A Scalable Architecture for Network Traffic Monitoring and Analysis Using Free Open Source Software

Abstract

The lack of current network dynamics studies that evaluate the effects of new application and protocol deployment or long-term studies that observe the effect of incremental changes on the Internet, and the change in the overall stability of the Internet under various conditions and threats has made network monitoring challenging. A good understanding of the nature and type of network traffic is the key to solving congestion problems. In this paper we describe the architecture and implementation of a scalable network traffic moni-toring and analysis system. The gigabit interface on the monitoring system was configured to capture network traffic and the Multi Router Traffic Grapher (MRTG) and Webalizer produces graphical and detailed traffic analysis. This system is in use at the Obafemi Awolowo University, IleIfe, Nigeria; we describe how this system can be replicated in another environment.

Share and Cite:

O. ABIONA, T. ALADESANMI, C. ONIME, A. OLUWARANTI, A. OLUWATOPE, O. ADEWARA, T. ANJALI and L. KEHINDE, "A Scalable Architecture for Network Traffic Monitoring and Analysis Using Free Open Source Software," International Journal of Communications, Network and System Sciences, Vol. 2 No. 6, 2009, pp. 528-539. doi: 10.4236/ijcns.2009.26058.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] V. Jacobson, C. Leres, and S. McCanne, “Libpcap,” 1994, http://www-nrg.ee.lbl.gov/.
[2] D. Paraas, “On the criteria to be used in decomposing systems modules,” Communications of the ACM, Vol. 14, No. 1, pp. 221–227, 1972.
[3] A. Reid, M. Flatt, L. Stroller, J. Lepreau, and E. Eide, “Knit: Component composition for systems software,” in Proceedings of the 4th Symposium on Operating Systems Design and Implementation, pp. 347–360, October 2000.
[4] N.C. Hutchinson and L. L. Peterson, “The X-Kernel: An architecture for implementing network protocols,” IEEE Transactions on Software Engineering, Vol. 17, No. 1, pp. 64–76, 1991.
[5] E. Kohler, R. Morris, B. Chert, J. Jannotti, and M. Frans Kaashoek, “The click modular router,” ACM Transactions on Computer Systems, Vol. 18, No. 3, pp. 263–197, August 2000.
[6] J. Allen, Cricket homepage, 2000, http://cricket.sourceforge.net.
[7] J. D. Case, M. Fedor, M. L. Schoffstall, and C. Davin, Simple Network Management Protocol (SNMP), May 1990, http://www.faqs.org/rfcs/rfc1157.html.
[8] V. Jacobson, C. Leres, and S. McCanne, “Tcpdump-the protocol packet capture and dumper program,” http:// www. tcp dmp.org.
[9] T. Oetiker, “Monitoring your IT gear: The MRTG story,” IEEE IT Profesionals, Vol. 3, No. 6, pp. 44–48, December 2001.
[10] G. Robert Malan and Farnam Jahanian, “An extensible probe for network protocol performance measurement,” in Proceedings SIGCOMM’98, pp. 215–227, September 1998.
[11] J. Hong, S. Kwon, and J. Kim, “WebTrafMon: Web-based internetintranet network traffic monitoring and analysis system,” Elsevier Computer Communica-tions, Vol. 22, No. 14, pp. 1333–1342, September 1999.
[12] J. J. Chen, D. J. DeWitt, F. Tian, and Y. Wang, “A scalable continuous query system for internet databases,” Proceedings of ACM SIGMOD’00, pp. 379–390, May 2000.
[13] S. Madden, M. Shah, J. M. HeUerstein, and V. Raman, “Continuously adaptive continuous queries over streams,” Proceedings of ACM SIGMOD 2002, pp. 49–60, June 2002.
[14] M. Fisk and G. Varghese, “Agile and scalable analysis of network events,” in Proceedings of 2nd ACM SIGCOMM Workshop on Internet Measurement IMW’02, pp. 285–290, November 2002.
[15] L. Deri and S. Suin, “Effective traffic measurement using ntop,” IEEE Communication Magazine, Vol. 38, No. 5, pp. 138–143, May 2000.
[16] L. Deri, R. Carbone and S. Suin, “Monitoring networks using ntop,” Proceedings of IEEE/IFIP International Symposium on Integrated Network Management, pp. 199–212, May 2001.
[17] L. Deri and S. Suin, “Practical network security experi-ences with ntop,” Computer Networks, Vol. 34, pp. 873–880, 2000.
[18] A. Hussain, G. Bartlett, Y. Pryadkin, J. Heidemann, C. Papadopoulos and J. Bannister, “Experiences with a continous network tracing infrastructure,” in Proceedings of ACMSIGCOMM Workshop on Mining Network Data, pp. 185–190, August 2005.
[19] O. O. Abiona, C. E. Onime, A. I. Oluwaranti, E. R. Adagunodo, L. O. Kehinde, and S. M. Radicella, “Development of a non intrusive network traffic monitoring and analysis system,” African Journal of Science and Technology (AJST) Science and Engineering series, Vol. 7, No. 2, pp. 54–69, December 2006.
[20] G. R. Wright and W. R. Stevens, “TCP/IP illustrated,” 2 Addison-Wesley, Reading, M. A., 1994.
[21] G. P. Java, IPTraf : http://iptraf.seul.org/ 2001.
[22] T. Oetiker and D. Rand, “MRTG: Multi router traffic grapher,” http://tobi.oetiker.ch/ 2008.
[23] B. L. Barrett, Webalizer home page, http://www.mrunix-. net /webalizer/ 2008.
[24] J. Vass, J. Harwell, H. Bharadvaj, and A. Joshi, “The world wide web: Everything you (n)ever wanted to know about its servers,” IEEE Potentials, pp. 33–34, Octo-ber/November 1998.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.