NMS @ MIT LCS: Internet Traffic Analysis (original) (raw)

Our analysis is based on an extensive collection of packet traces. The novel idea in our approach is to jointly collect both DNS packets and associated TCP connection traffic: since TCP applications drive most DNS traffic, a joint trace collection where all TCP SYN/FIN/RST packets are collected together with DNS packets has the potential to allow us to infer things about the way in which DNS is used. If we only collected DNS packets, we might be able to infer things like DNS response latencies and failure modes, but not infer much about its caching effectiveness.

We have been collecting data at the border router connecting MIT's LCS and AI Lab to the rest of the Internet since Fall 1999. We have analyzed two weeks worth of data collected in January 2000 and December 2000. We also collected data from KAIST in Korea in Spring 2001. We have analyzed one week's worth of data from May 2001.

Our analysis has two parts: first, we study the packet traces to characterize DNS performance as seen by our clients, and draw more fundamental conclusions about its failure modes and its retransmission protocol. Then, we conduct trace-driven simulations to explore the effect of varying time-to-live (TTL) fields and varying degree of cache sharing on DNS cache hit rates.

We are currently investigating a mathematical framework to capture asymptotic properties observed by simulations.