Pollere is creating network observer applications, both proprietary
and open source, that mine the information present in network
packets as described in slides from our
Listening to Networks talks
and in this video from a
Listening to Networks
talk at UCLA.
The goal is real-time, always on, passive
monitors of the key network metrics that impact application performance.
Passive approaches make use of the existing packet stream without
adding or modifying packets, thus
recording what actual applications
experience rather than what artificial probe traffic sees.
Transport Level Passive Ping (pping)
We originally used this technique to validate TSDE (below),
but realized it is useful in its own right.
We rolled a basic version into its own C++ program
and made it available as open source (GPLv2.0) to
encourage work on passive monitoring. Our version works on TCP packets
and can be extended to any transport protocol with a timestamp (or similar) field.
Using the very nice
library simplified application to both IPv4 and IPv6,
and can ease the addition of future protocols.
The passive ping tool
works for both live capture and pcap file reading;
its description and a link to the code are
Transport Segment Delay Estimator (TSDE)
Funded by a U.S. Department of Energy Small Business Innovation Research
(SBIR) grant (Phases I and II), Pollere has first focused on measuring
and isolating network delay.
The delay experienced by application packets is a powerful Internet
diagnostic. Network problems (like bufferbloat or high loss rates) and
end-node problems (like receiver or sender window limits) are both
visible in packet round trip delays. Round trip delays have long been
measured by end-node protocols to diagnose and repair loss. But this
high quality diagnostic information is only available to the end nodes
while other network elements have made do with less capable measures
such as the ping matrices produced by an active probing mesh.
Pollere's TSDE extracts high-quality round-trip and
one-way delay information from passively collected application packet
samples. The sampling can be done anywhere in the network and doesn't
require samples from both directions of a flow (e.g., the tools work in
the presence of asymmetric routing and multipath). Because the
information is mined from application traffic, it measures everything
that happens to the that traffic. So, for example, samples taken on the
one end of a campus peering link could be used not only to identify
prefixes experiencing significant bufferbloat but also to localize the
delay, determining whether the bottleneck was inside the campus network,
in the measuring ISP, or on the path to the remote destination.
TSDE is a proprietary tool using patent pending technology and is
available for licensing.
Results and More information
TSDE is prototyped in a box from Logic Supply, Inc running Linux.
We took our prototype TSDE for a spin in a home network and monitored
some video streams.
See our Listening with TSDE note.
(If you find misconceptions and misperceptions,
we are happy to be better informed.)
Listening with a Transparent Bridge
Recent talks on measurements using TSDE and on passive monitoring in general
are available on our
For more information on TSDE, contact firstname.lastname@example.org.