Performance Analysis of Open Source Solution ―ntop‖ for Active and Passive Packet Analysis Relating to Application and Transport Layer

— A key issue facing operators around the globe is the most appropriate way to deal with spotting black in networks. For this purpose, the technique of passive network monitoring is very appropriate; this can be utilized to deal with incisive problems within individual network devices, problems relating to the whole LAN (Local Area Network) or core network. This technique, however, is not just relevant for troubleshooting, but it can also be castoff for crafting network statistics and analyzing network enactment. In real time network scenarios, a lot of applications and/or processes simultaneously download and upload data. Sometimes, it is very difficult to keep track of all the uploaded and downloaded data. Wireshark is a tool that is normally used to track packets for analysis between two particular hosts during two particular sessions on the same network. However, Wireshark as some limitations such as it is not a good tool for keeping track of bulky network data transferred among various endpoints. On the other side, an open source solution “ntop” offers active as well as passive packet analysis which can be handy for system administrators, networkers and IT managers. Additionally, with ntop VoIP traffic can also be monitored. In this research work, the ntop solution has been deployed to a network facility and performance analysis of ntop solution for various application processes (on application layer) such as HTTP, SSDP (based on HTTPU) against their associated protocols such as TCP/IP, UDP, and VoIP have been analyzed. Additionally, above said processes and protocols have been comprehensively analyzed relating with their client/server breakdown, duration of the connection, actual throughput, total bytes (bytes received and sent) and total bandwidth consumed. This study has been helpful to see the weakest and strongest areas of a particular network in terms of analyzing and deploying network policies. This research work will help the research community to deploy ntop solution for real-time monitoring actively and passively.

Tracking and investigating traffic can be carried out for various reasons (Fig. 2) to examine the usage of network resources, measure the performance of network applications, adjust Quality of Service (QoS) policies in the network, log the traffic to fulfil the law, or create accurate models of traffic for academic reasons [14][15][16][17][18][19][20][21].
In order to examine where network resources are being consumed, there are a number of steps.The first step is to analyze the performance levels of network applications, adjusting Quality of Service network policies, recording the details of traffic according to regulations, or create accurate models of incoming and outgoing traffic for the purposes of academic objectives.
In order to fulfil all objectives, the scope and extent of research questions need to be identified.This concerns methods for appropriately classifying traffic, which may be applied to process big data near instantly, with reduced CPU and memory means.Other questions may be related to techniques related to the real-time approximation of the application of Quality of Service.
It is essential for all network operators to be aware of the performance levels of their network, in order to deliver reliability on the services they offer their customers.
Active and passive measurements are also a tool to troubleshoot their networks, in addition to simply measuring performance [22][23][24][25][26][27].In certain instances, network faults may result in traffic being routed the wrong way.One way to tackle this can be through faults generating artificial traffic flows to inspect the behavior of traffic.
The Internet services are deep-seated part of higher education institutes [28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46].Access to higher education is always beneficial for the public since higher education institutions maintain a foundation mission of research that is available through Internet high speed in higher education's environments.Table I shows some of the Popular Online Education Initiatives taken so far recently.www.ijacsa.thesai.orgNowadays, a new educational system introduced in the real-world distance education system, Virtual Education System, online education system, actual state and trends for the future education system.Education can become transformative when teachers and students synthesize information across subjects and experiences, critically weigh significantly different perspectives, and incorporate various inquiries.Educators are able to construct such possibilities by fostering critical learning spaces, in which students are encouraged to increase their capacities of analysis, imagination, critical synthesis, creative expression, selfawareness, and intentionality.
As a result of these approaches, there are bonus benefits that can help the global community at large, as seen in the creation of online courses from the United States.Called Massively Open Online Courses (MOOCs), these are now increasingly common at online platforms.Platforms offer these in a fully online, or through blended options that combine online and classroom learning.The Pew Research Centre (2011) shows statistics that nearly 90% of American colleges or universities offered some courses of this nature.
Wireshark is a tool that is normally used to track packets for analysis between two particular hosts or between two particular sessions on the same network [47][48][49][50].Fig. 3 shows the Wireshark Network Analyzer display windows.A typical network analyzer displays captured traffic in three panes: 1) Summary: This pane displays a one-line summary of the capture.Fields include the date, time, source address, destination address, and the name and information about the highest-layer protocol.www.ijacsa.thesai.org2) Detail: This pane provides all of the details (in a treelike structure) for each of the layers contained inside the captured packet.
3) Data: This pane displays the raw captured data in both hexadecimal and text format.
Wireshark open source data packet analyzer.It is used for software, communication protocols, Ethernet and whole network analysis monitoring does not provide all features for analysis of the same network on Wireshark tool.However, Wireshark has some limitations such as it is not a good tool for keeping track of bulky network data transferred among various endpoints.Wireshark is not for intrusion detection system IDs, someone strange things on your network not show for warm.Wireshark doesn't manipulate on the network.
A network analyzer is a combination of hardware and software.Although there are differences in each product, a network analyzer is composed of five basic parts: Hardware: Most network analyzers are software-based and work with standard operating systems (OSes) and network interface cards (NICs).However, some hardware network analyzers offer additional benefits such as analyzing hardware faults (e.g., cyclic redundancy check (CRC) errors, voltage problems, cable problems, jitter, jabber, negotiation errors, and so on).Some network analyzers only support Ethernet or wireless adapters, while others support multiple adapters and allow users to customize their configurations.Depending on the situation, you may also need a hub or a cable tap to connect to the existing cable.Antichi, G., et al. [54] proposed a system architecture studied Enabling open-source high-speed network monitoring on netfpga.The monitoring system based on cooperative netfpga architecture positively with widely-recognised commercial system traffic considerably low cost.It provided open source instruments devices for capable high-performance monitoring system supporting 10 Gigabit per post base.
Garcıa-Dorado, J. L. et al. [55] conducted survey Highperformance network traffic processing systems using commodity hardware.Their studied compared successful implementations of packet capture engines required throughput and availability of processing cores in the system.High-performance network system used equipment to limitation and bottlenecks solutions packet processing.
Leung, C. M, & Schormans, J. A. [56] proposed methodology of Measurement-based traffic characteristic estimation for QoS-oriented IP networks.They studied two major points facilitate accurate perditions of network performance loss and delay through the measured buffer, and packet traffic bandwidth provided the best network performance.It used an algorithm for IP packets Internets WAN connectivity loss and delay less affected customers.

