Embed Size (px)
DESCRIPTION
Citation preview
NETWORK MONITORING SYSTEM
Literature Survey A. Basic terminology
Network monitoring tool
Network monitoring tool is the networking tool that is used to examine usage of local area network and provide a statistical data of uploads and downloads in a network. Monitoring tool is usually used to monitor I/P traffic between the LAN and the internet. It is a network diagnostic system that is used to monitor local area network and provide a statistical display of the same. The data can be further used to improve the network efficiency. Other problems such as locating the down server, receiving incorrect work request etc can also be removed.
Simple network management protocol
Simple network management protocol (SNMP) is based on agent/manager model. The model consists of an agent, a manager, a database containing information about the management and the network protocols.
In SNMP the administrative computer which is more commonly called as manager has the task of monitoring and managing a group of systems in a network. The systems that are managed by the manager have a continuous program running known as agent, which reports the information to the manager via SNMP.
Devices such as Routers, printers, servers etc use SNMP.
WinPcap
It is a freeware which is used for direct network access under windows. WinPcap provides architecture for network analyses and packet capturing for win32 platform.
WinPcap can facilitate:
Raw packet capturing
Filtering the packets according to the set of rules defined by the user.
To gather statistical data related to network traffic.
Why do we need it??
Network Traffic Monitoring (NTM) is a network analytic tool that observes local area network usage and provides a statistical display of uploads and downloads in a network. The network display monitor displays following information:
• Source address of the system that sends frame to the network.
• The protocol that was used to send the frame.
• Destination address of the system where the frame will be received.
• Data of the message that is sent.
Capturing is the process by which a network monitor collects the information. All the information is stored by default in capture buffer. Also, one can apply restrictions on the information to be captured by the system and the data to be displayed on the monitor.
The network monitoring tool is essential to keep the track of the packets that are entering and leaving the system. NMT can provide an statistical data of the network traffic and thus improvements can be made on the system.
C. Current research and progress
Microsoft is currently empowering a project to build a network monitoring tool to achieve “State of art”. By introducing this system one can improve network efficiency and monitor the same more efficiently.
Moreover researches are adopting various techniques, such as use of an Active measurement system in which a probe traffic is injected into the network and then monitor the performance of the system from the performance of the injected packets.
PROBLEM DEFINITION
PREVIOUS NETWORK MONITORING TOOLS
ARE NOT USER FRIENDLY.
THE SECURITY WAS NOT THE PRIMARY
OBJECTIVE.
RESTORAL CAPABILITIES WERE NOT
A BIG ISSUE.
TRAFFIC REROUTING WAS NOT A
PROMINENT FEATURE IN THEIR
INVENTORY.
PLATFORM DEPLOYED-VISUAL C++
WHY VISUAL C++ ??? MICROSOFT FOUNDATION CLASS LIBRARIES.
AUTOMATIC GENERATION OF INTERFACE.
OBJECT ORIENTED APPROACH.
INCORPORATES SEVERAL NEW PROTOCOLS.
SYSTEM ARCHITECTURE
Network
Management serverManagement
applicationMIB
Management serverManagement
applicationMIB
Network
Elementmanager
Elementmanager
Network resources ( servers, routers, hosts ) with management agents
Management clients ( PCs, workstations )
SYSTEM DESIGN: What is it??
System design describes the requirements that are needed by our system. It also emphasis on the operating requirement and the system and its sub system’s architecture. The input/output layout, interphases, detailed design, and processing logic are also covered.
PLANNING
ANALYSIS
DESIGN
IMPLEMENTATION
Understood The scope
How to do it? Who will do what?
What makes it different
Functional requirement
Objectives Need
UML Diagrams to describe operations
Procedural flow Input output
layout
Yet on it??
DEVELOPMENT LIFECYCLE
Our implementation
We have used UML diagrams to describe operations and functions or our system including its structural and behavioural view
Use Case Diagram
1) Actors:
• Network: It represents a collection of machines connected to the host machine and passes the packets from one machine to another.
• NPM Tool: it takes packets from the network, analyzes them and monitors the network.
• System owner: System owner is the client accessing services from the server.
2) Use Cases:
• IP Packets: All the IP packets in the network come to NPM for analyses.
• Alert system: Alerts the system owner if a anomaly is detected.
• Log file: Keep track of the IP address and name of the machine which is stored in the database.
• Anomaly detection: Detects if there is any deviation from the specified rules.
• Monitors network
• Calculates Bandwidth
• Provides GUI
TOOLS/PROTOCOLS Required
INTRODUCTION TO VISUAL C++ Visual C++ is the most powerful front-end tool and graphical user
interface that is mainly used for developing application programs.
The added advantages of Visual C++ are the built in Microsoft Foundation Class (MFC) Libraries.
These Libraries include base classes for creating windows, form, dialogue, sockets etc. These libraries are included to reduce the overhead of developer in creating windows and interfaces and he can focus on the application development. In addition Visual C++ support network programming with giving access to NIC.
WinPcap
WinPcap is a free, public system for direct network access under Windows. WinPcap is an architecture for packet capture and network analysis for the Win32 platforms.
The purpose of WinPcap
Capture raw packets
Filter the packets according to user-specified rules before dispatching them to the application
Transmit raw packets to the network
Gather statistical values on the network traffic
3.2.1 WinPcap structure
SNMP SNMP is based on the manager/agent model consisting of a manager,
an agent, a database of management information, managed objects and the network protocol. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed
The manager and agent use a Management Information Base (MIB) and a relatively small set of commands to exchange information.
SNMP uses five basic messages
GET
GET-NEXT
GET-RESPONSE
SET
TRAP
Layered Communication
IMPLEMENTATIONNMS is implemented in following modules.
Network Browser
• Scanning the network for system: Using findalldev() and openlive() Function
• System Status: Checks the number of active users in the network and their Ip and Mac address
• ARP request is send using pcap_sendpacket() and reply is received using pcap_next_ex().
• Machine Name: Computer name is retrieved from the system using Winsock function
FUNCTIONS pcap findalldev()
pcap openlive()
pcap setfilter()
pcap compile
pcap Loop()
pcap next ex()
pcap send packet()
pcap close()
TRAFFIC MONITORINGMain feature of our project is monitoring traffic in the network
• Network traffic analyzer
The port numbers are used to identify the application layer protocols (HTTP,FTP,DNS etc.)
• Protocol analyzer This monitors the protocol used by each system and thus enables to calculate bandwidth usage.
• Bandwidth monitor Bandwidth is calculated by monitoring the number of packets traverse.
Size of each packet *Number of packets=Value of bandwidth
TESTINGUnit Testing
We did unit testing on our various sub units of the program.
The function pcap_findalldevs() was tested for the various networks that can be opened.
The function Pcap_open_live() was tested to check the working which was to open the live capture function.
Pcap_setfilter() was tested to check the association of the filter to a capture.
Integration Testing
The integration testing produced errors as Unit testing was not a success.
System Testing
The system testing will be done once we get favorable outcomes from the Integration testing.
Comparison Testing
The comparison testing will be done and the output of the software will be tested with the software which is available in the market.
Future Enhancement
Project can be further enhanced to
Fault management
Alerts and threshold
Windows event log monitoring
Traffic management
Network Security
Network scheduling
QUESTIONS ???
