From 80482e1c8110c710a81c220d8c6bba387990159e Mon Sep 17 00:00:00 2001 From: Duncan Date: Sun, 28 Jun 2020 17:25:09 -0400 Subject: [PATCH] Slight fix to TID and UID reference --- trackingPaper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trackingPaper.tex b/trackingPaper.tex index a59718e..8861e0b 100644 --- a/trackingPaper.tex +++ b/trackingPaper.tex @@ -205,7 +205,7 @@ PF\_RING acts as a kernel module that aids in minimizing packet loss/timestampin % DataSeries + Code section DataSeries was modified to filter specific SMB protocol fields along with the writing of analysis tools to parse and dissect the captured packets. Specific fields were chosen to be the interesting fields kept for analysis. %It should be noted that this was done originally arbitrarily and changes/additions have been made as the value of certain fields were determined to be worth examining; e.g. multiple runs were required to refine the captured data for later analysis. -The DataSeries data format allowed us to create data analysis code that focuses on I/O events and ID tracking: e.g. Tree ID (TID) and User ID (UID). The future vision for this information is to combine ID tracking with the OpLock information in order to track resource sharing of the different clients on the network, as well as using IP information to recreate communication in a larger network trace to establish a better benchmark. +The DataSeries data format allowed us to create data analysis code that focuses on I/O events and ID tracking: e.g. Tree Identifier (TID) and User Identifier (UID). The future vision for this information is to combine ID tracking with the OpLock information in order to track resource sharing of the different clients on the network, as well as using IP information to recreate communication in a larger network trace to establish a better benchmark. %Focus should be aboiut analysis and new traces The contributions of this work are the new traces of SMB traffic over a large university network as well as new analysis of this traffic. Our new examination of the captured data reveals that despite the streamlining of the CIFS/SMB protocol to be less "chatty", the majority of SMB communication is still metadata based I/O rather than actual data I/O. We found that read operations occur in greater numbers and cause a larger overall number of bytes to pass over the network. Additionally, the average number of bytes transferred for each write I/O is smaller than that of the average read operation. We also find that the current standard for modeling network I/O holds for the majority of operations, while a more representative model needs to be developed for reads.