Application of NetFlow Technology to Network Data Flow Monitor and Analysis in Guangdong Meteorological Bureau

Xiao Wenming; Lang Hongliang; Chen Xiaoyu

Vol.18, NO.6, 2007

Article Contents

Article Navigation > Journal of Applied Meteorological Science > 2007 > 18(6): 870-876

Xiao Wenming, Lang Hongliang, Chen Xiaoyu. Application of netflow technology to network data flow monitor and analysis in Guangdong Meteorological Bureau. J Appl Meteor Sci, 2007, 18(6): 870-876.

Citation:

Xiao Wenming, Lang Hongliang, Chen Xiaoyu. Application of netflow technology to network data flow monitor and analysis in Guangdong Meteorological Bureau. J Appl Meteor Sci, 2007, 18(6): 870-876.

Xiao Wenming, Lang Hongliang, Chen Xiaoyu. Application of netflow technology to network data flow monitor and analysis in Guangdong Meteorological Bureau. J Appl Meteor Sci, 2007, 18(6): 870-876.

Citation:

Xiao Wenming, Lang Hongliang, Chen Xiaoyu. Application of netflow technology to network data flow monitor and analysis in Guangdong Meteorological Bureau. J Appl Meteor Sci, 2007, 18(6): 870-876.

PDF( 1327 KB)

Application of NetFlow Technology to Network Data Flow Monitor and Analysis in Guangdong Meteorological Bureau

1.
Guangdong Meteorological Information Center , Guangzhou 510080
2.
National Meteorological Information Center , Beijing 100081

Received Date: 2006-12-11
Rev Recd Date: 2007-08-06
Publish Date: 2007-12-31

Abstract

Abstract

For a network administrator, it is essential to understand the traffic characteristics and the user behavior which is typically achieved by the traffic measurement. The basis of the NetFlow technology are reviewed. The function, application, switch features and datagram format of NetFlow are further analyzed. NetFlow's application in the network of Guangdong Meteorological Bureau is introduced in detail. In order to make the network administration convenient, straightforward, and easy for decision making, a Network Monitoring System (NetFlow Analysis System of Guangdong Meteorological Bureau) is designed based on NetFlow for network monitoring. The health of network can be quickly determined by the system, statistics are compiled for each user, and warnings of impending network issues are given. The selection of monitoring nodes is based on the structure ofthe network. Depending on the application, special care is put on how to collect network traffic data. For the ease of use, a host of web application is developed to automatically collect statistics, generate real-time report, and compile statistics. The system has the characteristics that network running situation can be looked over bythe network administrator conveniently, the statistics of the user habits of using the internet and the trouble of network can be found in time. The time that the network administrator needs to search and to get rid of the network breakdown will be evidently reduced by the completion of the design.An analysis is made on a case happened in Guangdong Meteorological Bureau Network on Dec 5, 2006 on how the NetFlow Analysis System of Guangdong Meteorological Bureau is used to quickly identify the network breakdown, and to find the root cause, and to recover it by using the traffic measurement. By using the NetFlow Analysis System of Guangdong Meteorological Bureau to analyze the data stream of NetFlow, it is easy to find the IP address of virus, and the infected computers. Since the worm virus can initiate massive scanning connection during their spreading process, using SNMP and the switch ports linked with the computers those use these IP addresses can be located and the virus-infected computers can be isolated from the network by closing the corresponding switch ports. In this case, not only those kinds of abnormities of different networks in different time segment exactly can be detected by the system, but also the efficiency and bottleneck of the running network can be analyzed on time. So the network performance can be optimized by network managers more promptly and reasonably.
- NetFlow analysis;
- NetFlow technology;
- network monitor

FullText(HTML)

References(19)

