netraf
A Network Analyzer and Traffic Logger.


netraf Project Introduction


About

    netraf is a programming project being in realization at Institute of Computer Science at Wroc³aw University (in Poland) as our License Work. Project's main target is to develop application helping in some aspects of Network Load Profiling.


Background

    Wait a minute... There are many applications like that - so why write another? For a simple reason - I couldn't find one which solves following problems:

  • Let's say we need to know how much data (GB, MB, kB... whatever) are passing particular network interface on our machine monthly. How to do it? We can read that information exported from kernel (/proc/net/dev) via ifconfig, but linux is storing it in two integer (32 bit) variables (one for RX, one for TX), so after transmitting about 4GB of data via device, this counters will overflow - their contents are useless for us. Of course we have packet counters per device, but every packet has different size... Beside this; what happens when for some reason (e.g. no power for a while) machine needs to be restarted?
        Second way is to run IPTraf or similar program as a daemon (or in a screen session), and then use one from the bunch of log-analisys script to gather information we need. But this solution (beside it's inelegant nature) has some disadvantages:

    • you can't run any log-analyzing script while logging application is working - log files are empty (at least those with statistics - like that from IPTraf's LAN Station Monitor), so you have to break logging, make analyze, and start logging again - very bad,

    • if you're doing something like: tcpdump -i eth0 -n -vvv > ./somelog.txt & - yes, contents of logfile are accessible immediately, but wait a week and check that file size...,

    • as mentioned above this solution is also not immune to sudden, random machine restarts,

  • The same problems we can met if we want to generate monthly (quarterly, yearly...) statistics for certain (or all) machines in a LAN (of course we're talking about gathering statistics on some router/firewall/NAT machine etc...).

Beside of everything; you can of course find some way to survey certain network parameters via log-inspecting scripts - I'm not claiming that it's impossible, but it would be extremely hard to automate.


Challenge

    Assume hypothetical situation:
We are spreading internet connection to several users but have some transfer limit. We want to be fair to every user, and we want that everyone have equal chances to enjoy internet resources. But users - like users; one of them only receiving/sending emails, using chats, reading web-pages etc..., while others are using P2P networks, listening to internet radios, downloading huge ISOs etc.
We must find method to measure every user transfer and restrict him for example only to ICMP echo request/answers in case he exceed his limit (e.g. user_lmit = global_limit / number_of_users). Of course we're not talking about buying an dedicated, expensive hardware solution for this.


Solution

    Of course - netraf!! We can assign rule to each machine's MAC address which defines maximal transfer per some period and define action what to do when rule's limit is exceeded (it could be for example script running tc or iptables with appropriate arguments).


Vision

    Thus, we could go further; using netraf an administrator can notice that while some users exceeds theirs transfer limits, others don't. With an eye to possibly best and efficient connection usage he can gradually increase transfer limits for first group of users and proportionally decrease for second.


M.S.

back to main page


Copyright © 2005, M.K., T.J., M.S.
netraf is Open Source software, distributed under the terms of the New BSD License.
waldson.com activity involved