Stateful Traffic Replay for Web Application Proxies

Abstract

It is a common practice to test a network device by replaying network traffic onto it and observe its reactions. Many replay tools support TCP/IP stateful traffic replay and hence they can be used to test switches, routers, and gateway devices. However, they often fail if the device under test (DUT) is an application proxy. In this paper, we design and implement the ProxyReplay tool to replay application layer traffic for network proxies. The major purpose of this tool is to evaluate security functionalities of DUTs using payloads constructed from real network traces. ProxyReplay modifies requests and responses and maintains queues for request-response pairs to resolve the issues of protocol dependency, functional dependency, concurrent replay, and error resistance. The solution provides two replay modes, i.e., the preprocess mode and the concurrent mode. Depending on the benchmarking scenario, we show that the preprocess mode is better for benchmarking the performance capability of a DUT. In contrast, the concurrent mode is used when the replayed trace file is extremely large. Our experiments show that 99% of identified connections can be replayed accurately. In addition, the replay performance exceeds 320 Mbps by running the benchmark with an off-the-shelf personal computer in the preprocess mode.

Citation

Chun-Ying Huang, Ying-Dar Lin, Peng-Yu Liao, and Yuan-Cheng Lai, "Stateful Traffic Replay for Web Application Proxies," Wiley Security and Communication Networks, to appear.

Bibtex

@ARTICLE{huang14:replay, author = {Chun-Ying Huang and Ying-Dar Lin and Peng-Yu Liao and Yuan-Cheng Lai}, title = {Stateful Traffic Replay for Web Application Proxies}, journal = {Wiley Security and Communication Networks}, year = {2014} }

Download