Based On Protocol Analysis, Network Monitoring System Design And Implementation

With the development and promotion of the enterprise information construction, more and more economic activities have been involved into the application of Internet. Network brings convenience, but also makes the enterprise faces huge economic losses and the legal risks. Therefore, the monitoring of network behavior is a necessity, especially for an enterprise. The purpose of the thesis is to design a set of network behavior monitoring system for a company,which is not only can real-time monitoring, but also effective management network behavior of internal employees.In the recent years, the market of the monitoring system develops quickly. Many domestic companies have developed their own monitoring products. But those products have low security and may bring a wrong detection sometimes. So there is a great gap between domestic and foreign products. Though the commercial software has so many functions, they also have many limitations. Therefore, the research and implement of a high-level network behavior monitoring system is necessarily required.The network monitoring system will be mentioned in this thesis, developed on the analysis of the related products and papers. The function of the network monitoring system includes: user identity authentication, user identity binding, the formulation of the control strategy, IP/MAC binding. It also can monitor the web, record the content of the e_mail and the chat content of MSN, and monitor the network flow, etc. In the process of the development, the chemical enterprise application and the management features must be considered and seamless integration with the existing enterprise information system, too. This system has been developed on Linux platform (RedHat Enterprise 4.0). The Web part has been designed using PHP+Apache+MySQL. The background application uses iptables/netfilter technology which is a build-in mechanism of Linux system, to capture the network layer data packets. At last, these captured data packets will be analysis by a program which is based on TCP/IP.