Re: STP Visualization

2009-11-30 Thread Dave Plonka 

On Mon, Nov 30, 2009 at 06:16:53PM +, David Freedman wrote:
 I wrote a perl/libgd tool some time ago which acts as a cgi script and
 takes live data and makes pretty pictures of it (per vlan).
 Note due a bunch of stuff not being uniformly implemented in IOS via
 SNMP I've had to screen scrape a little and I'm afraid this means I
 don't have any CatOS support.
 
 Let me know offlist if you are interested in the code.

I have something to do this as well, using perl to grab all the
details via SNMP, and then visualization using GraphViz.
You're welcome to use it to start with:

   http://net.doit.wisc.edu/~plonka/stpgraph/

There's a sample PDF in the examples/ sub-dir.
 
Dave

P.S.  I know initially you request a good tool, which is in the
eye of the beholder.  This one will want a programmer's eye, I guess.

-- 
plo...@cs.wisc.edu  http://net.doit.wisc.edu/~plonka/  Madison, WI

Re: MRTG in Fourier Space

2009-04-21 Thread Dave Plonka 

Hi Crist,

On Tue, Apr 21, 2009 at 05:12:04PM -0700, Crist Clark wrote:
 
 Has anyone found any value in examining network utilization
 numbers with Fourier analyses? After staring at pretty
 MRTG graphs for a bit too long today, I'm wondering if
 there are some interesting periodic characteristics in the
 data that could be easily teased out beyond, Well, the
 diurnal fluctuations are obvious, but looks like we may
 have some hourly traffic spikes in there too. And maybe
 some of those are bigger every fourth hour.
 
 A quick Google search turned up nothing at all.

Such techniques are used in the are of network anomaly detection.
For instance, a search for network anomaly detection at
scholar.google.com will yield very many results.

Our 2002 paper, A Signal Analysis of Network Traffic Anomalies
[ACM SIGCOMM Internet Measurement Workshop 2002, Barford, et al.],
is one such work.  We mention that we use wavelet analysis rather
than Fourier analysis because wavelet/framelet analysis is able
to localize events both in the frequency and time domains, whereas
Fourier analysis would localize the events only in frequency, so an
iterative approach (with varying intervals of time) would be necessary.
In general, this is the reason why Fourier analysis has not been a
common technique used in network anomaly detection.

That work used data stored in RRD files at five minute intervals.
Our subsequent work used data stored at one second intervals, again
in RRD files.

Dave

-- 
plo...@cs.wisc.edu  http://net.doit.wisc.edu/~plonka/  Madison, WI