/15/2013
7
5. Methodology
1- Data collection
2- Data analysis
3- Data
representation
• Port mirroring
- Tcpdump
• Filter based analyzing tool
- Wireshark
• Excel
Methodology (Jain & Hassan, 2004)
1/15/2013
8
Cont...
Network Topology:
Capture device
1/15/2013
9
Cont...
NetForce
Firewalls
Lenovo G560
Collection port
Main Router
Cisco 1750
Switch
1/15/2013
Network devices
10
Cont...
Port Mirroring (SPAN) :
Port Mirroring
1/15/2013
Port Mirroring Code
11
Cont...
Data collection Using TCPDUMP
• Using Tcpdump :
sudo tcpdump -i eth0 –C1000 -w /home/user/Desktop/CFOR/CAPTURE/1.cap
1/15/2013
Day
Date
Sunday
15/4/2012
Monday
16/4/2012
Tuesday
17/4/2012
Wednesday
18/4/2012
Thursday
19/4/2012
From To
10:00 until 11:00
AM
10:00 until 11:00
AM
10:00 until 11:00
AM
10:00 until 11:00
AM
10:00 until 11:00
AM
12
Cont...
Data analysis:
Using Wireshark to Achieve our Objectives
Filters
IP and IPV6
frame.number
frame.len
frame.time
TCP
To specify and isolate all TCP packets
UDP
To specify and isolate all UDP packets
HTTP
Other Protocols
1/15/2013
Functions
To isolate all IPV4 packets from IPV6 Packets.
To calculate packets number of each (.cap) file.
To calculate packets length.
To sort the packets according to time (second).
To specify and isolate all HTTP packets.
13
Cont...
1. Filter textbox
2. Date and time for each
packet
3. Source IP address
4. Destination IP address
5. Type of protocols
6. Refer to the domain name
1/15/2013
14
Cont...
Data representation
Excel
1/15/2013
15
6. Result and Discussion
Websites Category User’s Preferences
1/15/2013
16
Result and Discussion
Social Networking Sites
1/15/2013
17
Result and Discussion
Blogging
1/15/2013
18
Result and Discussion
E-commerce and Technical Support Websites
www.lelong.com.m www.avg.com
www.conduit.com
www.airasia.com
www.imdb.com
y
5%
7%
1%
www.groupon.my 1%
1%
www.maybank2u.c
1%
om
www.amazon.com
1%
2%
adf.ly
www.mudah.my
4%
19%
www.cimbclicks.co
m
www.lowyat.net
1%
1%
www.zedo.com
4%
www.microsoft.co
www.mozilla.org
9%
1/15/2013
www.fibox.com
3%
www.windowsupda
te.com
17%
m
13%
www.adobe.com
www.avira.com 9%
3%
19
Result and Discussion
News Websites
www.harakahdaily
www.thestar.com
www.mynewshub. .net
2%
4%
my
www.malaysiakini
6%
.com
6%
www.utusan.com.
my
12%
www.hmetro.com.
my
15%
www.themalaysian
insider.com
1%
, www.bbc.com
2%
1/15/2013
www.yahoo.com
41%
www.bharian.com.
my
4%
www.wordpress.co
m
7%
20
Result and Discussion
File Shearing Websites
41%
59%
1/15/2013
www.mediafire.com
www.4shared.com
21
Result and Discussion
Multimedia Websites
1/15/2013
22
Result and Discussion
E-mail service
1/15/2013
23
Result and Discussion
Search Engines
1% 2%
www.google.com
search.yahoo.com
www.bing.com
97%
1/15/2013
24
Result and Discussion
Informational & Services
www.harakah
daily.net
www.go.com 6%
13%
www.tumblr.
com
4%
www.cari.co
m.my
28%
www.jobstree
t.com.my
3%
www.agoda.c
om
9%
1/15/2013
www.wikiped
ia.org
37%
25
Result and Discussion
Traffic Distributions over Countries
Local & International
Canada
Germany
1%
Other
3%
Hong Kong
France
3%
1%
1%
Indonesia
0% Japan
1%
Korea
0%
13%
Malaysia
13%
China
8%
Netherlands
3%
Singapore
4%
United Kingdom
1/15/2013
0%
United States
62%
87%
Malaysia
Other countries
26
7. Conclusion
This study
contribute
1/15/2013
Future research
Network
administrators
In measuring and
analysis network
performance
To enhance
network
performance
27
1/15/2013
28
Result and Discussion
TCP vs UDP
1/15/2013
29
Result and Discussion
TCP vs UDP
1/15/2013
30
6. Result and Discussion
TCP Traffic Distribution
1/15/2013
31
6. Result and Discussion
TCP Traffic Distribution
1/15/2013
32
Result and Discussion
IPv4 vs IPv6
1/15/2013
33
Result and Discussion
Packets length
0% 0%
20%
11%
55%
4%
2%
1/15/2013
8%
40-79
80-159
160-319
320-639
640-1279
1280-2559
2560-5119
5120+
34