Network Mapping
Encyclopedia
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. Network mapping often attempts to determine the servers and operating systems run on networks. It is not to be confused with the remote discovery of which characteristics a computer may possess (operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, open ports
Computer port (software)
In computer programming, port has a wide range of meanings.A software port is a virtual/logical data connection that can be used by programs to exchange data directly, instead of going through a file or other temporary storage location...
, listening network service
Network service
Network services are the foundation of a networked computing environment. Generally network services are installed on one or more servers to provide shared resources to client computers.- Network services in LAN :...
s, etc.), an activity which is called network enumerating
Network enumerating
Network enumerating is a computing activity in which user names, and info on groups, shares and services of networked computers are retrieved. It should not be confused with Network mapping which only retrieves information about which servers are connected to a specific network and what operating...
and is more akin to penetration testing.
Large-scale mapping project
Images of some of the first attempts at a large scale map of the internet were produced by the Internet Mapping ProjectInternet Mapping Project
The Internet Mapping Projectwas started by Bill Cheswick and Hal Burch at Bell Labs in 1997. It has collected and preserved traceroute-style paths to some hundreds of thousands of networks almost daily since 1998, and continues today...
and appeared in Wired magazine. The maps produced by this project were based on the layer 3
Network Layer
The network layer is layer 3 of the seven-layer OSI model of computer networking.The network layer is responsible for packet forwarding including routing through intermediate routers, whereas the data link layer is responsible for media access control, flow control and error checking.The network...
or IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
level connectivity of the Internet (see OSI model
OSI model
The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar...
), but there are different aspects of internet structure that have also been mapped.
More recent efforts to map the internet have been improved by more sophisticated methods, allowing them to make faster and more sensible maps. An example of such an effort is the OPTE project
Opte Project
The Opte Project is a project started by Barrett Lyon that seeks to make an accurate representation of the extent of the Internet using visual graphics.Opte originated from the Latin word Opti, meaning Optical...
, which is attempting to develop a system capable of mapping the internet in a single day.
The "Map of the Internet Project" http://mapoftheinternet.com maps over 4 billion internet locations as cubes in 3D cyberspace
Cyberspace
Cyberspace is the electronic medium of computer networks, in which online communication takes place.The term "cyberspace" was first used by the cyberpunk science fiction author William Gibson, though the concept was described somewhat earlier, for example in the Vernor Vinge short story "True...
. Users can add URL
Uniform Resource Locator
In computing, a uniform resource locator or universal resource locator is a specific character string that constitutes a reference to an Internet resource....
s as cubes and re-arrange objects on the map.
In early 2011 Canadian based ISP PEER 1 Hosting
PEER 1
Peer 1 Hosting provides Internet hosting services that include managed hosting, dedicated servers, colocation, and cloud computing. The company is headquartered in Vancouver, BC, Canada and the stock is traded on the TSX under the symbol PIX...
created their own Map of the Internet that depicts a graph of 19,869 autonomous system
Autonomous system
Autonomous system may refer to:* Autonomous system , a collection of IP networks and routers under the control of one entity* Autonomous system , a system of ordinary differential equations which does not depend on the independent variable* Autonomous robot, robots which can perform desired tasks...
nodes connected by 44,344 connections. The sizing and layout of the autonomous systems was calculated based on their eigenvector centrality, which is a measure of how central to the network each autonomous system is.
Graph theory
Graph theory
In mathematics and computer science, graph theory is the study of graphs, mathematical structures used to model pairwise relations between objects from a certain collection. A "graph" in this context refers to a collection of vertices or 'nodes' and a collection of edges that connect pairs of...
can be used to better understand maps of the internet and to help choose between the many ways to visualize
Information visualization
Information visualization is the interdisciplinary study of "the visual representation of large-scale collections of non-numerical information, such as files and lines of code in software systems, library and bibliographic databases, networks of relations on the internet, and so forth".- Overview...
internet maps. Some projects have attempted to incorporate geographical data into their internet maps (for example, to draw locations of routers and node
Node (networking)
In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
s on a map of the world), but others are only concerned with representing the more abstract structures of the internet, such as the allocation, structure, and purpose of IP space
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
.
Enterprise network mapping
Many organizations create network maps of their network system. These maps can be made manually using simple tools such as Microsoft Visio, or the mapping process can be simplified by using tools that integrate auto network discovery with Network mapping. Many of the vendors from the Notable network Mappers list enable you to customize the maps and include your own labels, add un-discoverable items and background images. Sophisticated mapping is used to help visualize the network and understand relationships between end devices and the transport layers that provide service. Items such as bottlenecks and root cause analysis can be easier to spot using these tools.There are three main techniques used for network mapping: SNMP
Simple Network Management Protocol
Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is used mostly in network management systems to monitor...
based approaches, Active Probing and Route analytics
Route analytics
Route analytics is an emerging network monitoring technology specifically developed to analyze the routing protocols and structures in meshed IP Networks...
.
