Used "Traffic Snapshot"to gain the traffic distribution by network Applications on the network area whose performance had been immensely decreased. The results showed that ICMP traffic was in the first place consuming around 70% of the total traffic. The ranking order was an obvious anomaly that ICMP traffic surmounted the traffic volume of WWW (HTTP/HTTPS) and video conferencing.

After identifying the anomalous ICMP traffic, the network O&M staff tried to locate the hosts involved in the incident via ?Traffic Snapshot?to find the top talkers (IP addresses) of the ICMP traffic. The results identified 2 heavy speakers in the concerned network area: host 10.169.28.81 transmitted around 8M traffic (constituted 94% of the ICMP traffic) to a single destination, host 10.169.28.95, and this host 10.169.28.95 was exactly the other heavy speaker of the ICMP traffic (constituted 5% of it.) According to the information, it could be inferred that the host 10.169.28.81 was the initiator of this incident and 10.169.28.95 was the victim of the attack, while after being infected, it had also started to inject attacking traffic.

Flow Analysis was performed to identify up to Top-128 heavy network resource consumers, the remote-end they are connecting to, and the applications they are using. The Top-N function provides also historical analyses enabling cross examination backwards with traffic monitor reports. The network managers hence no more regard historical event back tracing as a painful task.

Beneficial Results:

• Make 24x7hrs, Global-scale Traffic Visibility Possible:
  prior to the deployment of GenieATM, the CNC network management team had difficulties to gain the traffic visibility of their scaled networks. Now with the capability of long-term traffic monitoring focusing on any critical network spots, the network management staff can have the holistic view of its international transit points, domestic peering points, important customers and critical services.
• Effective DoS/DDoS/Worm/Anomaly Traffic Detection:
  take the outbreak of MS SQL Slammer attack on January 25th 2003 for example, with the help of GenieATM, CNCnet O&M engineers identified the anomalous traffic in the very early stage, and with details such as the source/destination IP addresses and the protocol/port information, the engineers responded and contained the problem quickly. While other service provides were still struggling for recovering from the attack impacts in the following weeks, CNCnet had totally resolved the problem and provided its subscribers with superior network performance.
• Optimal Network Planning & Peering Decisions:
  instead of the guesswork, now the CNC network managers can optimize its network planning with practical traffic information such as the trending traffic statistics and drill-down Top-N analyses. Also the BGP-based analysis information helps to optimize the traffic routing policies and the essential materials to achieve the most cost-effective Peering/Transit relationships.
• Painless Deployment & Easy Management:
  the appliance solution, transparent architecture contributes to an effortless, non-interrupting deployment experience of GenieATM. GenieATM’s layered-administration design lets the CNC network management team easily delegate different management tasks to different members of the crew with different scopes of responsibilities. The remote access with friendly Web-based GUI and the support of Simplified Chinese language provides CNC network managers the superior manageability.