wiki:GeniTmixSoftware

Version 32 (modified by Ben Newton, 6 years ago) (diff)

--

Tmix Software

This page describes how to install and use the Tmix software for generating Tmix input files from a network traffic trace.

Tmix generates traffic based on traffic measured on a real link. This measurement is made by recording the headers of packets flowing over a link. The Tmix software described here converts a network trace into a pair of Tmix input files which are then used by another piece of software to replay the traffic.

Software Package

Those desiring to generate their own Tmix input files can obtain a copy of the Tmix software package by sending an email to Jay Aikat (aikat AT cs DOT unc DOT edu)

Software Dependencies

The Tmix software runs on modern Linux distributions, and depends on the following readily available software packages:

  • libpcap
  • wireshark-common (for capinfos)
  • tcpdump

To Install the dependencies on Ubuntu issue the following commands:

sudo apt-get install libpcap
sudo apt-get install wireshark-common
sudo apt-get install tcpdump

Install

Follow these instructions to build and install the Tmix software. The following assumes version 1.0 of the software, if installing a different version, replace tmix.1.0 with the correct version number.

  1. Copy the tmix software tarball to a directory where it can be uncompressed and untarred, change to that directory, then issue the following command:
    tar -zxvf tmix.1.0
    
  1. Issue the following commands to configure, build the software:
    cd tmix.1.0
    ./configure
    make
    
  1. (Optional) To test the software build, issue the following command:
    make check
    
  1. (Optional) The binaries are now available in the src directory. To install the binaries, issue the following command:
    sudo make install
    

Running

As described above this software converts a network trace into a pair of Tmix input files which are then used to replay the traffic. Currently only pcap format network trace files are supported for conversion into tmix input files. Pcap is a standard format, and most network traces should be easily output in or converted to the pcap format. The Tmix software requires that the direction of each packet be identified. Packets can be either incoming packets or outgoing packets. Incoming packets are those entering an institution or machine over a link, and likewise outgoing packets are those leaving an institution or machine. When monitoring a link in the middle of a network, users may choose to arbitrarily label one direction as incoming and the other as outgoing. Please note, the incoming and outgoing classification relates only to the direction of travel of the packet, and not to which side initiated the tcp connection (i.e. inbound connection).

Follow these steps to obtain a set of Tmix input files. These instructions assume you have installed binaries, and they are in your path, if not, augment the program names below with the paths to those binaries.

  1. Obtain a pcap file or set of pcap files you wish to process into a pair of Tmix input files.
  1. If not already split into 2 files, one containing incoming packets and one containing outgoing packets, split the pcap file. This can be accomplished when all the subnets one one side of the connection are known by using the following commands:
    tcpdump -r <toSplit.pcap> -w <incoming.pcap> dst net 155.90.0.0/16 or dst net 155.91.0.0/16 or ... or dst net 155.92.0.0/16
    tcpdump -r <toSplit.pcap> -w <outgoing.pcap> src net 155.90.0.0/16 or src net 155.91.0.0/16 or ... or src net 155.92.0.0/16
    

where <toSplit.pcap> is replaced with the filename of the pcap to split, <incoming.pcap> and <outgoing.pcap> are replaced with the filenames of the resulting files, and all the subnet descriptions (155.90.0.0/16) are replaced with those relevant to the network one one side of the link where the trace was collected. If the trace is anonymized subnet descriptions will need to work for the anonymized IPs.

  1. Next, change to a directory in which your input files will be created (they will be put in a tmix-results sub-directory in this directory)
  1. Issue the following command to create the Tmix input pair:
    pcap2tmix <incoming.pcap> <outgoing.pcap>
    

where <incoming.pcap> and <outgoing.pcap> are replaced with the appropriate filenames.

  1. It may take several minutes, or even a few hours to process the files, depending on their size. The output from a successful run should look similar to the following:
    Determining trace start time and duration ...
    Trace Start Time is 1361025160.615456
    Trace Duration is 3600 seconds
    Processing and sorting incoming packets ...
    Processing and sorting outgoing packets ...
    Determining connections ...
    Classifying connections ...
    Splitting connections ...
    Sorting ...
    Generating log ...
    Total Processing Time =  7123 seconds.
    Done.
    
  1. Upon completion change to the tmix-results directory, which should contain 4 files: pcap2tmix.log, stats.log, <filename>.tr_1.cinit.sorted.tcvec.gz and <filename>.tr_1.crecv.sorted.tcvec.gz. The first is a log of the processing, the second is a log listing the statistics of the trace, and then other two are the pair of Tmix input files which can now be used to generate traffic.