Linux-based Campus Network Traffic Monitoring System Design And Realization

With the rapid development of Internet technology, the network has become an integral part in our daily life. Campus network plays a role as a way of information exchange in education, teaching and researching, and its effects are increasingly becoming important. With the expansion of network, P2P (peer to peer) applying takes up a lot of bandwidth resources, and leads to network congestion. There are also some phenomenons such as bad information, DDOS attacks and Virus spreading which have seriously affected the physical and emotional health of both students and teachers. Nowadays, how to solve these problems effectively has become a warm topic discussed by all fields of society. This article will talk about key technologies of network traffic monitoring, especially focused on studying P2P, detection of bad information and controlling technology based on which a new system of campus network traffic monitoring of design and implemention on linux OS (CNTMoDI) will be achieved. This system will use Fedora 8.0 as the operating system, mainly composed by three major modules, namely identification, classification as well as matching and refusal of the abnormal traffic flow. Each module will be affected by several sub-modules.The preface of this paper will mainly analyze the background and significance of the traffic monitoring technology against campus network, the current researching situation home and abroad, the common traffic monitoring technology, etc. As far as the researches of the key technology are concerned, the paper will mainly study the DPI &DFI technology. In addition, this paper will especially deal with the P2P traffic detection and controlling technology by which we will have a solution to develop the CNTMoDI system. In the part of overall system design, the CNTMoDI system will be divided into three functional modules: identification of the abnormal traffic flow, classification of the abnormal traffic flow, and matching and refusal of the abnormal traffic flow. Meanwhile, this part will separately introduce the composition and implementation of each functional module. In order to realize the detection and identification of the abnormal traffic flow, the CNTMoDI system will be further divided into the following seven submodules in the part of detailed design: packet sampling module, flow intensity focused module, the abnormal pattern aggregation module, P2P module, the destination address recognition module, rule execution information and feedback modules and output modules. Later, the realization of these submodules will also be discussed in detail in the paper. At the same time, the article will tell us something about the software framework of Netfilter, the installation environment of the software, hardware as well as the process of system installation and distribution under the environment of Linux.The CNTMoDI system is deployed between the exit router and external network and has the functions of flow controlling and anti-attack. And finally, according the previous scheme, we do the test on P2P traffic flow monitoring and anti-attack of TCP, UDP and ICMP in the campus network and get the results.