What?

SF-TAP is a platform for application-level network traffic analysis. It can deal with high-bandwidth network traffic because of the scalable architecture. Furthermore, SF-TAP allows developers to easily implement application-level network traffic analyzers because of some abstractions. SF-TAP provides two main components, which are SF-TAP flow abstractor and SF-TAP cell incubator.

SF-TAP Flow Abstractor

SF-TAP flow abstractor abstracts network traffic by files of UNIX domain socket, much like Plan 9, UNIX's /dev or /proc. It captures L2 frames via a NIC by pcap or netmap, defragments fragmented IP packets, reassembles TCP flows, and classifies the flows by using regular expressions, which indicates application protocols. That classified flows are outputted to the files provided by UNIX domain socket. Accordingly, developers can only focus to implement application-level network traffic analyzers by just accessing the files. In other words, they do not need to take care of complex TCP states and IP fragmentation.

SF-TAP Cell Incubator

SF-TAP cell incubator is a software-based network traffic balancer that mirrors and separates network traffic based on the flows. The flows are forwarded via multiple NICs to multiple instances of SF-TAP flow abstractor to allow executing analyzers, which tend to consume many computer resources, on multiple physical machines.

---

Installation

• Install SF-TAP Flow Abstractor on Ubuntu Linux
• Install SF-TAP Cell Incubator on FreeBSD

---

Tutorial

• SF-TAP Flow Abstractor
• Use Example HTTP and DNS Analyzers
• Write Your Own Analyzer
• Load Balancing using Flow Abstraction Interface
• Re-injecting Flows via Loopback7 Interace
• Configuration of SF-TAP Flow Abstractor
• Injecting pcap Files
• Build Option of SF-TAP Flow Abstractor
• Protocol Specification of Flow Abstraction Interface
• SF-TAP Cell Incubator
• Flow Separating, and L2 Mirroring and Bridging

---

References

• SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware (USENIX LISA 2015) (The paper is available on here.)

  @inproceedings {193176,
    author = {Yuuki Takano and Ryosuke Miura and Shingo Yasuda and Kunio Akashi and Tomoya Inoue},
    title = "{SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware}",
    booktitle = {29th Large Installation System Administration Conference (LISA15)},
    year = {2015},
    month = Nov,
    isbn = {978-1-931971-270},
    address = {Washington, D.C.},
    pages = {25--36},
    url = {https://www.usenix.org/conference/lisa15/conference-program/presentation/takano},
    publisher = {USENIX Association},
  }

---

Posts

• Jun 5, 2016

  Injecting pcap Files to SF-TAP Flow Abstractor

• Apr 24, 2016

  Configuration of SF-TAP Flow Abstractor

• Dec 2, 2015

  Re-injecting Flows via Loopback7 Interface

• Nov 23, 2015

  Load Balancing using Flow Abstraction Interface

• Nov 21, 2015

  Use Example HTTP and DNS Analyzers

• Nov 21, 2015

  Write Your Own Analyzers

• Nov 21, 2015

  Flow Separating, and L2 Mirroring and Bridging

• Nov 21, 2015

  Install SF-TAP Cell Incubator on FreeBSD

• Nov 21, 2015

  Install SF-TAP Flow Abstractor on Ubuntu Linux

• Nov 20, 2015

  Welcome to Jekyll!

subscribe via RSS