Atheris - A Workbench for Internet Traffic Visualization

The open source traffic analyzer Atheris has been designed to monitor network traffic and to visualize its inherent properties. It can be applied to perform passive and active traffic measurements at the packet layer, data extraction, flow analysis and the visual inspection of relevant statistical traffic characteristics.

 

Atheris has been developed in Java 1.6 due to its platform independence and the availability of suitable libraries, e.g. Libpcap [4] and its Windows counterpart WinPcap [5]. The latter intercept the packets from the kernel space and copy them to the user space, such that traffic analyzers can dissect and store the packets. As Libpcap respectively WinPcap are written in C, one needs a wrapper to get the packets into Java. The first version of Atheris used Jpcap [3] as Java wrapper of the libraries libpcap and WinPcap. Since the development of Jpcap has been discontinued and we encountered serious limitations and bugs, we have migrated Atheris to jNetPcap [2], which serves now as wrapper of libpcap.

 


Multithreaded Capture Engine of Atheris

 

The new multithreaded version of Atheris includes new functionality such as a redesigned GUI and an improved workbench functionality. It is now possible to export the packets of selected flows or conversations to Wireshark or to CSV files. As part of our ongoing work this functionality will be extended to incorporate the export to SQL databases and the statistical software R. Finally, the addition of new plots to Atheris has been simplified. Due to its modular architecture, existing plots can be easily extended. To add a new plot, only one interface needs to be implemented. After the completion of the migration to the wrapper jNetPcap, a stable open source version of Atheris is available now, see [1].

 

To the best of our knowledge, Atheris is the first publicly available multi-threaded JAVA implementation of a graphical traffic analyzer.
Future releases will incorporate P2P functionality to enable the monitoring of applications in a fully distributed manner.

 

References:

1. Atheris Source Code
2. jnetpcap
3. Jpcap
4. Libpcap
5. Winpcap

Further references:

P. M. Eittenberger, U.R. Krieger:
Atheris: A First Step Towards a Unified Peer-to-Peer Traffic Measurement Framework.
In: 19th Euromicro International Conference on Parallel, Distributed and Network-Based Computing (PDP 2011), Ayia Napa, Cyprus, February 9-11, 2011.

P. M. Eittenberger, U.R. Krieger:
A Workbench for Internet Traffic Visualization.
In:  The 16th International GI/ITG Conference on Measurement, Modelling and Evaluation of Computing Systems and Dependability and Fault Tolerance
(MMB & DFT 2012), Tool descriptions.
Kaiserslautern, Germany, March 19-21, 2012.