標題: Low-Storage Capture and Loss Recovery Selective Replay of Real Flows
作者: Lin, Ying-Dar
Lin, Po-Ching
Cheng, Tsung-Huan
Chen, I-Wei
Lai, Yuan-Cheng
交大名義發表
National Chiao Tung University
公開日期: 1-Apr-2012
摘要: Capturing and replaying real flows are important for testing network security products. However, capturing real flows demands a high storage cost and runs a risk of capture loss, which makes the replay inaccurate. Replaying real flows should be accurate and stateful to adapt to the reaction of the device under test. It should also efficiently reproduce a defect and help developers identify the flows triggering defects. Therefore, this work first presents the (N, M, P) capture scheme which begins with, for each connection, capturing at most N bytes of application payload and then at most M bytes of application payload for at most each of the subsequent P packets in the same connection. This scheme reduces 87 percent of storage cost while retaining 99.74 percent of original events. This work develops a tool named SocketReplay with the mechanisms of loss recovery, stateful replay, and selective replay. Loss recovery tracks TCP sequence numbers to identify capture loss and recovers incomplete flows with dummy data. Stateful replay maintains the states in the TCP/IP stack to replay real flows. Selective replay incrementally selects flows to replay. The results show that SocketReplay can accurately and efficiently reproduce product events and significantly decrease the volume of replayed packet traces.
URI: http://hdl.handle.net/11536/16078
ISSN: 0163-6804
期刊: IEEE COMMUNICATIONS MAGAZINE
Volume: 50
Issue: 4
結束頁: 114
Appears in Collections:Articles


Files in This Item:

  1. 000302637000015.pdf