Network Traffic Monitoring System Design And Realization

The rapid development of network not only brings about convenience to the enterprise and users, but also poses a severe challenge to network management. Excessive data communication in the LAN, as well as between the LAN and the Internet, leads to network and network devices need endure tremendous pressure in the load, the efficiency, and security. Meanwhile these faults such as network intermittence, slow network speed, and unable to locate the attack source when the network is attacked have been restricting the normal operation of the network. In order to grasp the status of the network traffic behavior, better manage network, we need to carry out effective monitoring and analysis to network traffic in the face of such a complex project like the Internet. Therefore, the study and implementation of traffic surveillance system have both real-life value and research significance.This paper designs and implements network traffic surveillance system based on WinPcap. Firstly, the paper summarizes the measurement theory, comprehensively relates the meaning and the use of network traffic measurement, and the measurement technology, including active measurement, passive measurement and sample measurement. In addition, the paper introduces measurement model, emphasizes the flow-based measurement model used in this paper, and discusses the evaluation criteria of network traffic monitoring system, to lay the foundation for the follow-up system implementation.Secondly, the article comprehensively narrates the key technologies used in the traffic monitoring system, including ARP address resolution, multi-thread technology, timers, and SQL Server database technology. Then deeply analyzes the network packets capture technique—WinPcap, including a description of its structure, and introduces the central part—NPF, including its drive's structure and working principle.Thirdly, the paper designs the overall network traffic monitoring system based on the content described above. The paper introduces the requirement analysis, then according to the overall structure divides the system into four functional modules: network packets capture module, traffic analysis module, traffic statistics module, data storage module. At the same time, the basic functions of each module and the interaction between the various functional modules are expatiated. After that, describes the environment of the system development and operation. In addition, designs and analyzes the system database in detail, including designing of database concept structure and the physical structure, and the designing process of data tables used in the system.Fourthly, we carry out the detailed design and implementation of the network traffic monitoring system. The paper details the real-time monitoring interface, including the establishment of the application based on dialog, the creation of the system required control and the choice of their type, as well as the establishment of corresponding variable, and the initialization process of the control. The paper detailedly designs the packet capture module; analyzes the data structure; elaborates the process of WinPcap packet capture; introduces that ARP obtains the MAC address and the list of active hosts of the LAN in detailed. At the same time, designs and implements the others modules:traffic analysis module, traffic statistics module and data storage module. Various modules cooperate in order to accomplish the goal of the network traffic monitoring system.Finally, the paper testes and analyzes the system after the completion of each function module. And writes a series of specific test cases, through these four aspects, including test function, test cases, test results, and if the function achievement we carry out the testing. Ultimately, this graduation project completes a user-friendly real-time traffic surveillance system, and the system has the advantages of real-time, effectiveness, stability, and reliability. Then briefly discusses and analyzes the whole content and poses the shortages of the system. Meanwhile points out the next researches in our future.