The SNMP based approach retrieves data from Router and Switch MIBs in order to build the network map. The Active Probing approach relies on a series of traceroute-like probe packets in order to build the network map. The Route analytics
Route analytics
Route analytics is an emerging network monitoring technology specifically developed to analyze the routing protocols and structures in meshed IP Networks...
approach relies on information from the routing protocols to build the network map. Each of the three approaches have advantages and disadvantages in the methods that they use.
Internet mapping techniques
There are two prominent techniques used today to create Internet maps. The first works on the data plane of the InternetInternet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
and is called active probing. It is used to infer Internet topology
Internet Topology
Internet topology deals with finding the topological structure of the Internet. It is daunting to map the entire hierarchy due to the rate at which the network is growing. The effort to map the Internet is usually incomplete and out of date the moment it appears...
based on router adjacencies. The second works on the control plane and infers autonomous system
Autonomous system (Internet)
Within the Internet, an Autonomous System is a collection of connected Internet Protocol routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet....
connectivity based on BGP data.
Active probing
This technique relies on tracerouteTraceroute
traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
-like probing on the IP address space. These probes report back IP forwarding paths to the destination address. By combining these paths one can infer router level topology for a given POP
Post Office Protocol
In computing, the Post Office Protocol is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. POP and IMAP are the two most prevalent Internet standard protocols for e-mail retrieval. Virtually all modern...
. Active probing is advantageous in that the paths returned by probes constitute the actual forwarding path that data takes through networks. It is also more likely to find peering
Peering
In computer networking, peering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the customers of each network. The pure definition of peering is settlement-free or "sender keeps all," meaning that neither party pays the...
links between ISP's. However, active probing requires massive amounts of probes to map the entire Internet. It is more likely to infer false topologies due to load balancing routers and routers with multiple IP address aliases. Decreased global support for enhanced probing mechanisms such as source-route probing, ICMP
Internet Control Message Protocol
The Internet Control Message Protocol is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be...
Echo Broadcasting, and IP Address Resolution techniques leaves this type of probing in the realm of network diagnosis.
AS PATH inference
This technique relies on various BGP collectors who collect routing updates and tables and provide this information publicly. Each BGP entry contains a Path Vector attribute called the AS Path. This path represents an autonomous systemAutonomous system (Internet)
Within the Internet, an Autonomous System is a collection of connected Internet Protocol routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet....
forwarding path from a given origin for a given set of prefixes. These paths can be used to infer AS-level connectivity and in turn be used to build AS topology graphs. However, these paths do not necessarily reflect how data is actually forwarded and adjacencies between AS nodes only represent a policy relationship between them. A single AS link can in reality be several router links. It is also much harder to infer peerings between two AS nodes as these peering relationships are only propagated to an ISP's customer networks. Nevertheless, support for this type of mapping is increasing as more and more ISP's offer to peer with public route collectors such as Route-Views and RIPE
RIPE
Réseaux IP Européens is a forum open to all parties with an interest in the technical development of the Internet. The RIPE community’s objective is to ensure that the administrative and technical coordination necessary to maintain and develop the Internet continues...
. New toolsets are emerging such as Cyclops
Cyclops
A cyclops , in Greek mythology and later Roman mythology, was a member of a primordial race of giants, each with a single eye in the middle of his forehead...
and NetViews that take advantage of a new experimental BGP collector BGPMon. NetViews can not only build topology maps in seconds but visualize topology changes moments after occurring at the actual router. Hence, routing dynamics can be visualized in real time.
Notable network mappers
Notable network mapping software includes:- HP OpenView
- Lumeta
- NetCrunchNetCrunchAdRem NetCrunch is a commercial software solution for agentless, cross-platform network monitoring developed by AdRem Software, Inc.The program monitors 65 network services, Windows applications; Windows, Linux, NetWare, BSD, Mac OS X systems and SNMP devices without agents; centralizes fault...
- NmapNmapNmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
- PacketTrapPacketTrapPacketTrap provides network management and traffic analysis software for midsize companies. PacketTrap has offices in Silicon Valley and Calcutta, India.- History :...
- Scrutinizer
- SolarWindsSolarWindsSolarWinds is a developer and marketer of network, applications, virtualization and storage management software.The company sells downloadable software products that maintain, monitor and troubleshoot IT networks...
- SpiceworksSpiceworksSpiceworks is a software development company headquartered in Austin, Texas. It was formed in early 2006 by Scott Abel, Jay Hallberg, Greg Kattawar, and Francis Sullivan to provide a Facebook-like community integrated with a free ad-supported IT systems management, inventory, and help desk...
External links
- Map of the Internet by PEER 1 Hosting
- Cheleby Internet Topology Mapping System
- Cooperative Association for Internet Data Analysis
- NetViews: Multi-level Realtime Internet Mapping
- Cyclops: An AS level Observatory
- DIMES Research Project
- Internet Mapping Research Project
- The Opte Project
- Mapping Internet - Canada