Porovnavacie testy meracej platormy MONICA
09.03.2010
Test 1-4
Testovaci scenar a priebeh experimentu
- HW: virtual machine (VirtualBox)
- OS: Ubuntu GNU/Linux 9.04 server (Jaunty)
- SW: mybeem 1.0-1, JXColl 3.1-8, Wireshark 1.2.6
http://ftp.antik.sk/releases/9.10/ubuntu-9.10-server-i386.iso Na localhoste bol sucasne spusteny mybeem 1.0-1, JXColl 3.1-8 aj Wireshark, ktory odchytaval vsetky pakety prichadzajuce/odchadzajuce zo sietovej karty. Porovnanie dat zachytenych Wiresharkom a dat v bm databaze.
Zaver experimentu
Kvoli znamemu bugu vo wiresharku,http://wiki.wireshark.org/KnownBugs/OutOfMemory nebolo mozne uspesne dokoncit experiment. Wireshark stale tesne pred ukoncenim stahovania spadol, kvoli nedostatku pamate (proces wireshark zaberal cca 1200MB RAM), hoci operacna pamat nebola na 100% vyuzita. Test bol opakovany 4x, ani raz nebol uspesny.
12.03.2010
Test 5
Testovaci scenar
- HW: virtual machine (VirtualBox)
- OS: Ubuntu GNU/Linux 9.04 server (Jaunty)
- SW: mybeem 1.0-1, JXColl 3.1-8, Wireshark 1.2.6
http://wiki.wireshark.org/Performance sa neodporuca analyzovat subory vacsie ako 100 MB, pretoze sa Wireshark stava pomalym pri loadovani suboru a filtrovani).
Stiahnutie iso suboru OS Debian live 504 - i386 standard [134 MB] z http://ftp.antik.sk. http://ftp.antik.sk/debian-cd/current-live/i386/iso-cd/debian-live-504-i386-standard.iso Na localhoste bol sucasne spusteny mybeem 1.0-1, JXColl 3.1-8 aj dumpcap, ktory odchytaval vsetky pakety prichadzajuce/odchadzajuce zo sietovej karty. Dumpcap je konzolova aplikacia na odchytavanie paketov, ktora je castou wireshark distribucie. Porovnanie dat zachytenych Wiresharkom a dat v bm databaze.
Priebeh experimentu
- interface: eth10
- local IP address: 10.0.2.15
- foreign IP address: 88.212.10.12 (ftp.antik.sk)
- # zaznamov v databaze: 1229 - 1281
- rid: 1427 - 1479
- subor: debian-live-504-i386-standard.iso [140 204 032 B]
- dumpcap: dumpcap -i eth10 -w ~/Documents/test5.pcap
- mybeem:
- flow cache free: 2048
- packet cache free: 2097152
- expired cache size: 0
- number of captured packets: 148 232
- dumpcap:
- Packets: 148 108
- Packets dropped: 166
- JXColl:
- logovaci subor: log-2010-03-12-22-30-37.log
- databaza:
- sourceipv4address: 10.0.2.15
- destinationipv4address: 88.212.10.12
- sourcetransportport: 46 533
- destinationtransportport: 53 v pripade DNS, 80 v pripade http
- protocolidentifier: 17 v pripade DNS, 6 v pripade http
- packetTotalCount: 148 232 (z toho 148 230 bolo spojenie medzi localhostom a FTP a 2 boli DNS query a response)
- octetTotalCount: 146 133 730 B + 134 B (DNS) = 146 133 865 B
- 53 flowov
Analyza suboru test5.pcap
- analyza suboru test5.pcap pomocou capinfos (sucast Wireshark, konzolova aplikacia):
- PDU count: 148 108
- PDU total length: 148 011 012 B
- average PDU data rate [B/s]: 287 850.32 B/s
- average PDU data rate [b/s]: 2 302 802.56b/s
- average PDU size [B]: 999.35 B
- analyza suboru test5.pcap pomocou Wireshark
- PDU count: 148 108
- ipv4 conversations:
- 10.0.2.15 -> 88.212.10.12: 47 660 packets, 2 573 828 B
- 88.212.10.12 -> 10.0.2.15: 100 404 packets, 145 434 880 B
- total: 148 064 packets => 148 108 - 148 064 = 44 ostatnych (2x DNS, 42x ARP (21x request, 21x reply))
- analyza mnozstva prijatych dat
- wireshark: 148 011 012 (PDU total length) - 148 066 (packets count) x 14 (velkost frame header + trailer) - 21 (ARPs count) x 102 (ARP request + reply length) = 145 935 946 B
- mybeem: octetTotalCount = 146 133 730 + 134 (DNS) = 146 133 864 B
- total: rozdiel je 197 918 B, co tvori s najvacsou pravdepodobnostou 166 dropnutych PDU.
