Interactive SNMP Traffic Analysis Through Information Visualization Paulo Teles Barbosa, Lisandro Zambenedetti Granville Institute of Informatics, UFRGS Av. Bento Gonc ¸alves, 9500 - Porto Alegre, RS - Brazil {paulo.barbosa, granville}@inf.ufrgs.br Abstract—The network management area deals with large amounts of data. Some of its protocols and techniques are not completely understood when it comes to usage patterns and most used features. The understanding of such characteristics is a challenging process, due to the massive data amount involved. This process can be supported by information visualization techniques. These consist in visual representations of data that make use of the unique properties of the human visual system to make insights about it in a more intuitive and effective way. In this context, interactivity has proved itself to be one of the main factors involved in providing such intuitiveness and effectiveness, specially in analysis of large datasets. Nevertheless, few interaction possibilities are available in current network management traffic visualization systems. In this paper we present a set of interactive information visualization techniques adapted to visualize SNMP trace files. We used an insight-based evaluation to show how the presented techniques can aid on the insight achievement process. I. I NTRODUCTION The network management area deals with large amounts of data. That occurs because of the increasing network complex- ity associated with network infrastructures, which are usually composed of heterogeneous devices in large scale topologies. Such infrastructures are supported by a range of protocols that are not always 100% understood in terms, for example, of usage patterns. To address this issue, analytical processes may be employed over collected traffic traces. The results may reveal, for ex- ample, unexpected patterns. Nevertheless, understanding these results may be in fact a challenging task itself because of the previously mentioned amount of data involved. To aid on this process, one can use, in addition to analytical processes, information visualization techniques that visually represent the data of interest to enable the use of the unique properties of the human visual system to have insights about the observed networks traffic. One of the main factors that makes information visualization techniques effective is their interaction mechanisms that allow the user to explore datasets in a way that only the desired information is presented. This kind of exploration can provide insights not normally possible from the analysis of datasets as a whole. Some of the usual interaction possibilities are the filtering of the data and operations to modify the view, such as zooming and panning. There are some efforts in the computer networks area investigating the employment of information visualization techniques. Mansmann and Vinnik [1], for example, proposed a treemap-like mapping method for visualizing traffic of IP hosts in order to gain deep insight into network flow behavior. Keim et al. [2], in turn, developed a visualization toolkit that anticipates potential bottlenecks or problems by showing typical network communication activities. In network manage- ment, Pras et al. [3] highlighted data visualization as a key research challenge in the area for the next years. Shoenwaelder et al. [4] presented an approach to capture and analyze Simple Network Management Protocol (SNMP) traffic traces, as well as showing preliminary static visualizations. Salvador et al. [5] presented three visualization techniques for visualizing specific information related to SNMP traffic measurements performed accordingly to a methodology proposed by the Internet Research Task Force (IRTF) [6]. Finally, Dobrev et al. [7] used existing tools to visualize node interaction dynamics, trying to find patterns on the polling cycle of stations and topology changes. Although the mentioned work made use of information visualization techniques, those investigations related to net- work management analysis provided static visualizations so far, with little or no possibilities of richer user interaction, i.e., they do not allow the user to explore and work with datasets. Interaction possibilities, as mentioned before, can lead to insights not possible using static views. Thus, the effort of building interactive visualization techniques is encouraged in the current state-of-the-art. In this paper we present and evaluate a set of interactive visualization techniques adapted for the study of SNMP and its specific features. We take one step further than the existing efforts by showing how interactive visualizations can lead to a better understanding of the protocol, visualizing the results achieved from the use of the methodology proposed by the IRTF [6]. We have implemented three visualization prototypes and integrated them on a visualization environment previously introduced by Salvador et al. [5]. We used an insight-oriented approach to evaluate our visual- izations. This approach identifies processes where people gain insights while using an information visualization technique. The following questions are then addressed: • Do our proposed visualizations provide an accurate overview of network management datasets? • Can the network operator adjust the range of the visual- ization to fit his/her needs? 73 978-1-4244-5367-2/10/$26.00 c 2010 IEEE