Computer Sciences Dept.

Cristian Estan

Thumbnail portrait
Interactive Traffic Analysis and Visualization with Wisconsin Netpy
Cristian Estan, Garret Magin
USENIX LISA, December 2005

Monitoring traffic on important links allows network administrators to get insights into how their networks are used or misused. Traffic analysis based on NetFlow records or packet header traces can reveal floods, aggressive worms, large (unauthorized) servers, spam relays, and many other phenomena of interest. Existing tools can plot time series of pre-defined traffic aggregates, or perform (hierarchical) ``heavy hitter'' analysis of the traffic. Wisconsin Netpy is a software package that goes beyond the capabilities of other existing tools through its support for interactive analysis and novel powerful visualization of the traffic data. Adaptive sampling of flow records ensures that the performance is good enough for interactive use, while the results of the analyses stay close to the results based on exact data. Among the salient features of the package are: hierarchical analyses of source addresses, destination addresses, or applications within aggregates identified by user-defined filters; time series plots that separate the traffic into categories specified with ACL-like syntax at run time; interactive drill-down into analyses of components of the traffic mix; ``heatmap'' visualization of traffic that describes how two ``dimensions'' of the traffic relate to each other (e.g. which sources send to which destinations, or which sources use which service, etc.).

Paper in PDF and Postscript. Presentation in PowerPoint and PDF. Visit the Netpy Homepage for the most current information on this software package.

Computer Sciences | UW Home