| As the network becomes an infrastructure in today's economic life,the scale and complexity of the network increase, for the knowledge of the network running status, such as detecting the anomaly traffic of the network, an efficient way of traffic measurement method is needed, this method should provide traffic information of various granularities, NetFlow - the proposed technique by Cisco,is a solution that can satisfy the above requirements, ant it is an efficient way to monitor the network,and measure the network traffic.In this paper, I will focus on how to implement a network traffic measurement system based on NetFlow.The key difference between NetFlow and the former traffic measurement mehtods is that NetFlow uses the concept of flow, all the traffic measurements are base on the flow. Based on the traffic information provided by NetFlow, it is possible to, in short term, monitor the network, ie, detect anomaly traffic in real-time, help the administrator find the attack or worm spreading in the network, also in long term, make statistics of the network usage, then do the network planning and user accounting.The whole system is divided into three parts, the collector, the scanner and the parser, for the reliability and flexibility purpose. The real-time anomaly traffic detection is completed in the collector, Flow Capture, the aggregation of the raw NetFlow data is completed in the sanner, Flow Scan , and the representation and analysis of the NetFlow data is completed in the parser, Flow Report. |
PDF Full Text Request