Design And Realization Of A High-speed Network Monitoring System

High-speed network monitoring is a basic measure to guarantee the network security. A more detailed analysis and monitoring in the key location of the network can reduce or even eliminate the network content security issues posed by the technology of the network.So, this thesis presents a high-speed network monitoring system solutions, and implements it. The system achieves the monitoring of the network's content without affecting the mainstream business of ultra-high-speed backbone network. In accordance with data flow separation process, the paper summarizes the system structure of the high-speed network monitoring system. The data flow capture is realized with the specified flow classification equipment. From the functional perspective, its follow-up treatment can be divided to three parts: feature information monitoring, central control and management, and application's monitoring and management.Feature information monitoring subsystems carry out the function of the monitoring various protocol data with three modules: the data packet classification and reorganization module, the application protocol parsing module and the feature information matching module. In the application protocol parsing module, considering the network protocol's variety, we adopt the style of plug-in to customize, providing a unified interface to the external, enabling it to be loaded to the system seamlessly, intensifying the system interoperability and expansion. In the feature information matching, this paper introduces a real-time monitoring model based on the finite-automatic machine multi-mode matching algorithm. The algorithm can directly compare the IP packet's content with the feature, and it solves the miscarriage of justice to the feature information.Central control subsystem is the control hinge of the whole system, realizing the unified management of matching rules, data, alarm check, process and memory, playing a important role in the improving of the stability of the system. As the only platform which interacts with the network manager, the application monitoring management subsystem adopts the design of three layers: the client layer, the middle layer and the data storage layer, separating the content displaying and the business logic, strengthen the robustness of the system. Compared to the other C/S structure, the network manager need not learn and know the client software. The manager can use the web explore in any client of the network to access the monitoring and management subsystem, in order to configure and manage the whole monitoring system.