Design And Implementation Of Measurement Based Real-Time Network Traffic Analysis System On Linux System

With the expanding usage of Internet and increasing bandwidth of network, there are a large number of new network applications, which has dramatically changed the flow structure and flow patterns. Current Internet has many new features, which makes network traffic analysis is faced with severe challenges.At present, the traditional network flow analysis techniques are far from being able to catch up with the pace of application development. With the emergence of new applications, which has camouflage and dynamic characteristics, the traditional network flow analysis technology, especially application layer network flow analysis techniques, become powerless.In this thesis, the application layer network traffic analysis technologies are extensively studied. Meanwhile, combined with network measurement methods, data mining algorithm-based application layer network flow identification technology is studied, based on which a real-time network traffic analysis system (FTAS) is implemented.This thesis firstly studies Libpcap technology, based on which a Libpcap technology-based flow analysis framework is proposed and Libpcap and zero-copy technology based flow analysis and performance management module is implemented. This module is able to capture, decode and analyze the Libpcap datagram, which provides technical support for application layer flow identification. At the same time, the core module of flow capture algorithm mentioned in the thesis is implemented. Extensive experiments have been conducted to evaluate the performance of the algorithm. The results show that the algorithm has low time expense and strong scalability.The research work in this thesis is of vital important for network planning, network diagnosis of abnormal flow, network flow prediction, with which we can have clear understanding of complex flow in the network. Meanwhile, it allows network manager to do the research of performance management, fault management and security management by using the result of flow monitoring and analysis.