Security Basics mailing list archives
RE: Any good method to check network overload?
From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Sun, 9 Mar 2003 16:09:25 -0600
NOTHING will work. Everything I've ever read says that if you really look into network traffic and behavior, you'll find that the patterns are fractal. The best you could do is to use the counters built into the sequence of remote devices between the points you want to measure. That won't work because most of them won't make their data available to an outsider. So you're out of luck. Anything else you do is all but doomed to fail. At best, you can simulate ONE particular set of network traffic (be it ICMP or a http: connection to a host) or whatever. And all that that means is that that particular set of network traffic has a specific response. Since any and all traffic can have different QoS and handling (delays, differential routing, even different servers acting as the end-points), you simply can't tell - remotely - about anything other than what you simulate. Plus, you have the observer effect - your simulated load might be what forces a specific link to invoke a back-off procedure or to drop packets - and the affected data might not be proportionally from your simulated load. -----Burton -----Original Message----- From: swin [mailto:swin () student dlut edu cn] Sent: Saturday, March 08, 2003 12:54 AM To: security-basics () securityfocus com Subject: RE: Any good method to check network overload? You all misunderstood me! what I want isn't a tool to check network flow or just want to have it report. I'm doing a research to find a good model to judge if network is overload automaticlly,it may be a good algorithm but not a tool.no matter to use ntop or mrtg, it just give a statistic of network flow, this is not hard to achive.but my problem is how to judge network overload in real-time and offer a countermeasure ,but not a monitor tool. David give a suggestion to check time delay in pinging,but I think this is not reliable.as we known ,we can get the data in realtime just like intop can do,but with this data how can we say at certain time the network is overloaded ,what we need is a benchmark to decide if it is overloaded, but what should this benchmark be and how to get this benchmark are the problems. I don't know if I have explain it clearly,but I do holp get suggestions of it form others. Swin. Wang.
Current thread:
- RE: Any good method to check network overload?, (continued)
- RE: Any good method to check network overload? Mark Reardon (Mar 06)
- Re: Any good method to check network overload? stefmit (Mar 07)
- RE: Any good method to check network overload? Trevor Cushen (Mar 06)
- RE: Any good method to check network overload? Chris Berry (Mar 06)
- RE: Any good method to check network overload? David Gillett (Mar 07)
- RE: Any good method to check network overload? Mike Dresser (Mar 07)
- Re: Any good method to check network overload? gene yoo (Mar 07)
- Re: Any good method to check network overload? Sean Knox (Mar 07)
- Re: Any good method to check network overload? Nuzman (Mar 07)
- RE: Any good method to check network overload? David Gillett (Mar 07)
- RE: Any good method to check network overload? swin (Mar 08)
- RE: Any good method to check network overload? Burton M. Strauss III (Mar 10)
- RE: Any good method to check network overload? Chris Berry (Mar 08)
- RE: Any good method to check network overload? Trevor Cushen (Mar 11)
- Re: RE: Any good method to check network overload? Mark Reardon (Mar 11)
- RE: Any good method to check network overload? crawford charles (Mar 12)
- RE: Any good method to check network overload? JAVIER OTERO (Mar 12)
- RE: Any good method to check network overload? Mark Reardon (Mar 06)