4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities

Research Article

LOBSTER: A European Platform for Passive Network Traffic Monitoring

Download254 downloads
  • @INPROCEEDINGS{10.4108/tridentcom.2008.3153,
        author={Demetris Antoniades and Michalis Polychronakis and Antonis Papadogiannakis and Panagiotis Trimintzios and Sven Ubik and Vladimir Smotlacha},
        title={LOBSTER: A European Platform for Passive Network Traffic Monitoring},
        proceedings={4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks \& Communities},
        publisher={ICST},
        proceedings_a={TRIDENTCOM},
        year={2010},
        month={5},
        keywords={Netork monitoring Security Traffic classification Distributed monitoring},
        doi={10.4108/tridentcom.2008.3153}
    }
    
  • Demetris Antoniades
    Michalis Polychronakis
    Antonis Papadogiannakis
    Panagiotis Trimintzios
    Sven Ubik
    Vladimir Smotlacha
    Year: 2010
    LOBSTER: A European Platform for Passive Network Traffic Monitoring
    TRIDENTCOM
    ICST
    DOI: 10.4108/tridentcom.2008.3153
Demetris Antoniades1,*, Michalis Polychronakis1,*, Antonis Papadogiannakis1,*, Panagiotis Trimintzios2,*, Sven Ubik3,*, Vladimir Smotlacha3,*
  • 1: FORTH-ICS Heraklion, Greece
  • 2: ENISA Heraklion, Greece
  • 3: CESNET Prague, Czech Republic
*Contact email: danton@ics.forth.gr, mikepo@ics.forth.gr, papadog@ics.forth.gr, panagiotis.trimintzios@enisa.eu, ubik@cesnet.cz, vs@cesnet.cz

Abstract

Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators.

In this paper we present a concerted European effort to improve our understanding of the Internet through the LOBSTER passive network traffic monitoring infrastructure. By capitalizing on a novel Distributed Monitoring Application Programming Interface which enables the creation of sophisticated applications on top of commodity hardware, LOBSTER empowers a large number of researchers and system administrators into reaching a better understanding of the kind of traffic that flows through their networks.

We have been running LOBSTER for more than a year now and we have deployed close to forty sensors in twelve countries in three continents. Using LOBSTER sensors

• we have captured more than 600,000 sophisticated cyberattacks which attempted to masquerade themselves using advanced polymorphic approaches

• we have monitored the traffic of entire NRENs making it possible to identify the magnitude (as well as the sources) of file-sharing (peer to peer) traffic.