Design And Implementation Of Protocol Identification Based On N-Code Frame

In recent years, with the popularity and rapid development of the network, the Internet is already an essential part of the people's daily life and work. For network management, the most important thing that we can identify accurately network protocol and prioritize network traffic. Protocol identification can control the network traffic, network billing, content filtering and traffic management.DPI (Deep Packet Inspection) technology is a protocol identification technology which emerged in the recent years. DPI technology analysis the application layer based on analysis the protocol packet header, which is based on the application layer traffic inspection and control technology.When the TCP or UDP data streams, IP packets through the network, DPI engine can read the content of IP packet payload, reorganize for the information of the application layer and identify the application layer protocol. Protocol identification methods have advantages, but there are also drawbacks.Because traditional identification methods use port identification for improve protocol identification efficient. But now a large number of application layer protocol avoid identification, do not use a fixed port for communication, so the port identification method has been powerless. With the complicated network environment, P2P technology provides us with a fast and high efficient file sharing. There are low cost and have a high-availability computing resources, so many users use P2P to download files and online watch television entertainment programs, which make network bandwidth insufficient seriously, and which affect the normal application of the other networks. P2P applications use dynamic ports and application-layer data encryption to avoid traffic detection. Thus identification of P2P traffic is a new challenge, we can use advanced technology and efficient algorithms to identify the network application protocol. The paper design and implement the protocol identification system.The main contents of this study are as follows:first of all, the system introduced the protocol cluster, the technology of protocol identification and the pattern-matching algorithm. Secondly, the system analyzed both the functional or non-functional requirements and the designed system goals of protocol identification system. Then, based on the various demands of the system, designed the functional modules, identifying process, the construction of plug-in, upgrading system and make them into implementation. The system must capture the network date packets, and use the protocol tree to analyze the protocol step by step, Compile the rules of the agreement's characteristics by the powerful scripting language called N-Code provided by the NFR. The rule includes the source address, source port, destination address, destination port, and the number of protocol. Recognize the matching rate between flux passing the network card and rules of signature by pattern-matching algorithm in the identifying process. It implements protocol identification, and protocol identification improves the identification rate, reducing errors and leaks. Finally, test the function, and analyze and evaluate the system according to test results.