Weekly Report -- 03/06/2011




Continued comparing libprotoident against various DPI-based solutions. Been trying to do some useful comparisons using ISP data (which has a much more interesting variety of traffic) but have been running into a few problems -- I can't capture full payload to disk, but running all of the traffic classifiers at the same time requires more memory than the capture box currently has.

If I disable the IP-based tracking that OpenDPI and PACE use, I can reduce the memory requirements enough to run a comparison test for a decent length of time. However, the classification accuracy of those tools drops massively, especially for P2P protocols, so the IP-based tracking is clearly more important than I had initially thought.

Set up and ran some performance tests for libprotoident and the DPI tools, measuring both CPU and memory usage.

Started writing up a draft paper on libprotoident -- not sure of a venue for it yet, but it will at least be a nice summary of all my comparative test results.