Network Traffic Monitoring System based on embedded Linux and single board computer

Abstract

Internet and Intranet network traffic increase due to the use of World Wide Web and other applications. Hence determining which host and application generates/using lots of network traffic is very significant in managing and utilizing network resources effectively. For many years Internet and Intranet traffic monitoring application has been developed to be executed on personal computer (PC) with high processing power. Thus the benefit of low cost, small size and portability which embedded system has to offer has never been benefited by these kinds of applications. The emergence of embedded Linux had driven developers to take up the challenge of developing high processing power application on embedded Linux platform. This research describes the design and development of an Embedded Network Traffic Monitoring (ENTM) system based on single board computer (SBC) and an open source embedded Linux operating system (OS). The developed ENTM system is capable of probing network packets, analyze the probe data and display the results of the analyzed and raw data. This system is a handy device for network administrator in analyzing incoming and outgoing network traffic. The main hardware components of ENTM system are the TS-5400 SBC, LCD panel, keypad and Compact Flash (CF) card. The ENTM software system is composed of four modules namely System Control (SC), Network Packet probe (NPP), Packet Analysis (PA) and View Module (VM). The SC module act as an interface/menu to execute various functionalities of the system and the integration of external devices (Keypad and LCD panel) to the SBC. The NPP module capture packets from a network segment, extract the packets information and store them into a temporary data buffer for further analysis. The PA module keeps track of global and individual-host information into files for viewing. The VM is used to display the analyze data through any web browser. To ensure reliability and practicality, analysis of the system performance is significant. Thus, the ENTM system performance is compared against execution of the software on Desktop PC and Wireshark, a well known competitive network analyzer. The experimental results shows that the data capture and packet capture rates of ENTM system is very much identical (less than 0.5% variation) during execution on Desktop PC and Wireshark regardless of its low CPU speed and memory size. The results prove that ENTM design and implementation is highly competitive eventhough of the hardware specification has low proccessing power and memory.