Zaver experimentu
Cisla portov, protokolov a IP boli rovnake v databaze aj v test5.pcap. Jedine mybeem nerozlisuje smer up a down (co uz reportoval Eqo), teda cela komunikacia medzi localhostom a ftp bola v databaze v smere localhost -> ftp. wireshark zachytava vsetky PDU (teda aj L2 ARP) a jeho PDU total length je sucet velkosti vsetkych framov resp. "bytes on wire", zatial co mybeem zachytava iba pakety a octettotalcount je sucet velkosti vsetkych paketov (bez frame header a trailer). Dumpcap zachytil 148 108 PDU + 166 drop = 148 274 vsetkych PDU, mybeem zachytil 148 232 paketov => rozdiel je 42, co su prave ARP request a reply, ktore mybeem neodchytava, teda pocet sedi. Z toho vyplyva ze mybeem odchytil vsetky pakety. Co sa tyka suctu velkosti paketov, rozdiel je 197 918 B, co tvori s najvacsou pravdepodobnostou 166 dropnutych PDU.22.03.2010
Test 6
Testovaci scenar
rovnaky ako v experimente 12.03.2010Priebeh experimentu
- interface: eth10
- local IP address: 10.0.2.15
- foreign IP address: 88.212.10.12 (ftp.antik.sk)
- # zaznamov v databaze: 1349 - 1401
- rid: 1547 - 1599
- subor: debian-live-504-i386-standard.iso [140 204 032 B]
- dumpcap: dumpcap -i eth10 -w ~/Documents/test6.pcap
- mybeem:
- flow cache free: 2048
- packet cache free: 2097152
- expired cache size: 0
- number of captured packets: 147 610
- dumpcap:
- Packets: 147 632
- Packets dropped: 12
- JXColl:
- logovaci subor: ?
- databaza: ?
Zaver experimentu
Hlbsia analyza nebola spravena, pretoze cielom bolo porovnat mnozstvo prijatych dat, co nie je mozne ak dumpcap dropne 12 paketov.Test 7
Testovaci scenar
rovnaky ako v experimente 12.03.2010Priebeh experimentu
- # zaznamov v databaze: 1402 - ?
- rid: 1600 - ?
- dumpcap: dumpcap -i eth10 -w ~/Documents/test7.pcap
Zaver experimentu
TODO: dokoncit test 723.03.2010
Test 8-10
Testovaci scenar
- HW: desktop PC,
- OS: Ubuntu GNU/Linux 9.04 server (Jaunty)
Priebeh experimentu
- dumpcap:
- dumpcap -i eth0 -w ~/Documents/test[8,9,10].pcap
- Packets: 156 734, 156 133, 155 696
- Packets dropped: 7, 2, 161
Zaver experimentu
Hlbsia analyza nebola spravena, pretoze cielom bolo porovnat mnozstvo prijatych dat, co nie je mozne ak dumpcap dropne pakety.Test 11
Testovaci scenar
- HW: desktop PC,
- OS: Ubuntu GNU/Linux 9.04 server (Jaunty)
Priebeh experimentu
- tcpdump:
- tcpdump -i eth0 -w ~/Documents/test11.pcap
- Packets: 156 089
- Packets dropped: 0
Zaver experimentu
Hlbsiu analyzu poctu prenesenych bytov nebolo mozne vykonat, pretoze mybeem neexportoval octetTotalCount.Test 12
Testovaci scenar
- HW: desktop PC,
- OS: Ubuntu GNU/Linux 9.04 server (Jaunty)
Priebeh experimentu
- interface: eth0
- local IP address: 192.168.1.44
- foreign IP address: 88.212.10.12 (ftp.antik.sk)
- # zaznamov v databaze: 495 - 507
- rid: 495 - 507
- subor: debian-live-504-i386-standard.iso [140 204 032 B]
- tcpdump: tcpdump -i eth0 -w ~/Documents/test12.pcap
- mybeem:
- flow cache free: 2048
- packet cache free: 1048576
