RE: Any good method to check network overload?

["Trevor Cushen" <Trevor.Cushen () sysnet ie>]

I hope I am not picking you up wrong again but maybe Etterape might give
some you some help.  It is a freeware project that shows real-time
network traffic so you can look at the source code and maybe within that
find your answer.  Also look for Etherman and have a look at that.

http://etherape.sourceforge.net/


If I have it wrong again then my apologies.

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: Burton M. Strauss III [mailto:BStrauss () acm org] 
Sent: 09 March 2003 22:09
To: swin; security-basics () securityfocus com
Subject: RE: Any good method to check network overload?


NOTHING will work.  Everything I've ever read says that if you really
look into network traffic and behavior, you'll find that the patterns
are fractal.

The best you could do is to use the counters built into the sequence of
remote devices between the points you want to measure.  That won't work
because most of them won't make their data available to an outsider.  So
you're out of luck.

Anything else you do is all but doomed to fail.

At best, you can simulate ONE particular set of network traffic (be it
ICMP or a http: connection to a host) or whatever.  And all that that
means is that that particular set of network traffic has a specific
response.

Since any and all traffic can have different QoS and handling (delays,
differential routing, even different servers acting as the end-points),
you simply can't tell - remotely - about anything other than what you
simulate. Plus, you have the observer effect - your simulated load might
be what forces a specific link to invoke a back-off procedure or to drop
packets - and the affected data might not be proportionally from your
simulated load.

-----Burton



-----Original Message-----
From: swin [mailto:swin () student dlut edu cn]
Sent: Saturday, March 08, 2003 12:54 AM
To: security-basics () securityfocus com
Subject: RE: Any good method to check network overload?


   You all misunderstood me! what I want isn't a tool to check network
flow or just want to have it report.
   I'm doing a research  to find a good model to judge if network is
overload automaticlly,it may be a good algorithm but not a tool.no
matter to use ntop or mrtg, it just give a  statistic of network flow,
this is not hard to achive.but my problem is how to  judge network
overload in real-time and offer a countermeasure ,but not a monitor
tool.
   David give a suggestion to check time delay in pinging,but I think
this is not reliable.as we known ,we can get the data in realtime just
like intop can do,but with this data how can we say at certain time the
network is overloaded ,what we need is a benchmark to decide if it is
overloaded, but what should this benchmark be and how to get this
benchmark are the problems.
   I don't know if I have explain it clearly,but I do holp get
suggestions of it form others.

        Swin. Wang.


******************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

******************************************************************************