Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Evaluating NAVL

No description
by

Paul Ellis

on 21 January 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Evaluating NAVL

Evaluating NAVL Application Coverage # export LD_LIBRARY_PATH=.
# ./capreader -c capX.pcap Downloading and installing the NAVL evaluation package Fully functional NAVL version with test tools NAVL Evaluation Steps Download and unpack the fully functional copy of NAVL Evaluating NAVL Performance #./threadtest -t 1 -T 8 -f ab_100cc_port80.pcap_tt-files.txt
Running 1 threads: done in 2.51 seconds
Running 2 threads: done in 2.81 seconds
Running 3 threads: done in 2.83 seconds
Running 4 threads: done in 2.83 seconds
Running 5 threads: done in 2.85 seconds
Running 6 threads: done in 2.79 seconds
Running 7 threads: done in 3.12 seconds
Running 8 threads: done in 3.11 seconds Evaluating NAVL Accuracy Integrating NAVL https://vineyardnetworks.zendesk.com/attachments/token/disqva5vfj12d0s/?name=NAVL+3.0+API+Guide_rev7-3.0.1.pdf Network Application Visibility Library Evaluating NAVL root@ubuntu1104:~/temp# tar zxf navl_3.0.1.21-20130111_linux_amd64.tar.gz
root@ubuntu1104:~/temp# cd navl_3.0.1.21-20130111_linux_amd64/capreader/
root@ubuntu1104:~/temp/navl_3.0.1.21-20130111_linux_amd64/capreader# make
cc capreader.c navl_externals_posix.c -Wall -ggdb -O0 -I. -I/usr/local/include -L. -L/usr/local/lib -lpthread -lpcap -lnavl -ldl -lpcap -lm -o capreader
Unpack the tarball and build the test tools Build and run the test tools from the source files provided
Coverage - capreader
Performance - threadtest
Accuracy - qclassify #iptables -A FORWARD -i eth0 -o eth1 -m mark --mark 192/4095 -j DROP
#iptables -A FORWARD -i eth1 -o eth0 -m mark --mark 192/4095 -j DROP ./qclassify -r -q 10 -p ./plugins -g navl_3.0.0.32-20120720_metadata.csv & GUID String Mapped Default
---------------------------------------
......
EXCHANGE 190 395
EXTRTORR 191 610
FACEBOOK 192 395
FACETIME 193 227
FARMVILE 194 704
...... root@ubuntu1104:~/navl_3.0.1.21-20130111_linux_amd64/capreader# ./capreader -c capX.pcap

