Skip to content
All-packet MONitor
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
visualizations Add path info to readme step 5, fix config path in live_ip_pair.py Jan 10, 2019
LICENSE Initial commit Sep 29, 2017
Makefile Add files via upload Sep 29, 2017
NOTICE_REGARDING_PF_RING_EXAMPLES Add files via upload Sep 29, 2017
README.md MJRTY BM info Sep 30, 2017
README.mongo
amon.c updating authors Oct 3, 2017
amon.config Add files via upload Sep 29, 2017
bm_structs.c Add files via upload Sep 29, 2017
bm_structs.h Add files via upload Sep 29, 2017
haship.c
haship.h Add files via upload Sep 29, 2017
pfutils.c Add files via upload Sep 29, 2017
strata.txt Add files via upload Sep 29, 2017

README.md

All-packet MONitor -- Monitoring multi-10Gbps network streams

Description

AMON is a software tool for processing multi-10Gbps streams of network data. It is based on PF-RING (zero-copy). This version of AMON reads packets directly from the network interface (NIC), using the PF_RING API. It then generates and streams (to a centralized MongoDB database) the following data output (for more details, see [1]):

  1. A 128x128 matrix (aka "databrick") that conveys information about the network's traffic intensity and structure
  2. A 128x128 matrix that conveys information about the network heavy-hitters. These hitters are identified with the help of the MJRTY Boyer-Moore algorithm [2].

Installation

AMON is currenly supported on Ubuntu and CentoOS systems. So, the first step, is to install one of these on the server that will be receiving the traffic :)

Overall, AMON can be easily built from source, once these two prerequisites are installed:

  1. PF_RING: we recommend installing PF_RING as a binary. Great instructions can be found here:
    http://packages.ntop.org (NOTE: if you want to build PF_RING from source, and then compile AMON, please drop as a line (see "Contact Us" section below).)
  2. MongoDB C drivers: see README.mongo

Usage

  1. Populate accordingly the fields in amon.config
  2. Type './amon -i eth0' where 'eth0' is the interface you are receiving network traffic from
  3. Populate the "strata.txt" file (optional). This is for reserving specific "bins" (e.g, the first k=5 leftmost bins) for subnets of interest (e.g., Google, Apple, etc.)

To verify that things work, check that you get updated traffic statistics (provided by PF_RING) every 1 second, and that you get a list of the top-hitters every ALARM_SLEEP seconds (parameter set in amon.config -- we recommend setting this to values less than or equal to 10 seconds)

Contact Us

Please email research@merit.edu for support or contact mgkallit AT umich

References

[1] M. Kallitsis, S. Stoev, S. Bhattacharya, G. Michailidis, AMON: An Open Source Architecture for Online Monitoring, Statistical Analysis and Forensics of Multi-gigabit Streams, IEEE JSAC Special Issue on Measuring and Troubleshooting the Internet, July 2016. [Online] http://ieeexplore.ieee.org/document/7460178/

[2] A Linear Time Majority Vote Algorithm. [Online] https://www.cs.utexas.edu/~moore/best-ideas/mjrty/

You can’t perform that action at this time.