On the Use of Traffic Monitoring and Measurements for Improving Networking Sílvia Farraposo 1 , Philippe Owezarski 2 , Edmundo Monteiro 3 1 Escola Superior de Tecnologia e Gestão de Leiria, Morro do Lena Alto-Vieiro Apartado 4163, 2401-951 Leiria, Portugal silvia@estg.ipleiria.pt 2 LAAS – CNRS 7, Avenue du Colonel Roche 31077 Toulouse Cedex 4, France owe@laas.fr 3 Departamento de Engenharia Informática, Pólo II Pinhal de Marrocos, 3030-290 Coimbra, Portugal edmundo@dei.uc.pt Abstract. Several recent traffic monitoring studies proved that traffic is highly variable (sometimes not stationary), and in any cases exhibiting many disrup- tions in its throughput, that of course are damageable for providing a stable QoS. If some of these disruptions can be legitimate variations of traffic (be- cause a user suddenly generates a big flow or flash crowd), others may be due to DoS attacks. This paper presents the use of monitoring and measurement techniques for improving networking. In particular, it gives examples on how to operate TCP/IP level traffic engineering mechanisms, and how to use monitor- ing as a countermesure for DoS attacks. All contribute to the provision and maintenance of end-to-end QoS in the presence of traffic disruptions, due to user demand (normal or abnormal) or to malicious behaviour. 1 Introduction The Internet is nowadays considered as a multi-services network, and as such should be able to provide guaranteed differentiated services. The solutions that the Internet community has offered in the areas of differentiated and guaranteed services have not met the needs of users or operators (Internet Service Providers (ISP), carri- ers, etc.). Efforts have been stymied by the complexity of the Internet, its myriad sys- tems of interconnections, and by the technological heterogeneity of these systems. They have also run up against poor general knowledge of how to provision networks, based upon traffic characteristics that are largely unknown, and that might deviate significantly from standard suppositions. Given this poor knowledge of Internet traffic, and this is certainly one of the most important contributions of research activities in Internet networking these past years, recent advances in Internet traffic monitoring seems to provide important missing in- formation. But the idea defended in this paper is that monitoring is not just a tool for network administrators to know the average throughput of traffic on their network for