Research And Implementation Of Traffic Monitoring System Based On NetFlow Technology

With the rapidly development of network applications, while the enterprise enjoying the high speed, great efficiency which brought by Internet, the abuse of network resources is becoming more and more prominent. Therefore, to acquire the distribution of network flows and to deal with the abnormal flows becomes extremely important. Based on the above background, this thesis designs and implements a traffic monitoring system based on NetFlow technology which manages and controls all the flows in LAN.Firstly, this thesis studies the traffic-collecting technology. It gives a brief introduction to the basic principles of the SNMP, RMON technology, and analyzes the advantages and disadvantages of these technologies. On this basis, a traffic-collecting technology based on NetFlow is proposed, which not only obtains the information needed for analyzing, but also satisfies the requirement for the coarse-grained protocol analysis and traffic flow identification. The system classifies the traffic flows which collected by the NetFlow technology. It combines the fixed-port identification technology and deep packet inspection technology to identify the common application protocols, such as FTP, qq, fetion, BT download, etc.Next, this thesis has studied and analysed the difficulty and technology of abnormal flows control, and proposed an automatic linked control scheme based on Linux firewall. The system detects the common abnormal flows and controls them with the linkage mode. At the same time, the system provides fine-grained analysis for the unknow abnormal flows. For the convenience of administrator, a remote management module is implemented to set the linkage strategy, and the strategy will be sent to the firewall and carried out when the abnormal network behavior comes.Finally, we take a performance and function test in the real network environment, and the results show that the system has effectively analyzed and got the distribution of the traffic flow in LAN, it not only contains the distribution of all the host flows, but also contains variety of application flows. Meanwhile the system provides fine-grained analysis of the abnormal flows. It has achieved the perspective and controlling of the LAN flows.