Design And Implementation Of Network Monitor System Based On The Gateway

The researchful aim of this dissertation is design and implementation of network monitor system based on the Linux gateway. Therefore, in this dissertation, one general monitor gateway is first designed, which is based on the kernel interface of Linux firewall. The gateway seals rock-bottom transfer and makes processing optimized. The program developer may directly capture and control data package in kernel through the general monitor gateway, but does not have to use rock-bottom transfer to code to capture and control data package. Therefore, this general monitor gateway has the very important application value in package filtering firewall, visit control and audit based on users as well as intrusion detection.In this dissertation, one small network monitor system is taken as an example. It is analyzed and studied that the design thought and realization method of network monitor system based on above general monitor gateway of Linux. The network monitor system uses general monitor gateway to capture and analyze data on kernel level of operation system. Simultaneously, the gateway controls the rejection or retransmits of IP packages, and transmits the data package captured to the interface module of application level through /proc file. In the interface module of application level, intrusion detection analysis about this IP package is carried out. If the intrusion behavior occurs, then the firewall will refuse to retransmit the data package that has the same IP address at once. Subsequently, the data package is stored to database, and waits for further inquiry and analysis from network administrator. At the same time, the user may transmit configure data to Linux kernel interface through /proc file. This system provides the Web service for network administrator, and causes network administrator to use the network monitor system by the browser, the service includes inquiring network data information, setting configure data as well as setting intrusion rule and so on.In the basic theory parts, the basic principle for TCP/IP is introduced. Subsequently, it is introduced detailedly that programming technology of Linux kernel and the framework system structure of Netfilter firewall that is used since Linux kernel 2.4.After that, it is explained with emphasis that design and implementation of general monitor gateway based on the kernel interface of Linux firewall, and actual application of general monitor gateway in interrelated domain is introduced. Finally, it is discussed that how to implement the network monitor system based on general monitor gateway.