{"title":"High-Speed Analysis of SMB2 File Sharing Traffic without TCP Stream Reconstruction","authors":"Eduardo Berrueta, D. Morató, E. Magaña, M. Izal","doi":"10.1109/IWMN.2019.8805033","DOIUrl":null,"url":null,"abstract":"This paper presents a file sharing traffic analysis methodology for Server Message Block (SMB), a common protocol in the corporate environment. The design is focused on improving the traffic analysis rate that can be obtained per CPU core in the analysis machine. SMB is most commonly transported over Transmission Control Protocol (TCP) and therefore its analysis requires TCP stream reconstruction. We evaluate a traffic analysis design which does not require stream reconstruction. We compare the results obtained to a reference full reconstruction analysis, both in accuracy of the measurements and maximum rate per CPU core. We achieve an increment of 30% in the traffic processing rate, at the expense of a small loss in accuracy computing the probability distribution function for the protocol response times.","PeriodicalId":272577,"journal":{"name":"2019 IEEE International Symposium on Measurements & Networking (M&N)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Symposium on Measurements & Networking (M&N)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWMN.2019.8805033","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
This paper presents a file sharing traffic analysis methodology for Server Message Block (SMB), a common protocol in the corporate environment. The design is focused on improving the traffic analysis rate that can be obtained per CPU core in the analysis machine. SMB is most commonly transported over Transmission Control Protocol (TCP) and therefore its analysis requires TCP stream reconstruction. We evaluate a traffic analysis design which does not require stream reconstruction. We compare the results obtained to a reference full reconstruction analysis, both in accuracy of the measurements and maximum rate per CPU core. We achieve an increment of 30% in the traffic processing rate, at the expense of a small loss in accuracy computing the probability distribution function for the protocol response times.
针对企业环境中的通用协议SMB,提出了一种文件共享流量分析方法。本设计的重点是提高分析机中每个CPU核心可获得的流量分析率。SMB通常通过TCP (Transmission Control Protocol)传输,因此对其进行分析需要TCP流重构。我们评估一个流量分析设计,它不需要流重建。我们将获得的结果与参考完整重建分析进行比较,包括测量的准确性和每个CPU核心的最大速率。我们在流量处理速率上实现了30%的增量,代价是在计算协议响应时间概率分布函数的精度上有很小的损失。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
