The Application And Research Of Net Flow Inspection Technology On The Exceptional Flow Analyzing

The Internet safe accidents frequently take place with Internet fast development. All kinds of attack measures constantly appear. The secrecy, integrity and usability of computer network are austerely tested out. Distributed Deny of Service name DDoS is a kind of attack measure making huge harm. DDoS badly threaten network server and make losing for thousands of network user.Technology of net flow inspection has become an important measure to ensure modern network management performance. The technology has effect which can not be replaced at many network fields such as configuration management, failure management, performance management, safe management and expense management. The objective of paper is researching net flow inspection technology for using to inspect and defend exceptional flow which cased by DDoS attack and virus.The application area of net flow inspection is introduced in this paper. The three kinds of flow inspection technologies such as inspection technology based on net flow total mirror, inspection technology based on SNMP and inspection technology based on Netflow are analyzed and compared in this paper. The characteristics and applying area of three kinds of technologies are brought forward by comparing and analyzing.The net flow collection is base of flow analyzing. Two kinds of familiar flow collection method are introduced in the paper. Tow items of work are completed. The famous Berkeley Packet Filter on Unix environments is researched and a data packet capturing model based BPF is put forward. The many technologies such as data sampling frequency, setting of sampling point and affection of data sampling to network are analyzed. The data sampling scheme is designed.The exceptional flow distinguish is basement and precondition of effectively prevented and managed exceptional flow. The measure is one of main work of net flow inspection. Large numbers of research practice about actual popular kind of exceptional flow such as DoS, DDoS and net worm virus is processed with Netflow technology in the paper. The pivotal parameters of collection data package is analyzed which is source address, destination address, source port, destination port, protocol type and byte number. The method of exactly distinguishing exceptional flow is brought forward.The method is brought forward of exceptional flow management method from collection, analyzing and disposal with upwards research in the paper at last.