Internal Operation

Xanalysis was developed for the analysis of PCAP files. On the one hand, we have the analysis of a volumetry of important data, while on the other we look for the performance of the tool. To meet these criteria, we have chosen to develop the tool in C so that it is compatible with several operating systems based in UNIX. We also wanted the code to be easily compiled, which is why there is only one file with close X lines and is accompanied by a configure file to verify that the system includes all the libraries Necessary to generate the executable. Currently, the tool is running on a dedicated server with Ubuntu 14.04 LTS as OS
  • Retrieving IP and TCP headers from packets; This phase is the only one that can not be done in parallel because access to the file is unique. During this step, it will take advantage of the access to the IP header to carry out the geolocation of the different IP addresses.
  • Reconstruction of flows and unit sessions. The tool will rebuild flows and unit sessions in memory so that you do not have to reread the input file each time.
  • Analyse des flux et des sessions pour l’obtention des métriques. L’analyse de chaque flux et de chacune des sessions mémorisés permet le calcul des différentes métriques.
  • A la fin de chaque calcul de métrique pour une session, l’écriture des résultats se fait automatiquement dans un fichier avec les adresses IP du réseau local anonymisées.
  • lors d’une phase de Post-traitement, l’outil calculera l’ensemble des débits liés à la trace. Ce rendu se fera sous forme graphique. Il va en parallèle, rangés les écritures dans un ordre croissant selon l’ordre de lecture des adresses IP rencontré lors de la phase 1. Il va également écrire à la fin du fichier de résultats, un résumé des métriques sur l’ensemble de la trace d’écoute passé en paramètre.
xanalysis is a tool that developed as part of the thesis project and not the metrics are entirely dedicated to our needs. It allows to perform analyzes by sessions and by listening file. The results obtained are comparable to those obtained by the tools for the rTraceroute project. Xanalyse also offers a function to extract a stream between two IP addresses that are passed as parameters of the options.   
Figure 1-Operation of xanalyse