AppProto Packets Bytes
--------------------------------
APPLE 11368 7056024
ITUNES 553 351126
APNS 73 17638
APPLEUPD 620 623857
AVG 193 133322
MCAFEE 58 26587
MSBITS 805 784766
BITTORRE 4871 930360
CIFS 744 102750
CTRXIMA 2003 124186
CTRXONLN 121 37936
DHCP 227 79068
DNS 32703 4478033
DROPBOX 394 161749
EDONKEY 14 1615
EPMAP 396 25756
FACEBOOK 42698 38420967
FBOOKAPP 808 732306
RSS 80 57056
FLIXSTER 107 39065
FTP 176 54009
GNUTELLA 744 489157
GOOGLE 31010 14692743
GMAIL 26846 11969529
GOOGVIDO 31 8098
GOOGDOCS 12 6514
GOOGDESK 4 696
GTALKGAD 579 380641
GOOGTRAN 217 162609
GOOGANAL 1288 523424
GOOGAPIS 452 370154
GOOGSAFE 2122 1076301
GOOGAPP 4 2120
GOOGMAPS 3248 2891676
H323 20 1585
RTP 7854 1680756
RTCP 32 3392
HTTP 788850 674963937
VIDEO 69192 79659566
AUDIO 15 11908
IMAP 44756 18892973
TCP 45566 11428872
UDP 13038 10624495
IPV6 6757 1265548
LDAP 12 4620
CLDAP 191 48046
MDNS 112 15888
MEEBO 44 21453
MSNP 151 29044
NNTP 4 360
OPENVPN 744 212604
POP3 35866 15735095
TCPMUX 4 360
CMPRSNET 8 720
RJE 8 720
ECHO 9 2202
DISCARD 2 180
SYSTAT 6 540
DAYTIME 4 360
QOTD 6 540
MSP 2 180
CHARGEN 2 180
SSH 12 920
TELNET 22 1692
SMTP 12633 12346838
TIME 8 484
RLP 2 180
WINS 4 360
WHOIS 4 360
MPM 6 540
NIFTP 2 180
AUDITD 2 180
TACACS 4 360
REMAIL 2 180
LAMAINT 2 180
XNSTIME 2 180
XNSCH 2 180
COVIA 4 360
SQLNET 4 360
TFTP 2 180
GOPHER 8 720
RJS 20 1800
DEOS 6 540
VETTCP 4 360
FINGER 8 720
XFER 6 540
MLDEV 12 1080
CTF 6 540
MFCOBOL 8 720
SUTLNT 6 540
DNSIX 12 1080
MITSPL 6 540
NPP 6 540
DCP 10 900
TIVOLI 8 720
SUPDUP 8 720
DIXIE 8 720
SWIFTRVF 10 900
TACNEWS 6 540
METAGRAM 8 720
HOSTNAME 10 900
ISOTSAP 10 900
GPITNP 10 900
ACRNEMA 8 720
CSNETNS 12 1080
3COMTSMX 8 720
RTELNET 6 540
SNAGAS 8 720
POP2 8 720
SUNRPC 6 540
MCIDAS 6 540
IDENT 4 360
SFTP 6 540
ANSANTFY 6 540
UUCP 4 360
SQLSERV 8 720
CFDPTKT 2 180
ERPC 2 180
SMAKYNET 4 360
NTP 7193 647370
NETBIOS 1018 90368
SNMP 167 19960
RSH 3 186
ORACLE 36 3618
INFOSEEK 32 3019
SSL 152896 55918004
ISAKMP 3 1710
PRINTER 1 60
CORBA 110 133145
IMGAMES 8 610
AVCTPRXY 12 975
SOCKS 13 1035
JAVARMI 590 220620
KWDB 1 60
COMVAULT 3 180
CSCOSLA 3 180
VCHAT 8 794
MYSQL 2 132
GPFS 5 336
KAZAA 8 610
IPSEC 9741 2096159
MSSQL 3 180
SYBASE 8 610
PPTP 60 4638
MSMQ 8 610
RTMP 18 7305
CSCODRP 2 124
MSOLAP 12 975
SCURSGHT 17 1275
H248 1 77
RDP 1249 558901
STUN 389 42240
SIP 12662 6556714
XMPP 2713 559266
SHOUTCAS 2 120
SALSFRCE 123 77050
SHRPOINT 61 56619
YAHOO 4319 2544196
WIKIPEDI 869 559747
EBAY 6 2627
HOTMAIL 323 228514
WINLIVE 788 443581
MSN 2244 1366244
FOGBUGZ 417 230234
AMAZON 39 20557
BLOGGER 21 12548
WRDPRESS 414 215401
ADOBE 429 301042
HP 715 704265
SLIDESHR 186 74144
SRCFORGE 115 73271
IMGSHACK 43 40909
MOZILLA 477 193230
BOXNET 20 9172
CNN 263 127806
CONDUIT 186 139823
BABYLON 61 24887
SKYPE 14796 1962840
TWITTER 16054 6465758
LINKEDIN 2879 2040668
STEAM 11798 12151491
TEAMVIEW 88 11077
WINUPDAT 5189 5102083
YMSG 183 46978
YOUTUBE 37509 38150020
ZYNGAGAM 1178 1099889
MAFIAWAR 612 420305

1483237 packets captured (1055567278 bytes) Do proof-of-concept integration with application NAVL is distribution package includes
libnavl.so
*.plg classification plugins
sample applications (source code) capreader reads data from libpcap files and returns:
summary or
detailed packet by packet
classification results
Full transcript