-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
119 lines (97 loc) · 4.41 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
layout: default
---
<div class="home">
<h1>What?</h1>
<p>
SF-TAP is a platform for application-level network traffic analysis. It can deal with high-bandwidth network traffic because of the scalable architecture. Furthermore, SF-TAP allows developers to easily implement application-level network traffic analyzers because of some abstractions. SF-TAP provides two main components, which are SF-TAP flow abstractor and SF-TAP cell incubator.
</p>
<h2>SF-TAP Flow Abstractor</h2>
<p>
SF-TAP flow abstractor abstracts network traffic by files of UNIX domain socket, much like Plan 9, UNIX's /dev or /proc. It captures L2 frames via a NIC by pcap or netmap, defragments fragmented IP packets, reassembles TCP flows, and classifies the flows by using regular expressions, which indicates application protocols. That classified flows are outputted to the files provided by UNIX domain socket. Accordingly, developers can only focus to implement application-level network traffic analyzers by just accessing the files. In other words, they do not need to take care of complex TCP states and IP fragmentation.
</p>
<h2>SF-TAP Cell Incubator</h2>
<p>
SF-TAP cell incubator is a software-based network traffic balancer that mirrors and separates network traffic based on the flows. The flows are forwarded via multiple NICs to multiple instances of SF-TAP flow abstractor to allow executing analyzers, which tend to consume many computer resources, on multiple physical machines.
</p>
<img src="assets/highlevel.png" alt="Architecture of SF-TAP" title="Architecture of SF-TAP">
<hr>
<h1>Installation</h1>
<ul>
<li>
<a href="installation/2015/11/21/install-flow-abstractor.html">Install SF-TAP Flow Abstractor on Ubuntu Linux</a>
</li>
<li>
<a href="installation/2015/11/21/install-cell-incubator.html">Install SF-TAP Cell Incubator on FreeBSD</a>
</li>
</ul>
<hr>
<h1>Tutorial</h1>
<ul>
<li>SF-TAP Flow Abstractor</li>
<ul>
<li>
<a href="tutorial/2015/11/21/use-example-analyzers.html">Use Example HTTP and DNS Analyzers<a>
</li>
<li>
<a href="tutorial/2015/11/21/write-your-own-analyzers.html">Write Your Own Analyzer</a>
</li>
<li>
<a href="tutorial/2015/11/23/load-balancing.html">Load Balancing using Flow Abstraction Interface</a>
</li>
<li>
<a href="tutorial/2015/12/02/re-inject.html">Re-injecting Flows via Loopback7 Interace</a>
</li>
<li>
<a href="tutorial/2016/04/24/configuration-of-flow-abstractor.html">Configuration of SF-TAP Flow Abstractor</a>
</li>
<li>
<a href="tutorial/2016/06/05/injecting-pcap-files.html">Injecting pcap Files</a>
</li>
<li>
Build Option of SF-TAP Flow Abstractor
</li>
<li>
Protocol Specification of Flow Abstraction Interface
</li>
</ul>
<li>SF-TAP Cell Incubator</li>
<ul>
<li>
<a href="tutorial/2015/11/21/tutorial-qb.html">Flow Separating, and L2 Mirroring and Bridging</a>
</li>
</ul>
</ul>
<hr>
<h1>References</h1>
<ul>
<li>
<a href="https://www.usenix.org/conference/lisa15/conference-program/presentation/takano">SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware (USENIX LISA 2015)</a> (The paper is available on <a href="/assets/lisa15-paper-takano.pdf">here</a>.)
<pre><code>@inproceedings {193176,
author = {Yuuki Takano and Ryosuke Miura and Shingo Yasuda and Kunio Akashi and Tomoya Inoue},
title = "{SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware}",
booktitle = {29th Large Installation System Administration Conference (LISA15)},
year = {2015},
month = Nov,
isbn = {978-1-931971-270},
address = {Washington, D.C.},
pages = {25--36},
url = {https://www.usenix.org/conference/lisa15/conference-program/presentation/takano},
publisher = {USENIX Association},
}</code></pre>
</li>
</ul>
<hr>
<h1 class="page-heading">Posts</h1>
<ul class="post-list">
{% for post in site.posts %}
<li>
<span class="post-meta">{{ post.date | date: "%b %-d, %Y" }}</span>
<h2>
<a class="post-link" href="{{ post.url | prepend: site.baseurl }}">{{ post.title }}</a>
</h2>
</li>
{% endfor %}
</ul>
<p class="rss-subscribe">subscribe <a href="{{ "/feed.xml" | prepend: site.baseurl }}">via RSS</a></p>
</div>