Network Traffic Analysis System

In recent years, due to the vigorous development of the Internet, people use it more and more frequently and extensively. It is a convenient, time-saving way for people to deal with many problems in daily life over the network. It can be said that network facilitates our life and provides a lot of help. However, just like other things, the network will also have certain problems due to the absence of regular maintenance and become our obstacle. Therefore, it is of vital importance to monitor network traffic on the part of the network's development.The monitor is reflected in the following areas:1. Network maintenance and anomaly monitoring. Long-term monitoring and analyzing of network traffic can create benchmarks of network traffic, find traffic anomaly, and carry out a real-time warning. For example, if the daily traffic flow in the link is monitored out to be anomalous, it can be analyzed whether the anomaly is caused by the attacks of shock wave, and the ports generating abnormal flow should be closed.2. Network traffic forecasting and planning. With the long-term real traffic data collected from the actual network, the network traffic model can be constructed to predict the network traffic and business growth with network capacity planning and design to reduce bottlenecks in the network. Flow measurement and routing information is the key to high-capacity planning. For example, network bottleneck link can be learned through test, and the bottleneck link can be eliminated by upgrading or re-routing, so as to avoid network congestion. Effective capacity planning requires precise traffic growth forecast in addition to flow measurement. The inaccurate flow prediction will lead to the network oscillation among waste of network capacity and lack of capacity, thereby affecting the performance prediction. The flow forecast process based on historical statistical data is the major method to forecast the flow changes because the flow indicators of granularity at different times are the foundation of different traffic flow projections.3. Business and agreement deploying. The monitored traffic distribution is utilized to configure the routing protocols of route, formulate load balancing strategy, implement the traffic engineering and deploy business and agreement. The goal is to optimize resources and increase the utilization rate of application performance through transfer business. The network traffic transmitted over the network and routing strategies are closely related, such as that ISP is using link state protocol (such as the IS-IS, OSPF) as routing protocols in domain, and the link load is a main frame of reference of setting link weight of the IS-IS. Equally, the flow measurement can also display the effect of the changing of link weight on the network traffic.This system is developed to address the issues mentioned above with the use of Visual C++ developing tools. Monitoring and analyzing the network traffic can be realized through analyzing the statistics of the network traffic packet. This system can also identify the bottlenecks in network to help network manager with network planning, network optimization, network monitoring, and traffic trend analysis.CAIDA (The Cooperativphde Association for Internet Data Analysis, the world's Internet Research Center), as an international co-operation agencies, is focusing on researching the structure and data of Internet on a global scale. At present, there are nearly 30 researching institutes, military institutions, and institutions of higher learning participating in the cooperation of CAIDA projects all over North America, Europe and most of the countries in Asia. So far, CAIDA only has 30 test crunodes in the whole world. There are only 4 in Asia consisting of 2 in Japan, 1 (outage) in South Korea, and 1 in China which is (located in Northeastern University). CAIDA divides the tools related to network-related test and measurement into 6 categories: topological structure, traffic, performance, routing, multicast, surveying infrastructure. The flow measurements can be divided into hardware-based data packet analysis tool, and software-based data packet analysis tool based on the different ways of achievement.Traffic monitoring / analysis systems and SNMP network management system. Agilent Internet Advisor, Navtel inter WATCH are such flow indicators of agreement among all levels by the agreement analysis through the wire-speed of hardware system based on the hardware-based data packet analysis tools. Ethereal, Sniffer, etc. are commonly used software-based data packet analysis tools, and these tools can be installed on the PC machines to carry out agreement and traffic analysis.LAN network traffic analysis system can collect information conveniently and rapidly for network management staff and to help solve practical problems. The system uses Winpcap technology to capture data packet running through the local area network, getting information and analyzing based on network control. Finally, it will store the captured data and visually display the work of network with use of GUI (Graphical User Interface). Through this interface, the network administrators can quickly gather information to provide a basis for reasonable resource distribution.In the future, we will continue to complete more comprehensive functions, such as to store the data packets in the database in different classifications, add query function, and strengthen the integrity of the entire system in order to provide more information for network management personnel.