MetroFlux : a programmable system for flow analysis

Authors

This software is currently developped by Damien ANCELIN, expert engineer.

Presentation

MetroFlux is a software based on MAPI, a Monitoring API (http://mapi.uninett.no) that makes easier the network monitoring with multiple measure points. MetroFlux can capture packets and make some analysis at packet level or flow level. MetroFlux is currently under development and it's only able to capture packets and store them in a file. Analysis are then done from these files by other tools. MetroFlux has been developped to analyse network traffic at gigabit speed. To capture packets' header (52 first bytes) at gigabit speed in the worst conditions (64 bytes packets at maximum speed), we used a GtrcNET-1 device (http://projects.gtrc.aist.go.jp/gnet/gnet1e.html) and a RAID 0 composed of 5 SAS hard disks. MetroFlux also works with standard network interface cards and DAG cards (http://www.endace.com/our-products/dag-network-monitoring-cards).

Capture at gigabit speed, the need of the GtrcNEt-1 device

The GtrcNET-1 device is used to reduce the number of interruptions generated in the server that run MetroFlux. GtrcNET-1 capture packets, associates a timestamp to each packet, extracts the first 52 bytes of each packets, and group them by 25 in UDP packets before sending it to the server.

Contact

damien(dot)ancelin(at)ens-lyon(dot)fr