nids_plugin_platform project

The source releases under the GPLV2 License. Here and Here(With PF_RING as backend).

The docs lie here but in Chinese.

There are some example plug-ins.

This project aims to be a suitable campus /
enterprise network traffic monitoring platform, do something like
traffic analysis, detection and so on. Just like ourmon.
The protocols are TCP and UDP.

It releases under the GPLV2 License.

It use nids as backend and nidsplugin is a wraper of the api.

The below is translated by Google from http://211.87.224.20/kjcx/?p=527 which is the Chinese introdution of nidsplugin.

Introduction

Project Background

With the development of modern network, the network has become an indispensable part of life, people are increasingly dependent on the network. In such circumstances, the status of network traffic monitoring is more prominent. Network traffic monitor network traffic for network performance parameters measured, and based on this analysis, testing, and ultimately determine the network operating conditions, the basic means of network management. Network traffic monitoring can timely identify problems and to overcome bottlenecks in the transmission network, and detect network attacks and maintain network security and improve the network quality of service have a profound significance. However, with the network transmission speed and transmission of data volume growth, the traditional end broadband networks for monitoring has been unable to adapt to the modern high-speed transmission of massive data networks. In such circumstances, the status of network traffic even more prominent.

Research objectives and the main content

Research objectives:

For developing a campus / enterprise network traffic monitoring platform, able to import and export traffic analysis, detection, protection of the network’s normal, efficient operation

Contents:

1. Collected through the network through the entrance port mirroring of network packets
2. Statistics traffic packet size statistics, IP protocol packet flow classification, IP protocol packet classification number, TCP port traffic statistics, TCP packet transmission control number, the number of network errors, ICMP unreachable error number, DNS number of queries, DNS query type number, DNS type of error statistics, the high-speed packet capture.
3. Fully scalable, easy to add new modules
4. Graphical display and analysis of statistical data

Innovation Highlights

• Full-featured
• High stability
• High efficiency

Zero-copy

1. High-speed packet capture, low packet loss rate
2. Further modify the NIC driver kernel
3. Restore stack bypass system
4. DMA is to reduce the use of the results of the number of packet copies, a substantial increase in efficiency
5. Solve the kernel mode and user mode address space problems

Plug-in platform

1. Mechanism to achieve the plug-in, the system easy to plug-in platform to be extended on the basis of a more flexible
2. Implements the user mode network stack to restore

Interactive graphics

1. Friendly and easy to use graphical interface
2. Real-time monitoring of various parameters of network data, the timely detection of problems
3. Preservation of historical data to realize the historical inquiry

Database Design

1. Well-designed database script, to meet their needs under the premise of greatly improved efficiency
2. Write to the database volume

Classification of user-level protocol identification

1. Distinguish various types of traffic in the network share
2. Off-line network data sets (pcap format) resolution
3. Regular expression matching engine
4. TCP-based application protocol identification
5. UDP-based identification of application protocols
6. The output of various statistics

Plug-in implementation

1. Dynamic load library
2. Circular queue buffer
3. Used interchangeably to achieve double the cache file queue
4. Operating parameters of the configuration file to customize
5. Use memory file system as cache files, to improve access speed

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!