LOBSTER: A European Platform for Passive Network Traffic Monitoring

Demetris Antoniades; Michalis Polychronakis; Antonis Papadogiannakis; Panagiotis Trimintzios; Sven Ubik; Vladimir Smotlacha

4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities

Research Article

LOBSTER: A European Platform for Passive Network Traffic Monitoring

Download576 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.4108/tridentcom.2008.3153,
    author={Demetris Antoniades and Michalis Polychronakis and Antonis Papadogiannakis and Panagiotis Trimintzios and Sven Ubik and Vladimir Smotlacha},
    title={LOBSTER: A European Platform for Passive Network Traffic Monitoring},
    proceedings={4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks \& Communities},
    publisher={ICST},
    proceedings_a={TRIDENTCOM},
    year={2010},
    month={5},
    keywords={Netork monitoring Security Traffic classification Distributed monitoring},
    doi={10.4108/tridentcom.2008.3153}
}

Demetris Antoniades
Michalis Polychronakis
Antonis Papadogiannakis
Panagiotis Trimintzios
Sven Ubik
Vladimir Smotlacha
Year: 2010
LOBSTER: A European Platform for Passive Network Traffic Monitoring
TRIDENTCOM
ICST
DOI: 10.4108/tridentcom.2008.3153

Demetris Antoniades¹^,*, Michalis Polychronakis¹^,*, Antonis Papadogiannakis¹^,*, Panagiotis Trimintzios²^,*, Sven Ubik³^,*, Vladimir Smotlacha³^,*

1: FORTH-ICS Heraklion, Greece
2: ENISA Heraklion, Greece
3: CESNET Prague, Czech Republic

*Contact email: danton@ics.forth.gr, mikepo@ics.forth.gr, papadog@ics.forth.gr, panagiotis.trimintzios@enisa.eu, ubik@cesnet.cz, vs@cesnet.cz

Abstract

Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators.

In this paper we present a concerted European effort to improve our understanding of the Internet through the LOBSTER passive network traffic monitoring infrastructure. By capitalizing on a novel Distributed Monitoring Application Programming Interface which enables the creation of sophisticated applications on top of commodity hardware, LOBSTER empowers a large number of researchers and system administrators into reaching a better understanding of the kind of traffic that flows through their networks.

We have been running LOBSTER for more than a year now and we have deployed close to forty sensors in twelve countries in three continents. Using LOBSTER sensors

• we have captured more than 600,000 sophisticated cyberattacks which attempted to masquerade themselves using advanced polymorphic approaches

• we have monitored the traffic of entire NRENs making it possible to identify the magnitude (as well as the sources) of file-sharing (peer to peer) traffic.

Keywords: Netork monitoring Security Traffic classification Distributed monitoring

Published: 2010-05-16
Publisher: ICST
Modified: 2010-05-16

: http://dx.doi.org/10.4108/tridentcom.2008.3153