• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.2900-2910
• /
• 1999

Since its introduction in the early 1990s, the quick growth of the world Wide Web (WWW) traffic raises the question whether past LAN packet traces still reflect the current situation or whether they have become obsolete. For this study, several LAN packet traces were obtained by monitoring the LAN of a typical academic environment. The tools for monitoring the network were a stand-alone HP LAN Protocol Analyzer as well as the free-ware software tool tcpdump. Our main focus was placed on acquiring a low-level overview of the LAN traffic. Thus, we could determine what protocols were mainly used and how the packet sizes were distributed. In particular, we were interested in establishing the amount of WWW traffic on the LAN, and what MIME-Types this traffic is subdivided into. Our results indicate that in a typical academic environment such as ours, conventional sources of LAN traffic such as NFS are still predominant, whereas WWW traffic plays a rather marginal role. Furthermore, we verified that a large portion of the network packets contains little or no data at all, while another significant portion of the packets has sizes around the MTU. Consequently, research in the networking field has to direct its focus on issues beyond the WWW.

• Journal of Korea Multimedia Society
• /
• v.18 no.1
• /
• pp.35-41
• /
• 2015

SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.

• Journal of the Institute of Electronics Engineers of Korea SC
• /
• v.43 no.1 s.307
• /
• pp.7-12
• /
• 2006

In this paper we proposed a real-time remote monitoring system for interoperability between local area and wide area for wireless data communication. In local area, we used a miniaturized low-power wireless module and in wide area used CDMA Cellular System's Packet Data Service. The measurement results can be spread via Internet access in real-time

• Journal of Advanced Navigation Technology
• /
• v.14 no.3
• /
• pp.358-366
• /
• 2010

In the wireless network the congestion and delay occurs mainly when there are too many packets for the network to process or the sender transmits more packets than the receiver can accept. The congestion and delay is the reason of packet loss which degrades the performance of multimedia streaming. This paper proposes a novel transmission rate monitoring-based optimization mechanism to optimize packet loss and to improve QoS. The proposed scheme is based on the trade-off relationship between transmission rate monitoring and overhead monitoring. For this purpose this paper processes a source rate control-based optimization which optimizes congestion and delay. Performance evaluated RED, TFRC, and the proposed mechanism. The simulation results show that the proposed mechanism is more efficient than REC(Random Early Detection) mechanism and TFRC(TCP-friendly Rate Control) mechanism in packet loss rate, throughput rate, and average response rate.

• Journal of the Korean Institute of Telematics and Electronics
• /
• v.22 no.6
• /
• pp.103-113
• /
• 1985

This is the first part of the four-part paper describing the development of a packet-switched computer network named the KORNET In this paper, we present the overview of the KORNET, and discuss various aspects on the development of the netwo management center (NMC). The NMC acts as a nerve center of the network, performing such functions as network monitoring, subscriber and network management and routing manage-ment using operator dialogues. In the implementation of the NMC, we have developed various application softwares that include operator interface, primary/srcondary pan, session layer and packet level adaptor. As for packet, link and physical level protocols, we have modified the XODIAC X.25 originally developed by Data General, Inc. All the net-work protocols we have developed comply completely with the CCITT recommendations.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1012-1015
• /
• 2008

The packet capturing becomes a bottleneck in the network intrusion detection and monitoring system as the network performance developing. Many approaches, zero copy, interrupt coalescing and NAPI which attempt to improve packet capturing performance of Linux, are inefficient. PF_RING is a new type of network socket that dramatically improves the packet capture speed, but not perfect. This paper proposes some solutions which can improve the memory utilization and save some data copy time based on the commodity network adapters rather than on the commercial network adapters.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.6
• /
• pp.484-498
• /
• 2004

In this paper. we propose a novel performance monitoring scheme for heterogeneous SOAP nodes. The scheme is basically based on two-level (kernel-level and user-level) packet filtering of TCP flows. By TCP flow, we mean a sequence of raw packet streams on a TCP transaction. In this scheme, we detect and extract SOAP operations embedded in SOAP messages from TCP flows. Therefore, it becomes possible to monitor heterogeneous SOAP nodes deployed on diverse SOAP-based middlewares such as .Net and Apache AXIS. We present two implementation mechanisms for the proposed scheme. The first mechanism tries to identify SOAP operations by analyzing all fragmented SOAP messages on TCP flows. However, a naive policy would incur untolerable overhead since it needs to copy all packets from kernel to user space. The second mechanism overcomes this problem by selectively copying packets from kernel to user space. For selective copying, we use a kernel-level packet filtering method that makes use of some representative TCP flags.(e.g. SIN, FIN and PSH). In this mechanism, we can detect SOAP operations only from the last fragment of SOAP messages in most cases. Finally, we implement a SOAP monitoring system using a component ca]led SOAP Sniffer that realizes our proposed scheme, and show experimental results. We strongly believe that our system will play a vital role as a tool for various services such as transaction monitoring and load balancing among heterogeneous SOAP nodes.

• ETRI Journal
• /
• v.28 no.4
• /
• pp.537-540
• /
• 2006

When multiple ZigBee wireless personal area networks (WPANs) are in close proximity to each other, contentions and collisions in transmissions will lead to increased packet delays. However, there is no existing study on how delay performance would be affected in a crowded real-life environment where each person walking down a busy street would be wearing a ZigBee WPAN. This letter studies the use of ZigBee WPANs in such a real-life environment for real-time heart beat monitoring. To be pragmatic, we derived a mobility pattern from the analysis of a real-life video trace. Then, we estimated the delay performance from the video trace by combining data collected from ZigBee experiments. The results show that the 300 ms packet delay requirement will not be met for only 11% of the time. When failure occurs, it will last for an average duration of 1.4 s.

• Structural Engineering and Mechanics
• /
• v.76 no.5
• /
• pp.591-598
• /
• 2020

Ultrasonic waves provide a non-destructive and sensitive way to monitor the concrete hydration. However, limited works are reported to monitor the evolution of the mechanical parameter at early ages. In this study, modified piezoelectric aggregates are embedded inside a concrete beam to excite and receive primary waves. A hydration index, namely, the variation of ultrasonic waveform (VUW) is developed to characterize the variation of the transmitted waves during the hydration process. The recorded hydration indices are compared with the compressive strength measured by destructive test at different ages. The results show that the VUW is closer to the compressive strength than the other two traditional hydration indices, ultrasonic velocity and wave packet energy. The proposed VUW provides a simple and accurate way to monitor the concrete hydration at early ages.

• Smart Structures and Systems
• /
• v.5 no.2
• /
• pp.119-137
• /
• 2009

Smart sensors densely distributed over structures can use their computational and wireless communication capabilities to provide rich information for structural health monitoring (SHM). Though smart sensor technology has seen substantial advances during recent years, implementation of smart sensors on full-scale structures has been limited. Hardware resources available on smart sensors restrict data acquisition capabilities; intrinsic to these wireless systems are packet loss, data synchronization errors, and relatively slow communication speeds. This paper addresses these issues under the hardware limitation by developing corresponding middleware services. The reliable communication service requires only a few acknowledgement packets to compensate for packet loss. The synchronized sensing service employs a resampling approach leaving the need for strict control of sensing timing. The data aggregation service makes use of application specific knowledge and distributed computing to suppress data transfer requirements. These middleware services are implemented on the Imote2 smart sensor platform, and their efficacy demonstrated experimentally.