Development of a non-intrusive network traffic monitoring and analysis system

Citation:
Oluwaranti, AI, O.O. Abiona, C.E. Onime, L.O. Kehinde, and Radicella SM.  2006.  Development of a non-intrusive network traffic monitoring and analysis system. African Journal of Science and Technology. Vol. 7, No. 2, December 2006(Addis Ababa, Ethiopia):pp.54-69.

Abstract:

The growth in the use of World Wide Web (WWW) in the Internet has caused a significant
increase in the type and volume of network traffic. Presently, there is complete reliance on computer
networks by most enterprise, hence the importance of network traffic monitoring and analysis can
not be over emphasized. Most of the existing traffic monitoring and analysis tools are only capable
of measuring traffic loads on individual network segments and servers generating such traffic.
Nowadays, there is exponential increase in Intranet to Internet traffic due to www and other
applications, the need to determine which host or application is generating the most traffic is
crucial and important in managing limited network resources efficiently.This paper presents an
approach to monitoring Intranet to Internet traffic through the development of a non intrusive
network traffic monitoring and analysis system. The experimental aims include being able to monitor
live network traffic without adversely imparting on performance and also to identify and monitor
traffic patterns (both speed and volume) on the basis of host (IP address), protocol and time of the
day. This work builds on a previous work with a limitation to monitoring network traffic in a
switched environment.The setup presented in this paper meets with the above aims and has been in
use at the Obafemi Awolowo University, since April 2003. The monitoring interface was placed in
promiscuous mode, and a Perl wrapper script was used to start the IP Network Monitoring Software
(IPTraf) with suitable argument, to gather detailed interface statistics information and also produce
suitable log files used by Multi Router Traffic Grapher (MRTG) to generate graphical overview and
Webalizer to generate detailed analysis. Other scripts used are Run_mrtg, used to run MRTG via a
crontab. Mrtg_reader was used to read and clear the counter file. Run_webalizer was used to run
Webalizer via a crontab, and Webalizer_caller was used to Calls Webalizer to process the file, with
input file and output directory specified. The MRTG graph shows usage pattern, network downtime,
peak and saturation periods. While the Webalizer shows detailed statistical information about the
total packets and kilobytes transferred on an hourly, daily and monthly basis. The paper explains
how it has been implemented at the Obafemi Awolowo University campus network and the
requirements – software and hardware to install such a system on any network.