Passive measurement

The term passive measurement refers to the process of measuring a network, without creating or modifying any traffic on the network. This is in contrast to active measurement, in which specific packets are introduced into the network, and these packets are timed as they travel through the network being measured.

Passive measurement can provide a detailed set of information about the one point in the network that is being measured. Examples of the information passive measurements can provide are:

• Traffic / protocol mixes
• Accurate bit or packet rates
• Packet timing / inter-arrival timing

Passive measurement can also provides a means of debugging a network application, by providing a user with the entire packet contents, as seen on the network.

Active systems provide very little information about a single point of a network. They instead provide a representation of the characteristics of the entire network path between two hosts. Active systems can provide such indications of a networks performance as:

• Packet round trip time (RTT)
• Average packet loss
• Connection bandwidth

Some active systems can also give indications of the following:

• Asymmetric delay times
• Alterations in routing paths between hosts

As stated in section 2.3 this project relies on the use of network traces. My initial expectation when faced with this was that passive measurement systems would be well understood and simple to work with, and that most of my time would be in high level analysis of the traces. This was a large underestimation on my part.

Understanding the principals of passive measurement systems has consumed a large portion of my time, and is the area that I have learnt the most about during this project. This includes learning the problems with current implementations, ways of verifying the accuracy of traces and limitations of passive measurement systems. The rest of this section details this information and these experiences.