M.E Thesis A Study on the Cacti-based Network Traffic Monitoring System Using Libpcap December, 2011 Graduate School of the PaiChai University Department of Computer Engineering Major of Multimedia Information Engineering Xiao Huang A Study on the Cacti-based Network Traffic Monitoring System Using Libpcap Principal Advisor Hoe-Kyung Jung December, 2011 Graduate School of PaiChai University Department of Computer Engineering Major of Multimedia Information Engineering Xiao Huang The undersigned have examined the dissertation entitled: “A Study on the Cacti-based Network Traffic Monitoring System Using Libpcap” presented by “Xiao Huang” , a candidate for the degree of Master of Computer Engineering and hereby certify that in their judgment it is worthy of acceptance. December, 2011 In-June Jo, PH.D Professor Department of Computer Engineering Graduate School of PaiChai University December, 2011 Dong-Kun Noh, PH.D Professor Department of Computer Engineering Graduate School of PaiChai University December, 2011 Hoe-Kyung Jung, PH.D Professor Department of Computer Engineering Graduate School of PaiChai University A Study on the Cacti-based Network Traffic Monitoring System Using Libpcap Xiao Huang Department of Computer Engineering Graduate from PaiChai University Daejeon, Korea (Supervised by Professor Hoe-Kyung Jung) ABSTRACT Networks are growing rapidly in size and make the networks more complex than before. In LAN(Local Area Network), network congestion, slow-speed and the servers is often attacked and even be paralyzed. In order to keeping our networks quick, reliable, secure and efficient, we need a network traffic monitoring. Recently, a smart phone can be bound with an email address. We can receive email at hand immediately. Cacti is an open source and freeware monitoring tool and has lots of alarming email plugins. Libpcap is also an open source library that provides a low level interface to network packet capture systems. Making a Sniffer by Libpcap to capture packets from NIC(Network Interface Card) and I analyze those packets and to store in DB. Cacti get those data by Perl scripts and use these data to graph and sent emails in special case. In this thesis, we unite them together and design a system to monitor our network traffic in real time. Executing these programming, our system can get a few choppy continuous graphs and log files and even receive alarming emails by mobile phone. These results indicate that it is possible to unit Cacti and Libpcap together to monitor our network traffic and this system can achieve our desired goal and it is effective, quick, accurate and real-time. II Contents Abstract...................................................................................................I Contents.................................................................................................III Figures Listed........................................................................................V Table Listed...........................................................................................VI I. Introduction .......................................................................................... 1 II. Related Work ...................................................................................... 4 2.1 RRDTool ........................................................................................ 4 2.1.1 the Concept of RRDTool ........................................................ 4 2.1.2 the Features of RRDTool ....................................................... 4 2.2 Cacti .............................................................................................5 2.2.1 the Concept of Cacti .............................................................. 5 2.2.2 the Features of Cacti ............................................................. 6 2.2.3 Work Principle ........................................................................ 6 2.2.4 How to Use Cacti ................................................................... 7 2.2.5 Add PIA (Plugin Architecture) ............................................... 9 2.2.6 Installing Setting Plugin and Thold Plugin .......................... 10 2.3 Libpcap ........................................................................................ 12 2.3.1 the Concept of Libpcap ........................................................ 12 2.4 Sniffer .........................................................................................13 2.4.1 the Concept of Sniffer ......................................................... 13 2.4.2 Work Principle ...................................................................... 13 2.4.3 How to Make a Sniffer ......................................................... 15 2.4.4 Things should be taken into account .................................. 18 2.4.4.1 Data Link Type .................................................... 18 III 2.4.4.2 Network Layer Protocol ...................................... 20 2.4.4.3 Transport Layer Protocol ................................... 20 2.4.4.4 Application Layer Protocol ................................. 21 2.4.4.5 Filtering Packets .................................................. 21 2.4.4.6 Setting a Filter ..................................................... 22 III. Design System ................................................................................. 26 3.1 Development Environment ......................................................... 26 3.2 System Structure ........................................................................ 27 3.2.1 Capture Packets Block ........................................................ 27 3.2.1.1 Design Ethernet Networks Structure ................. 28 3.2.1.2 Design a Callback Function ................................. 30 3.2.1.3 Start a Sniffer Application ................................... 32 3.2.2 Counter Block....................................................................... 32 3.2.3 Inquiry Block ........................................................................ 34 3.2.4 Connect with Cacti Block .................................................... 35 3.2.4.1 Design a Program to Update a DB table ............ 35 3.2.4.2 Design a Perl Programming ................................ 36 3.2.4.3 Create a graph from a Perl Script ...................... 37 3.2.5 Set Alarm Block ................................................................... 38 3.2.5.1 Set Threshold Plugins ......................................... 38 3.2.5.2 Creating a Threshold Templates ........................ 40 3.3 Results ......................................................................................... 42 IV. Result and Analysis ......................................................................... 45 4.1 Make a Test ................................................................................ 45 4.1.1 Test by TCP ......................................................................... 45 4.1.2 TEST by ICMP ..................................................................... 48 IV 4.2 Analysis ....................................................................................... 52 V. Conclusions and Future Works ........................................................ 53 5.1 Conclusions ................................................................................. 53 5.2 Future Works .............................................................................. 54 References ...........................................................................................55 Acknowledgement ................................................................................57 V Figures Listed Figure 1. Cacti Work Principle ........................................................ 7 Figure 2. Cacti Login Window ......................................................... 8 Figure 3. Thold Plugin ................................................................... 11 Figure 4. Setting Plugin ................................................................. 12 Figure 5. Elements Involved in the Capture Process .................. 15 Figure 6. System Design Flow-Process Diagram ........................ 26 Figure 7. Structure of System ....................................................... 27 Figure 8. Data Encapsulation in Ethernet Network ..................... 28 Figure 9. Callback Function ........................................................... 30 Figure 10. Start Grabbing Packets ................................................ 32 Figure 11. Information Recorded in File ....................................... 33 Figure 12. the Structure of Table ................................................. 36 Figure 13. Perl Connect to DB ...................................................... 37 Figure 14. Create Graph for ARP .................................................. 38 Figure 15. Default Alerting Options .............................................. 39 Figure 16. Emailing Options .......................................................... 39 Figure 17. Cacti Setting(Mail/DNS) .............................................. 39 Figure 18. SMTP Options .............................................................. 39 Figure 19. Test Message ............................................................... 40 Figure 20. Receive a Email by a Phone ........................................ 40 Figure 21. Setting Threshold Template ....................................... 41 Figure 22. High/Low Settings ......................................................