Figures and Tables

图 1 NetFlow体系结构

Fig. 1 NetFlow infrastructure

DownLoad: Full-Size Img PowerPoint

图 2 2006年12月5日网络异常告警信息画面

Fig. 2 Image of network abnormal warning message on December 5, 2006

DownLoad: Full-Size Img PowerPoint

图 3 出现告警信息的骨干交换机上网络流量统计表画面

Fig. 3 Image of the network flowchart statistic table from the main switch

DownLoad: Full-Size Img PowerPoint

图 4 网络流量类型信息画面

Fig. 4 Image of network trafic type information

DownLoad: Full-Size Img PowerPoint

References

[1]	陈礼生,肖文名,陈立祥, 等.广东气象IP-VPN网建设的若干关键技术.计算机系统应用, 2004, (10): 44-45. http://www.cnki.com.cn/Article/CJFDTOTAL-XTYY200410013.htm
[2]	王春虎.国家级气象高速骨干网络的系统设计. 应用气象学报, 2002, 13(5): 637-640. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20020582&flag=1
[3]	李集明,熊安元.气象科学数据共享系统研究综述.应用气象学报, 2004, 15(增刊): 1-9. http://kns.cnki.net/KCMS/detail/detail.aspx?dbcode=CJFQ&dbname=CJFD2004&filename=YYQX2004S1001&v=MDA2ODBlWDFMdXhZUzdEaDFUM3FUcldNMUZyQ1VSTDJmWk9SckZpSGdWcjdBUERUYWRyRzRIdFd2cm85RlpZUjg=
[4]	杨策,张永智,庞正社.网络流量监测技术及性能分析.空军工程大学学报(自然科学版), 2003, 4(1) : 57-60. http://www.cnki.com.cn/Article/CJFDTOTAL-KJGC200301016.htm
[5]	蒋海,刘淑芬.流量监测MRTG的改进及其实现.计算机应用研究, 2006, 23(2): 201-202. http://www.cnki.com.cn/Article/CJFDTOTAL-JSYJ200602063.htm
[6]	陈正茂,岳惠祥, 许化.ASP技术在网络实时监控系统中的应用. 计算机应用, 2001, 21(3): 87-88. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJY200103034.htm
[7]	苟平章,倪志新.交换式局域网中SMON监控技术.计算机与数字工程, 2006, 34(7): 21-26. http://www.cnki.com.cn/Article/CJFDTOTAL-JSSG200607006.htm
[8]	尹家生,周健,辜丽川.基于Linux的高速网络流量采集与分析模型研究.计算机工程与应用, 2006, (10): 151-153. http://www.cnki.com.cn/Article/CJFDTOTAL-JSGG200610045.htm
[9]	刘广义,卢泉,杨国良.基于NetFlow流量采样的误差分析. 电信科学, 2005, (5): 68-70. http://www.cnki.com.cn/Article/CJFDTOTAL-DXKX200505020.htm
[10]	周韶泽,邵力耕.高速网络环境下基于NetFlow的网络监测系统设计. 大连铁道学院学报, 2005, (2): 86-89. http://www.cnki.com.cn/Article/CJFDTOTAL-DLTD200502023.htm
[11]	郭玲,吕扬,王锋.NetFlow技术在骨干网IDS中的应用研究. 云南民族大学学报(自然科学版), 2004, (2): 125-128. http://www.cnki.com.cn/Article/CJFDTOTAL-YNMZ200402014.htm
[12]	周宏. 校园网上NetFlow流量监控分析系统的设计与实现. 西南民族大学学报(自然科学版), 2005, (3): 456-459. http://www.cnki.com.cn/Article/CJFDTOTAL-XNMZ200503035.htm
[13]	曾凡锋. 基于SNMP的网络流量统计分析系统.北方工业大学学报, 2003, (1): 17-20. http://www.cnki.com.cn/Article/CJFDTOTAL-BFGY200301003.htm
[14]	杨嵘,张国清,韦卫, 等.基于NetFlow流量分析的网络攻击行为发现. 计算机工程, 2005, 31(13): 138-139. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJC200513049.htm
[15]	孟学军,吴黎兵,石岗.基于NetFlow网络流量分析的研究及应用. 华中科技大学学报(自然科学版), 2003, (增刊): 253- 254. http://www.cnki.com.cn/Article/CJFDTOTAL-HZLG2003S1084.htm
[16]	罗华,胡光岷,姚兴苗.基于网络全局流量异常特征的DDoS攻击检测. 计算机应用, 2007, 27(2): 314-317. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJY200702018.htm
[17]	黄艳,李家滨. 基于NetFlow的网络入侵检测系统. 计算机应用与软件, 2006, 23(6): 85-86. http://www.cnki.com.cn/Article/CJFDTOTAL-JYRJ200606033.htm
[18]	朱敏.基于NetFlow网络流量异常的分析.计算机系统应用, 2006, (4): 28-30. http://www.cnki.com.cn/Article/CJFDTOTAL-XTYY200604008.htm
[19]	肖志新,杨岳湘, 杨霖.一个基于NetFlow的异常流量检测与防护系统. 微电子学与计算机, 2006, (5): 209-210. http://www.cnki.com.cn/Article/CJFDTOTAL-WXYJ200605061.htm