Application-Level Traffic Monitoring

A major problem with current Internet traffic monitoring and analysis concerns the large number of newly emerging network-based applications possessing more complicated communication structures and traffic patterns than traditional applications. The amount of traffic generated by these applications, such as peer-to-peer (P2P), streaming media, games, etc., is reported to be well over half of the total traffic. The dynamic use of port numbers, the use of multiple sessions, and other features of these applications complicate the characterization of current Internet traffic. Applicationlevel traffic identification is a preliminary but essential step toward traffic characterization, which this paper mainly addresses. Traditional traffic identification methods based on well-known port numbers are not appropriate for the identification of P2P, streaming, and other new types of applications. This paper proposes a new method to identify current Internet traffic. First, we categorized most current network-based applications into several classes according to their traffic patterns. Using this categorization, we developed a flow grouping method that determines the application name of traffic flows. We have incorporated our method into NG-MON, a traffic analysis system, to analyze Internet traffic between our enterprise network and the Internet.