Skip to content

Desirable Feature Set

Jump to bottom
Prasad Talasila edited this page Oct 13, 2017 · 18 revisions

This page lists all the features that can be added to the packet analyzer.

Custom Plug-ins

  1. Using P4 language
  2. Stream Query Languages
  3. Using NetConf language

Remote Probes

  1. Using NETCONF protocol (http://www.netconfcentral.org/netconf_docs, http://trac.tools.ietf.org/wg/netconf/trac/wiki (lots of Java-based tools available, https://github.com/YangModels/yang/, https://tools.ietf.org/html/draft-ietf-netmod-yang-json-07)
    Remote probes would be of enormous interest in SNMP / SDN / IoT kind of architectures.
  2. Complying with IPFIX/PSAMP and other IETF measurement standards
  3. Think of ways to model the distributed packet processing frameworks such as VAST, ProgME and goProbe.
  4. Optimize for maximum throughput performance rather than for minimum number of pipeline stages.
  • Aggregate functions and the respective theory for generic packet analyzer part of the analyzer cell.
  • Database migration to NoSQL databases. What is an appropriate database? Is there anything better than Cassandra?
  • Apache Arrow or Redis are good candidates for in-memory databases.

Significant chunk of the data is relational. It is probably better to come up with a clean mix of relational and NoSQL databases. Spring Data framework can help here as well. For example, there is Spring Data Cassandra project that helps integrate Cassandra into the project. Spring Data MongoDB is another worthwhile library to take note.

References

  1. Cassandra Data modeling
  2. Basic rules of Cassandra data modeling
  3. Cassandra Data Modeling Best Practices PPT
  4. Datastax tutorials
  5. Jay Patel@ebay - Part-1 Part-2

Testing

  1. Unit tests
  2. Regression tests
  3. Function tests
  4. Integration tests, especially for custom plug-ins

User Interface

User interface must be extensively configurable and composable in two aspects: parse graph generator (configuration creation for the experiment) and analysis viewer. The analysis viewer can have custom views of tables / graphs or pre-built visualizations. The pre-built visualization is a great way to let the packet analyzer mimic the functionality of great many other tools, for example Wireshark.

Kibana4 seems like a good UI compositor and the Elastic Search seems to be a good feeding point into Kibana4. Infact, Elk Stack seems to be a good integrator for everything to be done after protocol analysis.

Home

User Documents

Development Documents

Architecture and Design Documents

Research Notes

Appendix

Clone this wiki locally