The Design and Implementation of Network Traffic Monitoring System Based on Netfilter/Iptables
|School||Beijing University of Posts and Telecommunications|
|Keywords||traffic control Netfllter/Iptables DPI/DFI Regex|
With the widespread using of the TCP/IP network, network security issues are also increasingly subject to attention. Remove hacker attacks and other serious threats to seize a large number of non-critical business network bandwidth, the network is currently facing a huge threat. So it has multi-function security products become the market trend of security solutions, and these products are based on traffic identification. Such as the firewall to block P2P applications, the first to achieve the identification of P2P traffic. So network traffic monitoring system has also become popular in the market based on the identification of network traffic security products, and this paper is based on network traffic monitoring system design and implementation.This paper studies the realization of the basic Netfilter/lptables frame traffic monitoring system, based on the scalability of the Linux Netfilter framework, and specifically how to implement the relevant theoretical knowledge and technical research. This paper presents a solution to solve network security problems for non-enterprise-class users on the basis of the analysis of the current popular firewall technology, and aims to ensure network security as a precondition, while at the same time as much as possible to reduce the various costs. Scalability Netfilter framework for secondary development with high cost and easy to carry out further research to provide experience of the the modular expansion firewall system. Specifically, the primary work of this paper includes the following aspects:1. In this paper, the traffic monitoring system as a starting point, the mainstream network traffic identification technology DFI (depth of flow detection) and DPI (deep packet inspection), and analysis of the implementation of these two technologies, as well as its own advantages and disadvantages.2. The current mainstream traffic control tool system:Linux Netfilter, detailed study of theoretical foundation and related technologies to implement the Netfilter firewall-the Netfilter kernel implementation mechanism as well as the Iptables command.3. Traffic identification control system involves, first put forward to be able to deploy the system in the LAN of the overall system architecture and network solutions. This system can realize the accurate identification of network traffic and targeted traffic based on user-defined policies for effective control, while providing real-time traffic and historical traffic query function.4. Description the realization of the core module of the entire system-the background control module, in which including identification marking module, the policy enforcement module, traffic statistics module, and a log output module. This paper alos describes how packets turn from kernel mode into user mode, and how to identify the network traffic by specific knowledge library. The userland packets can be controlled to achieve the limit or block based on the user-supplied strategies.5. This paper test the system focuses on several currently popular applications, and test results were analyzed. A summary of the topic of the thesis work, at the same time the work of the next prospect.