| Along with the fast development of INTERNET, computer network crime has threatened the safety of country and government. How to monitoring the network information flow under the condition that does not be concerned with personal conceal for security, is one of key research of countries and government in current. Presented in this paper is the comprehensive and detail information about a real-time and efficient high speed network analysis and supervisory system. The main idea is to divide the system into two parts: the network flux monitoring and network flow analysis. This paper introduce and compare SNMP agreement and Cisco NetFlow technology on the network flux monitoring technology , and have realized the analysis and handling the data flow of wide area network using NetFlow technology. On the network flow analysis and processing technology, this paper divide this module into two parts again: First, it summarized the data capture technical and cluster technology. It also discussed the filter technology under the network bottom in detail. Other for raising systematic efficiency, filtering the application data of captured which user solicitude, this paper introduced and analyses the network data filter mechanism based on BPF model especially. According to the characteristic of high speed network, it also have realized the distribution of data handling with a Linux Cluster - LVS; In final, the paper analysis the 3 layer of network data restore: IP layer, TCP layer and application layer. Especially it made detailed analysis for application protocol restore. It also realized the data restore of simple high layer protocol. Compared with products of domestic, this system has the advantage of capabilities ofdata-processing and scalability. |
PDF Full Text Request