Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Slight fix to TID and UID reference
  • Loading branch information
Duncan committed Jun 28, 2020
1 parent a8f4491 commit 80482e1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion trackingPaper.tex
View file
Expand Up @@ -205,7 +205,7 @@ PF\_RING acts as a kernel module that aids in minimizing packet loss/timestampin
% DataSeries + Code section % DataSeries + Code section
DataSeries was modified to filter specific SMB protocol fields along with the writing of analysis tools to parse and dissect the captured packets. Specific fields were chosen to be the interesting fields kept for analysis. DataSeries was modified to filter specific SMB protocol fields along with the writing of analysis tools to parse and dissect the captured packets. Specific fields were chosen to be the interesting fields kept for analysis.
%It should be noted that this was done originally arbitrarily and changes/additions have been made as the value of certain fields were determined to be worth examining; e.g. multiple runs were required to refine the captured data for later analysis. %It should be noted that this was done originally arbitrarily and changes/additions have been made as the value of certain fields were determined to be worth examining; e.g. multiple runs were required to refine the captured data for later analysis.
The DataSeries data format allowed us to create data analysis code that focuses on I/O events and ID tracking: e.g. Tree ID (TID) and User ID (UID). The future vision for this information is to combine ID tracking with the OpLock information in order to track resource sharing of the different clients on the network, as well as using IP information to recreate communication in a larger network trace to establish a better benchmark. The DataSeries data format allowed us to create data analysis code that focuses on I/O events and ID tracking: e.g. Tree Identifier (TID) and User Identifier (UID). The future vision for this information is to combine ID tracking with the OpLock information in order to track resource sharing of the different clients on the network, as well as using IP information to recreate communication in a larger network trace to establish a better benchmark.


%Focus should be aboiut analysis and new traces %Focus should be aboiut analysis and new traces
The contributions of this work are the new traces of SMB traffic over a large university network as well as new analysis of this traffic. Our new examination of the captured data reveals that despite the streamlining of the CIFS/SMB protocol to be less "chatty", the majority of SMB communication is still metadata based I/O rather than actual data I/O. We found that read operations occur in greater numbers and cause a larger overall number of bytes to pass over the network. Additionally, the average number of bytes transferred for each write I/O is smaller than that of the average read operation. We also find that the current standard for modeling network I/O holds for the majority of operations, while a more representative model needs to be developed for reads. The contributions of this work are the new traces of SMB traffic over a large university network as well as new analysis of this traffic. Our new examination of the captured data reveals that despite the streamlining of the CIFS/SMB protocol to be less "chatty", the majority of SMB communication is still metadata based I/O rather than actual data I/O. We found that read operations occur in greater numbers and cause a larger overall number of bytes to pass over the network. Additionally, the average number of bytes transferred for each write I/O is smaller than that of the average read operation. We also find that the current standard for modeling network I/O holds for the majority of operations, while a more representative model needs to be developed for reads.
Expand Down

0 comments on commit 80482e1

Please sign in to comment.