III. CAPTURE DRIVER
The capture driver is responsible to capture raw network traffic from the data cable.It filters unwanted traffic, and stores the remaining in a buffer.This is the most important, core element of a network analyzer, without data collection is impossible.

1) Buffer:
The buffer stores captured data until its entire storage capacity has been reached.An alternative storage method is the rotation method when most recent data replaces previously stored data.Buffers are memory-based or diskbased.
2) Real-time Analysis: This is a tool to analyze data, as soon as it is received off the cable.It can be used to find network performance issues and even applied to intrusion detection systems to investigate suspicious activity within networks.
3) Decode: The Decode part shows and explains the contents of the network traffic in order to ensure it is readable.These are unique to every protocol, as a result of which network analyzers offer different numbers of supported decodes.These lists are renewed constantly to include more decodes.
This research has been helpful to see the weakest and strongest areas of a particular network in terms of analyzing and deploying network policies.This research work will further help to deploy the ntop solution for real-time monitoring actively and passively.

IV. EXPERIMENTAL DETAILS
-ntop‖ is basically a web-based application user-friendly environment.The range of options -ntop‖ includes a graphical user interface as well as command line options, which make ntop as a priority of the network administrator who is already working in the Linux network environment.Based on the friendliness of ntop application, it easily installed the application and after configuration, it will start of packet capturing without wasting any time.Open source entities are getting importance in users day by day.It is almost easier to add plugins for the ntop to increase their functionality.The IP range is fully supported by ntop including IPV version 4 and 6.
A packet monitoring stage has been presented where different stages of packet monitoring have been depicted.The first stage is the network part where packets are captured.
Network part contains observation points.Observation points could anything ranging from network cards/interfaces to monitoring devices that forward packets to other points in the network under study.The second point in the network is server machines which work a packet aggregator.As data about a stream that was seen at a perception point, which may incorporate both trademark properties of a stream (e.g., IP addresses and port numbers) and measured properties (e.g., parcel and byte counters).They can be envisioned as records or lines in a common database, with one section for every property.
The metering and exporting procedures are by far the same which are normally taken to achieve this type of work and by firmly related exporting of data.Therefore, in this connection, we present these procedures.In Fig. 4, the process after achieving the data capture procedure has been presented.After capturing packet, all packets are time stamped and truncation is performed.After this packet sampling and packet filtering flow of a loop starts.In this research study, packet observing flow has been followed through this procedure.www.ijacsa.thesai.orgThis research work is done based on the IPV4 based network configuration.Easy installation and configuration process effortlessly open sources both window based and Linux based platform installation.Hardware requirement of 2.4 GHz process, 1GB RAM, 20 MB minimum hard desk.
Normally, network applications and their associated protocols are not studied together relating to network parameters.In earlier studies, network connectivity was done through standard switching environment as can be seen in Fig. 1.However, in this work, not only network applications but their associated hosts (which are using the application) shall be analyzed against network protocols and network activities are monitoring through router environment.Routing tables perform excellent help in the ntop environment and fully supported through NetFlow.It can be seen in the Fig. 5, that P0 and P1 are points where network monitoring could be possibly studied.This is the added advantage of the ntop which offers the great facility to actively perform monitoring even sitting many miles away from the network.The client environment is also supported through VPN Client/Server breakdown is also very important to study, since bandwidth before not reflect any particular application, process or protocol responsible for its consumption.This client/server breakdown shall help to optimize server resources for a number of clients/nodes attached to it at any given time.Conclusively, this study shall be handy to explore new analysis techniques grouped together under one plate form -ntop‖ for taking informed network decision and network policies in the coming years.
