The networking community routinely uses traffic libraries such as tcplib [1], network traces such as those found at the Internet Traffic Archive [2] or the Internet Traffic Data Repository [3], or mathematical models of network behavior such as those discussed in [4] to test the performance of network-protocol enhancements and other network designs.
However, such libraries, traces, and models are based on measurements made either by host-based tools such as tcpdump [5] and CoralReef [6] or by global network-mapping tools such as NLANR's Network Analysis Infrastructure [7]. These tools are only capable of capturing traffic an application sends on the network after the traffic has passed through the operating system's protocol stack (e.g., TCP/IP). Feng et al. [8] suggest that application traffic experiences significant modulation by the protocol stack before it is placed on the network. This implies that current tools can only capture traffic which has already been modulated by the protocol stack; the pre-modulation traffic patterns are unknown.
In order to determine pre-modulation application traffic patterns, as well as determine the modulation experienced by traffic as it progresses through the protocol stack, we offer the Monitor for Application-Generated Network Traffic (MAGNeT). MAGNeT captures traffic (1) generated by applications, (2) passing through each layer (e.g., TCP to IP) of the Linux protocol stack, and (3) entering and leaving the network. Thus, MAGNeT differs from existing tools in that it monitors traffic not only as it enters and leaves the network, but also at the application level and throughout the entire protocol stack. We are aware of two tools which attempt similar measurements: TCP kernel monitor from Pittsburgh Supercomputing Center (PSC) [9] and tcpmon from ETH Zurich [10].
MAGNeT differs from the TCP kernel monitor in several ways. First, MAGNeT can be used anywhere in the protocol stack and with any protocol (with very minor alterations to the protocol's code); PSC's kernel monitor is a TCP-specific solution. Second, MAGNeT monitors a superset of the data that the TCP kernel monitor does and operates under Linux 2.4.x, whereas the TCP kernel monitor only works in NetBSD.
Bolliger and Gross describe a method of extracting network bandwidth information per TCP connection under BSD in [10]. While their monitor (tcpmon) appears to have a similar architecture to MAGNeT, it only records the specific information needed to compute estimated bandwidth for TCP connections because it was written primarily to advance their research in other related areas. In fact, Bolliger and Gross use results obtained from their tool to argue that network application performance could be improved with the establishment of a tool such as MAGNeT.