| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A New Method for Interactive TCP Traffic Replay Based on Balance-Checking Between Transmitted and Received Packets |
| Authors | CHU Wei-Bo1) CAI Zhong-Min1) GUAN Xiao-Hong1),2) CHEN Ming-Xu1) |
| Address | 1)(MOE Key Laboratory for Intelligent Networks and Network Security, State Key Laboratory for Manufacturing Systems, Xi¡¯an Jiaotong University, Xi¡¯an 710049) 2)(Tsinghua National Laboratory for Information Science and Technology, Department of Automation, Tsinghua University, Beijing 100084) |
| Year | 2009 |
| Issue | No.4(835¡ª846) |
| Abstract & Background | Abstract Interactive network traffic replay is the newest method for testing and evaluation of network devices such as Firewalls, IPSes, routers, switches, etc. Currently state-checking method is used for interactive TCP traffic replay. This paper proposes a new method for interactive TCP traffic replay which is based on the balance status between transmitted and received packets. By checking the balance conditions before sending out TCP packets, the method can significantly reduce the cost of state-checking and enhance the replay performance. The authors made a comparison on the differences of replay methods when introducing the balance mechanism. The efficiency of the method is also investigated and evaluated from aspects of a single TCP session£¬multi-session traffic, packet losses and latency. Experimental results show that the method outperforms the original state-checking method when replaying actual TCP traffics. Keywords testing and evaluation of network security devices; network traffic replay; interactive TCP traffic replay; state based method; balance checking Background This work is partly supported by the National High Technology Research and Development Program (863 Program) of China (grant Nos.2007AA01Z464, 2007AA01Z475, 2007AA01Z480, 2008AA01Z415), the National Natural Science Foundation of China (grant No.60574087), the Doctoral Fund of Ministry of Education of China (grant No.20070698107), the Science Foundation of Shaanxi Province (grant No.2006F46), and Xi¡¯an Science and Technology Program (grant No.zx06026). Testing and evaluation for network devices such as firewalls, IPSes, IDSes is of great importance in network security assurance. Recently interactive network traffic replay is proposed to test in-line devices. Current interactive traffic replay mainly deals with TCP traffic, which is replayed using state-checking method. The replay system extracts state information from every packet and compares it with the state of the corresponding TCP session to determine whether or not to send out the packet. Since the replay system has to maintain state information for every TCP session and perform state-checking when packets are to be sent out, the replay performance is severely limited. In this paper the authors present a new method for interactive TCP traffic replay, which is based on the balance status between transmitted and received packets. By checking the balance conditions before sending out TCP packets, the method can significantly reduce the cost of state-checking and enhance the replay performance. They made a comparison of the differences of replay methods when introducing the balance mechanism. The efficiency of the method is also investigated and evaluated from perspectives of a single TCP session£¬multi-session traffic, packet losses and latency. Experiments show that the method outperforms the original state-checking method when replaying real TCP traffics. |