Distinctive instruments for framework checking, for instance, network monitoring tests offer impelled programming vernaculars for separating framework streams and building quantifiable event records.Appallingly, these gadgets have been planned for analyzing comprehended framework streams.However, it is not for the most part easy to consider what mastermind resources will be attacked.Nearby a couple of exclusions, for instance, security-related inspections various security contraptions available on the Internet are by and large planned for recognizing attacks against a lone host regularly the one where the device has been incited.This infers they don't give sort out/subnet area/protection nor incorporate development watching and estimation workplaces.Subnets are the most vulnerable part of the network which can be attacked while performing network monitoring options.The data has been taken after implementing ntop software network environment at Sindh Agriculture University Tandojam.In the following, the active flow has been described as per data set of ntop parameters shown in Fig. 6.
In Fig. 7, it can be easily deduced that whether data is related with client or server, ntop regardless of its type captures the details for further workout.
In this research work, ntop has been implemented to achieve run time monitoring of the whole network.Active flows of network connection along with the detail throughput details have been presented.It is the worst thing for a network administrator or manager to receive a call from an end user complaining about the health of the network.Additionally, we only know that any particular node is down on our network until someone complains about that.After receiving the complaint, the time to resolve that issue starts tickling.All the presented arguments are normally part of IT companies.Furthermore, performance analysis of any network is the key area for any organization.However, effective network monitoring gives you an added advantage of knowing the faults, congestion, and outage within the network in real time.In this research work, a practical approach for network analysis based on active and passive packet analysis is taken into consideration with the support of network monitoring tool called ntop.To achieve this research work -ntop‖ open source solution has been deployed and configured to a network facility under study which is the Information Technology Centre (ITC).Normally, network applications and their associated protocols are not studied together relating to network parameters.Particularly, a packet monitoring process has been well defined in this research work where different stages of packet monitoring have been properly outlined.The network monitoring process outlined in this research work is so flexible that can easily be modified for a different network architecture as per need.Conclusively, this research study proved handy to explore new analysis techniques grouped together under one platform -ntop‖ for taking informed network decision and network policies in the coming years.

Fig. 2 .
Fig. 2. Analysis of Internet Traffic in Real Time.

Fig. 4 .
Fig. 4. Performance Analysis of Ntop for Active and Passive Packets.

Fig. 5 .
Fig. 5. Network Architect Scenario of Ntop Server Along with Applications within Routing and Switching Environment.

Fig. 6 .
Fig. 6.Data Related with Active Flow has been Captured During the Experimentation Phase of thesis Works.

Fig. 7 .
Fig. 7. Active Flows of Network Connection along with details of throughput and Duration of the Connections.

TABLE I .
Comparative Analysis of Internet Traffic Identification Methods.They survey the main techniques and problems of IP packet based traffic analysis and focuses on application detection.Internet-based applications used more bandwidth increase of news user of Internet provider ISP increase network bandwidth interest of the user.Nilsson, S., & Eriksson, J. [53] proposed the studied test Estimating Application Energy Consumption through Packet Trace Analysis.Their analysed power consumption utilised different applications calculating more accurate estimation mean power.Samsung Galaxy S4 battery 3G developing application transmission improvement the maximum through packet traces analysis.
SOME POPULAR ONLINE EDUCATION INITIATIVES Name Sponsor Year Fees Coursera Joint efforts by Princeton University, Stanford University, University of California Berkeley, University of Michigan-Ann Arbor, & University of Pennsylvania Sources: Schroeder, 2012; official websites of individual initiatives www.ijacsa.thesai.org