Hal Burch Measuring an IP Network in situ Degree Type: Ph.D. in Computer Science Advisor(s): Bruce Maggs, Gary Miller Graduated: May 2005 Abstract: The Internet, and IP networking in general, have become vital to the scientific community and the global economy. This growth has increased the importance of measuring and monitoring the Internet to ensure that it runs smoothly and to aid the design of future protocols and networks. To simplify network growth, IP networking is designed to be decentralized. This means that each router and each network needs and has only limited information about the Internet. One disadvantage of this design is that measurement systems are required in order to determine the behavior of the Internet as a whole. This thesis explores ways to measure five different aspects of the Internet. The first aspect considered is the Internet's topology, the inter-connectivity of the Internet. This is one of the basic questions about the Internet: what hosts are on the Internet and how are they connected? The second aspect is routing: what are the routing decisions made by routers for a particular destination? The third aspect is locating the source of a denial-of-service (DoS) attack. DoS attacks are problematic to locate because their source is not listed in the packets. Thus, special techniques are required. The fourth aspect is link delays. This includes both a general system to determine link delays from end-to-end measurements and a specific system to perform end-to-end measurements from a single measurement host. The fifth aspect is the behavior of filtering on the network. Starting about fifteen years ago, to increase security, corporations started placing filtering devices, i.e., "firewalls", between their corporate network and the rest of the Internet. For each aspect, a measurement system is described and analyzed, and results from the Internet are presented. Thesis Committee: Bruce Maggs (Chair) Gary L. Miller (Chair) Srinivasan Seshan Steven Bellovin Jeannette Wing, Head, Computer Science Department Randy Bryant, Dean, School of Computer Science Keywords: Networking measurement, network topology, graph drawing, tomography, traceback, IP aliasing, reverse traceroute, anonymous DNS CMU-CS-05-132.pdf (1.49 MB) ( 130 pages) Copyright Notice