Internet traffic monitoring: Discerning Content and Services in a Tangled Web


Dr. Marco Mellia (Politecnico di Torino)


07 May 2012






A careful perusal of the Internet evolution reveals two major trends - explosion of cloud-based services and video streaming applications. In both of the above cases, the owner (e.g., CNN, YouTube, or Zynga) of the content and the organization serving it (e.g., Akamai, Limelight, or Amazon EC2) are decoupled, thus making it harder to understand the association between the content, owner, and the host where the content resides. This has created a tangled world wide web that is very hard to unwind. In this picture, ISPs and network administrators are losing the control of their network while struggling to find new mechanisms to increase revenues.

In this talk, I'll present some measurement to show the tangle. Then I'll present a system that leverages the information provided by DNS traffic to discern it. Parsing through DNS queries, traffic flows are tagged with the associated domain name. This association reveals a large amount of useful information to automatically discover (i) what services run on a layer-4 port or server, (ii) which content is accessed via TLS encryption, (iii) what content/service does a given CDN or cloud provider handle, and (iv) how a particular CDN or Cloud serves users’ requests. Simply put, the information provided by DNS traffic is one of the key components required to unveil the tangled web, and to restore network and application visibility to the network administrators.


Marco Mellia graduated in Electronic and Telecommunication Engineering from Politecnico di Torino in 2001. Between February and October 1997, he was a Researcher supported by CSELT (Italian Public Telephone Research Company). He was a Visiting PhD Student starting from february 1999 to november 1999 at the Computer Science Department of theCarnegie Mellon University, where he worked with Prof. Hui Zhang and Ion Stoica. From February to March 2002 he visited the Sprint Advanced Technology Laboratories Burlingame, California, working at theIP Monitoring Project (IPMON). During the summer 2011 he visited Narus Inc, Sunnyvale, California, where he worked on traffic classification problems. He has co-authored over 150 papers published in international journals and presented in leading international conferences, all of them in the area of telecommunication networks. He participated in the program committees of several conferences including ACM SIGCOMM, IEEE Infocom, IEEE Globecom and IEEE ICC. His current research interest are in the field of internet traffic monitoring, green network design, and P2P-streaming application design.