|
|
Implementation of open source system for network monitoring
Scripnic, Dmitrii ; Sládok, Ondřej (referee) ; Grenar, David (advisor)
The bachelor thesis deals with network monitoring. In this work, a theoretical analysis of known monitoring systems was performed and their architecture, properties and work with these systems were also described. Subsequently, a comparative characteristic of all described systems was performed. At the beginning of the practical part, the installation and configuration of all monitoring systems and their evaluation was performed. The second part deals with the Zabbix monitoring system, where more emphasis was placed on monitoring IP service delays.
|
|
|
Optimization of the Suricata IDS/IPS
Šišmiš, Lukáš ; Fukač, Tomáš (referee) ; Korček, Pavol (advisor)
V dnešnom svete zrýchľujúcej sa sieťovej prevádzky je potrebné držať krok v jej monitorovaní . Dostatočný prehľad o dianí v sieti dokáže zabrániť rozličným útokom na ciele nachádzajúce sa v nej . S tým nám pomáhajú systémy IDS, ktoré upozorňujú na udalosti nájdené v analyzovanej prevádzke . Pre túto prácu bol vybraný systém Suricata . Cieľom práce je vyladiť nastavenia systému Suricata s rozhraním AF_PACKET pre optimálnu výkonnosť a následne navrhnúť a implementovať optimalizáciu Suricaty . Výsledky z meraní AF_PACKET majú slúžiť ako základ pre porovnanie s navrhnutým vylepšením . Navrhovaná optimalizácia implementuje nové rozhranie založené na projekte Data Plane Development Kit ( DPDK ). DPDK je schopné akcelerovať príjem paketov a preto sa predpokladá , že zvýši výkon Suricaty . Zhodnotenie výsledkov a porovnanie rozhraní AF_PACKET a DPDK je možné nájsť na konci diplomovej práce .
|
|
|
IP Address Activity Monitoring
Pilátová, Kateřina ; Krobot, Pavel (referee) ; Bartoš, Václav (advisor)
Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní.
|
|
|
Radius Monitoring Using IPFIX
Vyskočil, Pavel ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This barchelor thesis is focused on monitoring RADIUS traffic in the computer network based on IPFIX technology. A new input plugin for the FlowMon probe from the INVEA-TECH company was created using the acquiered knowledge about the RADIUS traffic and the possibilities of the IPFIX protocol. During the tests, the implemented plugin showed the ability to detect and process RADIUS comunication in the LAN network.
|
|
|
Identification of Device Availability in Technological Networks
Vodehnal, Stanislav ; Mlýnek, Petr (referee) ; Škorpil, Vladislav (advisor)
This diploma thesis deals with the monitoring of network elements of technological networks and distribution systems. There are described reasons why and what kind of values we want to monitor. Three monitoring systems are then selected, described their properties and functions. Based on their merits, one system for deploying the test environment is selected. The practical part is the configuration of the selected system and its subsequent deployment to the network.
|
|
|
Hardware Acceleration of Protocol Identification
Kobierský, Petr ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
Dynamic growth of computer networks encourages rapid development of network applications and services. To provide sufficient network service quality, it is important to limit some network flows based on their application protocol type. This thesis deals with the methods of network protocol identification and discusses their accuracy and suitability for multigigabit networks. Based on the analysis, a protocol identification model was created and evaluated. The model was used for the design of hardware architecture accelerating computationally intensive operations of protocol identification. The proposed solution is able to work on 10 Gb/s networks and export protocol information using NetFlow protocol.
|
|
|
Analysis of Captured DNS Traffic
Hmeľár, Jozef ; Kekely, Lukáš (referee) ; Kováčik, Michal (advisor)
This thesis is focused on the analysis of captured DNS traffic. Introduction of this thesis is focused of basic desciption of computer networks , DNS and description of network flows. Then, the work focused on analysis Netflow format, IPFIX and PCAP, the analysis and implementation of tool for analyzing DNS traffic in C++ programming language. The conclusion is devoted to the results of the implemented tools.
|
|
|
Graphical Visualization of Network Traffic Geographical Data
Kachlík, Jakub ; Holkovič, Martin (referee) ; Hynek, Jiří (advisor)
During ongoing Internet attacks is important to find out as much information about the attacker as possible and to pass this information clearly to the network administrator. The Flowmon monitoring system is currently able to determine the source destination of sent packets, group them into flows and write them into a table. The data visualized in this way are confusing to create a geographical analysis of the attack. The objective of this work is to create a web information dashboard that will display geographic visualizations of network traffic. It will provide more detailed and easier-to-understand analysis to users of the tools.
|
|
|
Network Traffic Capturing With Application Tags
Zuzelka, Jozef ; Lichtner, Ondrej (referee) ; Pluskal, Jan (advisor)
Network traffic capture and analysis are useful in case we are looking for problems in our network, or when we want to know more about applications and their network communication. This paper aims on the process of network applications identification that run on the local host and their associating with captured packets. The goal of this project is to design a multi-platform application that captures network traffic and extends the capture file with application tags. Operations that can be done independently are parallelized to speed up packet processing and reduce packet loss. An application is being determined for every (both incoming and outgoing) packet. Records of all identified applications are stored in an application cache with information about its sockets to save time and not to search for already known applications. It's important to update the cache periodically because an application in the cache may close a connection at any time. Finally, gathered information is saved to the end of pcap-ng file as a separate pcap-ng block.
|
|
|
Diagnostics and monitoring of transport networks
Maurerová, Lenka ; Horváth, Tomáš (referee) ; Krkoš, Radko (advisor)
Diploma thesis deals with monitoring and diagnostics of transport networks. It focuses on basic diagnostic and surveillance tools, and tools which are developed in the project of Internet2. It is focused on the evaluation of the measurements performed by these tools with a focus on external factors and substandard conditions and their impact on the measurement results.
|
guest ::
