We have developed a means of understanding the performance of servers in a network based on a real-time analysis of passively measured network traffic. TCP and IP headers are continuously collected and processed in a streaming fashion to first reveal the application-layer structure of all client/server dialogs ongoing in the network. Next, the representation of these dialogs are further processed to extract performance data such as response times of request-response exchanges for all servers. These data are then compared against archived historical distributions for each server to detect performance anomalies. Once found, these anomalies can be reported to server administrators for investigation. Our method uncovers nontrivial performance anomalies in arbitrary servers with no instrumentation of the server nor even knowledge of the server,s function or configuration. Moreover, the entire process is completely transparent to servers and clients. We present the design of the tools used to perform this analysis, as well as a case study of the use of this method to uncover a significant performance anomaly in a UNC web portal. © Springer-Verlag Berlin Heidelberg 2009.
CITATION STYLE
Terrell, J., Jeffay, K., Smith, F. D., Gogan, J., & Keller, J. (2009). Passive, streaming inference of TCP connection structure for network server management. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5537 LNCS, pp. 42–53). https://doi.org/10.1007/978-3-642-01645-5_6
Mendeley helps you to discover research relevant for your work.