Home Contact Resources Services About Us

Network Observers

Pollere is creating network observer applications, both proprietary and open source, that mine the information present in network packets as described in slides from our Listening to Networks talks and in this video from a Listening to Networks talk at UCLA. The goal is real-time, always on, passive monitors of the key network metrics that impact application performance. Passive approaches make use of the existing packet stream without adding or modifying packets, thus recording what actual applications experience rather than what artificial probe traffic sees.

Transport Level Passive Ping (pping)

We originally used this technique to validate TSDE (below), but realized it is useful in its own right. We rolled a basic version into its own C++ program and made it available as open source (GPLv2.0) to encourage work on passive monitoring. Our version works on TCP packets and can be extended to any transport protocol with a timestamp (or similar) field. Using the very nice libtins library simplified application to both IPv4 and IPv6, and can ease the addition of future protocols. The passive ping tool works for both live capture and pcap file reading. See its description, ppping's code, and a simple nodejs program to send its output lines to a web client.

Transport Segment Delay Estimator (TSDE)

Funded by a U.S. Department of Energy Small Business Innovation Research (SBIR) grant (Phases I and II), Pollere has first focused on measuring and isolating network delay.

The delay experienced by application packets is a powerful Internet diagnostic. Network problems (like bufferbloat or high loss rates) and end-node problems (like receiver or sender window limits) are both visible in packet round trip delays. Round trip delays have long been measured by end-node protocols to diagnose and repair loss. But this high quality diagnostic information is only available to the end nodes while other network elements have made do with less capable measures such as the ping matrices produced by an active probing mesh.

Pollere's TSDE extracts high-quality round-trip and one-way delay information from passively collected application packet samples. The sampling can be done anywhere in the network and doesn't require samples from both directions of a flow (e.g., the tools work in the presence of asymmetric routing and multipath). Because the information is mined from application traffic, it measures everything that happens to the that traffic. So, for example, samples taken on the one end of a campus peering link could be used not only to identify prefixes experiencing significant bufferbloat but also to localize the delay, determining whether the bottleneck was inside the campus network, in the measuring ISP, or on the path to the remote destination.

TSDE is a proprietary tool using patented technology. A simplified and less tested version is open sourced at: DelayLocator,

Results and More information

TSDE is prototyped in a box from Logic Supply, Inc running Linux. We took our prototype TSDE for a spin in a home network and monitored some video streams. See our Listening with TSDE note. (If you find misconceptions and misperceptions, we are happy to be better informed.)

Listening with a Transparent Bridge

Recent talks on measurements using TSDE and on passive monitoring in general are available on our Presentations page.

For more information on TSDE, contact info@pollere.net.

About Us | Services | Resources | Contact | Home

Copyright © 2012-2020, Pollere LLC All Rights Reserved.