1 mmdump Reference: “mmdump: A Tool for Monitoring Internet Multimedia Traffic” J. van der...

1

mmdump

Reference:

“mmdump: A Tool for Monitoring Internet Multimedia Traffic”

J. van der Merwe, R. Cceres, Y-H. Chu, C. Sreenan. ACM SIGCOMM Computer Communication Review,

Volume 30,  Issue 5  (October 2000), ISSN:0146-4833

Speaker: Yan-Hsiang Wang

Date: 2007.02.12

2

Outline

Motive Structure Result Conclusion

3

Motive (1/3)

Recent years have seen increasing use of the Internet to send and receive audio and video.

It is important for network designers to understand the nature of multimedia traffic.

4

Motive (2/3)

tcpdump can be used to monitor packets for a particular protocol by filtering based on the appropriate TCP/DUP port number.

The multimedia applications use dynamically assigned UDP port numbers.

5

Motive (3/3)

This paper presents the design and implementation of mmdump, contains a parsing module for each multimedia control protocol.

6

How

mmdump contains a parsing module for each multimedia control protocol.

The parsing module identifies individual control sessions in this aggregate control stream, and parses the control messages to extract the dynamically assigned port numbers.

7

tcpdump

It builds on top of the libpcap library, which provides two key functions An abstraction for dealing with different ty

pes of network interfaces The ability to compile a filter expression f

or use by a packet filter sudo tcpdump –X port 80

8

Multimedia control protocol

Real Time Streaming Protocol

9

Multimedia control protocol

H.323

More http://ms11.voip.edu.tw/~sepp/presentation/one_1st/VoIP_oral-rfc4123.ppt

10

Structure

All packets that arrive on a particular well-known port number are passed to the corresponding parsing module for processing

Lookup Matching of source and destination

addresses and port numbers

11

Flow chart

12

State

Maintaining state New session state can be created when

the first TCP packet for a particular session is received

Session state can be removed when the TCP FIN packet is received Control connection for RTSP H.245 connection for H.323

13

Sequence

Complete higher layer protocol message Per packet buffer doesn’t take TCP

sequence numbers Simply treats packets in the order in

which they were received

14

Change filter

Found new port Dynamically change the filter expression Between the parsers and the packet filter

change_filter() do_filter() – actual filter change takes place

Review - libpcap pcap_compile() pcap_setfilter() http://ms11.voip.edu.tw/~sepp/presentation/two_1st/MR8-libpcap.ppt

15

Garbage

Garbage collection Because of effects such as packet losses

or route changes, the probe point might never receive the FIN packet

It has to be performed to remove stale session

16

Result – RTSP (1/2)

RealPlayer on Windows plays CNN Headline News

17

Result – RTSP (2/2)

Every half hour Peak hours are drastically shifted

towards the late evening hours

18

Result – H.323 (1/2)

Two Windows PC machines run Microsoft NetMeeting3.1 and they make a video conferencing

19

Result – H.323 (1/2)

The amount of control traffic is significantly lower than the amount of data traffic

20

Conclusions

This paper has presented a new tool for monitoring multimedia traffic on the Internet

Interesting Multimedia sessions have a rich structure Zipf-like distribution RTSP clients can request that servers adj

ust the transmission rate

21

Zipf-like distribution

22

SET_PARAMETER

One use of this method by the RealMedia player is to set the required delivery bandwidth from the server

23

Future work

Using it to monitor the QoS in a VoIP testbed

Develop a SIP parser Adopting a modified BPF+ that include

s complier support for incremental filter updates

24

Reference

Zipf distribution http://en.wikipedia.org/wiki/Zipf's_law http://www.useit.com/alertbox/zipf.html