- expired cache size: 0
- number of captured packets: 158 511
- tcpdump:
- Packets: 158 517
- Packets dropped: 0
- JXColl:
- logovaci subor: log-2010-03-23-12-51-15.log
- databaza:
- sourceipv4address: 192.168.1.44
- destinationipv4address: 88.212.10.12 (85.248.241.2 v pripade DNS)
- sourcetransportport: 36 383 (36047 v pripade DNS)
- destinationtransportport: 80 v pripade http, 53 v pripade DNS
- protocolidentifier: 6 v pripade http, 17 v pripade DNS
- packetTotalCount: 158 511 (z toho 158 509 bolo spojenie medzi localhostom a FTP a 2 boli DNS query a response)
- octetTotalCount: 148 712 022 B + 261 B (DNS) = 148 712 283 B
- 13 flowov
Analyza suboru test12.pcap
- analyza suboru test12.pcap pomocou capinfos (sucast Wireshark, konzolova aplikacia):
- PDU count: 158 517
- PDU total length: 150 931 743 B
- average PDU data rate [B/s]: 1 355 116.59 B/s
- average PDU data rate [b/s]: 10 840 932.71 b/s
- average PDU size [B]: 952.15 B
- analyza suboru test12.pcap pomocou Wireshark
- PDU count: 158 517
- average PDU/sec: 1 423.220
- average PDU data rate [MBit/s]: 10.841 MBit/s
- ipv4 conversations:
- 196.168.1.44 -> 88.212.10.12: 61 130 packets, 4 283 948 B
- 88.212.10.12 -> 192.168.1.44: 97 379 packets, 146 647 200 B
- total: 158 509 packets => 158 517 - 158 509 = 8 ostatnych (2x DNS, 6x ARP (3x request, 3x reply))
- analyza mnozstva prijatych dat
- wireshark: 150 931 743 (PDU total length) - 158 511 (packets count) x 14 (velkost frame header + trailer) - 3 (ARPs count) x 102 (ARP request + reply length) = 148 712 283 B
- mybeem: octetTotalCount = 148 712 283 B
Zaver experimentu
Cisla portov, protokolov a IP boli rovnake v databaze aj v test12.pcap. Jedine mybeem nerozlisuje smer up a down (co uz reportoval Eqo), teda cela komunikacia medzi localhostom a ftp bola v databaze v smere localhost -> ftp. wireshark zachytava vsetky PDU (teda aj L2 ARP) a jeho PDU total length je sucet velkosti vsetkych framov resp. "bytes on wire", zatial co mybeem zachytava iba pakety a octettotalcount je sucet velkosti vsetkych paketov (bez frame header a trailer). Tcpdump zachytil 158 517 PDU, mybeem zachytil 158 511 paketov => rozdiel je 6, co su prave ARP request a reply, ktore mybeem neodchytava, teda pocet sedi. Z toho vyplyva ze mybeem odchytil vsetky pakety. Co sa tyka suctu velkosti paketov, mybeem aj wireshark odchytili rovnaky pocet bytov pocas komunikacie. screenshoty:- test12(obr1):
- test12(obr2):
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 png |
23-03-2010-3.png | manage | 275.8 K | 24 Mar 2010 - 02:06 | UnknownUser | test12(obr1) |
| png |
23-03-2010-4.png | manage | 202.0 K | 24 Mar 2010 - 02:07 | UnknownUser | test12(obr2) |
 pcap |
test12.pcap | manage | 15207.7 K | 24 Mar 2010 - 12:50 | UnknownUser | test 12 |
Topic revision: r5 - 13 May 2010 - 01:02:46 - RastislavKudla
Sandbox Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
DocumentCisco
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback