2006_ryan_twomey_network_topology.ppt
TRANSCRIPT
![Page 1: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/1.jpg)
Automated NetworkTopology Detection
Ryan Twomey ’06
Advisor: Prof. Jerry Breecher
![Page 2: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/2.jpg)
Project Goals
1. To create a system that automatically determines the network topology with minimal user intervention
2. Portable: can be used in any network environment, regardless of complexity
3. Graphical user interface that allows editing and saving in common file format
![Page 3: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/3.jpg)
Intended Uses
• Real-time monitoring for systems administrators, analysts, and managers
• Intrusion-detection/security systems
• IT asset tracking
• Improved performance routing and fault-tolerance (rerouting)
![Page 4: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/4.jpg)
Topology Detection Methods
![Page 5: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/5.jpg)
Existing Methodologies• SNMP Only
– Ask routers what their routing tables and active hosts databases are
• Ping broadcast + SNMP followup– Send pings to all possible IPs and ask routers/PC’s for
additional information
• Ping broadcast + Subnet Hopping– Send pings to all possible IPs and guess that subnets are at
early IP addresses (if found, jump to that subnet and continue)
• DNS discovery + Traceroute– Determine all hosts on network via DNS and trace routes to
each host found this way
• Ping broadcast + Traceroute– Send pings to all possible IPs and trace route to each host
![Page 6: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/6.jpg)
Comparison of Methods
Methodology Advantages Drawbacks OverallSNMP only Lots of info Not easily accessible Very poor
Ping broadcast + SNMP
Complete/lots of info
Pings dropped/not easily accessible
Poor to Average
Ping broadcast + Subnet hopping
Complete Pings dropped/subnets not setup
Poor to Average
DNS discover + traceroute
Names + routes DNS not setup/trace packets dropped
Average to Good
Ping broadcast + traceroute
Complete + routes
Ping and trace packets dropped
Good
![Page 7: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/7.jpg)
Difficulties with all Methods
• Transparent devices: can’t find everything– Switches, hubs
– Non-addressable devices
• Difficulty determining device type
• Security implications & configuration of SNMP/pings/DNS
• Potential for flooding
• Determining link types (timing unreliable)
![Page 8: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/8.jpg)
My Method
• Chose Ping broadcast + Traceroute method– Best success rates/relatively easy to implement
• Can be improved by combining methods– Add SNMP for increased info gathering
– Correlate routing tables for finding networks
• Fallback methods (if pings dropped, attempt DNS detection, etc)
![Page 9: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/9.jpg)
Ping & Traceroute Method
• For each host, see if it’s alive
• If so, attempt to trace the route to it using successively larger TTL’s
![Page 10: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/10.jpg)
Finding Hosts (Ping Step)
• Send ICMP echo packet
• Response?
– Yes: Save host to trace route
– No: Try again up to 3 times
![Page 11: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/11.jpg)
Finding Route to Host
• Send ICMP packets with TTL of 0, 1, …, 30
• Forces each router to determine packet
“expired” and sends error packet back to us
• When host is reached, route is finished
TTL = 0 TTL = 1+
![Page 12: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/12.jpg)
Enhanced Info Gathering
• SNMP– Type of device and current status
– Not available on all devices
– Security implications
• User-input– Slow & prone to becoming out of date
• NMAP– Only guesses based on TCP “fingerprinting”
![Page 13: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/13.jpg)
NMAP• Open Source, cross-platform network
scanner
• Can “fingerprint” host:– Sends UDP & TCP packets to host– Checks response bits, TCP window size, etc– 1500 OS’s in database
Watches all network trafficto and from host
![Page 14: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/14.jpg)
Netdiscover
An implementation to automatically detect network topology
![Page 15: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/15.jpg)
Netdiscover Technologies
SVG
C
Threads
AJAXJava
JavascriptServlets
JNI
CSS
Make
HTML
JAR
Jetty
RouterEthernet
Tomcat
Ant
daemon
Switch
Apache
Mutex
DOM
Adobe SVG
XML
Hub
Firewall
RSP
SNMP
NMAP
ICMP
TCP
IP
Me JSP
WAR
![Page 16: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/16.jpg)
Netdiscover Implementation
• C Library– Necessary for speed and to access raw sockets
– Easily portable (any POSIX/Socket system)
– Bindings for other languages (Java, Perl, etc)
• Java implementation using JNI & custom “glue”
• Two usage models:– Find all hosts and routes on class A/B/C/D network
– Determine if host is up & route to it (a la carte method)
![Page 17: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/17.jpg)
Java Native Interfaces
• Sun technology to access methods in other languages via Java
• Create Java “glue” code that translates custom C data structures to palatable Java classes
VM
OS
![Page 18: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/18.jpg)
The JNI Toolchain
![Page 19: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/19.jpg)
The JNI Toolchain
Glue code
Implementation
What the user sees
Includes Netdiscover library code
![Page 20: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/20.jpg)
Language Toolchain
![Page 21: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/21.jpg)
Language Toolchain
JNI
Drawing
Most recent web browsers natively
support SVG
![Page 22: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/22.jpg)
Drawing Diagrams
• Use predefined SVG graphics for network elements (servers, switches, firewalls, etc)
– Scale these elements as necessary (zooming, fitting, etc)
• Draw network segments as large “cloud”
– Connect these clouds based on routes
• User editable: can add elements and links
![Page 23: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/23.jpg)
Diagramming Algorithm
Network segments consist of routers, switches, hubs, etc
Hidden concentric circles used to align server elements
![Page 24: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/24.jpg)
Diagramming AlgorithmOnce servers have been added, can draw link lines
![Page 25: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/25.jpg)
Diagramming Algorithm
Additional concentric circles can be used if necessary
![Page 26: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/26.jpg)
LET’S SEE A DEMO!
Graphic by Dan Jurgens. All Marvel characters and the distinctive likeness(es) thereof are Trademarks & Copyright (c) 1941-2005 Marvel Characters, Inc. ALL RIGHTS RESERVED.
![Page 27: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/27.jpg)
LET’S SEE A DEMO!
Web
Graphic by Dan Jurgens. All Marvel characters and the distinctive likeness(es) thereof are Trademarks & Copyright (c) 1941-2005 Marvel Characters, Inc. ALL RIGHTS RESERVED.
![Page 28: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/28.jpg)
Linking Network Segments
![Page 29: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/29.jpg)
Next Steps
![Page 30: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/30.jpg)
Automated Video Production
• Stores network topology changes in database
• Can generate SVG animation automatically based on these changes
• String together to form video showing changes over time
![Page 31: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/31.jpg)
Mapping the Internet
• Robust diagramming technology
• Distributed client to minimize network traffic from any one source– Single reconciliation/serving point– Multiple locations test same points– Impossible to use point-to-point timing
• Regular/continuous updates
• Promote widespread usage of SVG
![Page 32: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/32.jpg)
Sources
![Page 33: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/33.jpg)
• Fairhurst, Gorry. Internet Control Messaging Protocol (ICMP). <http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/icmp.html>
• Wikipedia. OSI Model. <http://en.wikipedia.org/wiki/OSI_model>
• Haden, Rhys. ICMP (Internet Control Messaging Protocol). <http://www.rhyshaden.com/icmp.htm>
• Newmarch, Jan. Java Native Interface. <http://jan.netcomp.monash.edu.au/internetdevices/jni/lecture.html>
• Spider-Man graphic by Dan Jurgens. All Marvel characters and the distinctive likeness(es) thereof are Trademarks & Copyright (c) 1941-2005 Marvel Characters, Inc. ALL RIGHTS RESERVED. <http://en.wikipedia.org/wiki/Image:BenR_SpiderMan.jpg>
• XML.com. An Introduction to Scalable Vector Graphics. <http://www.xml.com/pub/a/2001/03/21/svg.html>
• Mozilla Foundation. SVG in Firefox 1.5. <http://developer.mozilla.org/en/docs/SVG_in_Firefox_1.5>
Sources
![Page 34: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/34.jpg)
Sources
• WWW Consortium. Scalable Vector Graphics (SVG). <http://www.w3.org/Graphics/SVG/>
• Wikipedia. AJAX (Programming). <http://en.wikipedia.org/wiki/AJAX>
• Mortbay/Consulting. Jetty Java HTTP Server. <http://jetty.mortbay.org/jetty/index.html>
• Sun Microsystems. J2EE: Java Servlet Technology. <http://java.sun.com/products/servlet/>
• Sun Microsystems. J2EE: Java Server Pages Technology. <http://java.sun.com/products/jsp/>
![Page 35: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/35.jpg)
Sources
• O’Reilly Network. SVG On the Rise. <http://www.oreillynet.com/pub/a/javascript/2002/06/06/svg_future.html>
• Cisco Systems, Inc. Simple Network Management Protocol (SNMP). <http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm>
• Wikipedia. Simple Network Management Protocol. <http://en.wikipedia.org/wiki/Simple_network_management_protocol>
• Sun Microsystems. Java Native Interface. <http://java.sun.com/j2se/1.4.2/docs/guide/jni/>
![Page 36: 2006_Ryan_Twomey_Network_Topology.ppt](https://reader036.vdocuments.mx/reader036/viewer/2022062704/5560ff7dd8b42a91388b544f/html5/thumbnails/36.jpg)
Interesting Links
• NMAP Project: http://www.insecure.org/nmap/
• Apache Jakarta/Tomcat Project: http://jakarta.apache.org/
• Adobe SVG Viewer: http://www.adobe.com/svg/
• W3C SVG Standard: http://www.w3.org/Graphics/SVG/
• AJAX: http://developer.mozilla.org/en/docs/AJAX
• Javascript Effects Library: http://script.aculo.us/
• Open Clip Art Library. http://www.openclipart.org
• Draconis Software: RSP Network Management: http://www.dracoware.com/