| 1 | 校園宿舍的網路管理及建置以南華大學宿網為例 | 研究生:黃武隆 |
| 本文主要是以南華大學的校園宿舍網路為例,宿舍網路管理一直是所有學校的校園網路管理上的一個重大議題。 為了方便學生登錄網卡地址及有效控管學校IP之發放,以宿舍網路管理系統程式搭配Core switch之Command作IP與Mac address對應之設定,確實監控到使用者實際使用的IP情形,有效防止IP盜用,以利宿舍網路流量之管理及控制。 本研究目的係將針對每一個宿舍網路使用者做流量的監控,對於超量使用或不當使用網路者依本校宿舍網路使用規範辦理,達到宿網管理的機制,並透過一些網管工具解決校園網路對外連線網路頻寬不足的問題,有效分散學術頻寬,避免網路資源浪費,降低校園網路頻寬成本。 |
||
| 2 | 以多管道機制實現經濟且可靠之網路商店遠端監控及管理系統 | 研究生:李銘淮 |
| 本研究除了建立一個提供Web和WAP介面的商務網站之外,也實作了一個搭配此系統的遠端監控及管理系統,能透過WAP手機、PDA或瀏覽器,隨時得知系統效能及其他狀況,並進行系統面及商品面之管理維護。本研究的主要工作是技術整合,包括伺服端動態網頁(ASP)、動態目錄服務介面(ADSI)、XHTML、WSH (Windows Script Host)、ActiveX文件、MRTG效能監測、SQL資料庫、WAP、WML、WMLScript以及簡訊服務(AT Command Set)等技術。在監控方面,管理者以WAP手機、PDA或是瀏覽器就能遠端監控CPU、記憶體的使用率、SQL資料庫伺服器效能、I/O子系統效能以及網路流量等,若察覺有異狀則透過WAP及Web介面就可以進行程序(process)管理、Web和FTP站台管理以及系統效能調整。基於以上所提供的功能,網站營運管理及商品管理皆可由一人兼職負責,甚至一人就可管理數個網路商店系統,而管理者在度假時也可隨時隨地獲知系統運作狀況並即時進行處理,因此可降低許多人力成本,增加網路商店系統永續經營的機會。 | ||
| 3 | 分散式阻斷服務攻擊之內部防禦研究 | 研究生:陳偉嵩 |
| 在網際網路(Internet)的使用日趨盛行下,各類產業對於網路使用的品質要求也日益提昇,大型區域網路(LAN)的環境中,往往因為過多數量的電腦設備及更開放的自由網路使用下,致使許多因為網路使用問題日益增加,因此對於區域網路內的網路管理更是不能忽視。中大型的企業區域網路,所負擔的是整體企業,包含行政、銷售、產品等的正常運作。以往網路的管理及研究均把焦點集中於廣域網路(WAN)的範圍,近年來由於區域網路內的頻寬(Bandwidth)提昇,流量增加、網路服務型態以及網路攻擊(Network Attack)的型態改變等,都直接衝擊區域網路內的使用效能,為達到更佳的區域網路管理模式,本論文整合現有技術觀念,提昇網路管理系統功能,解決區域網路內所產生的分散式阻斷服務(DDoS)攻擊產生。 | ||
| 1 | Monitoring your IT gear: the MRTG story | Oetiker, T. |
| About six years ago I was working as a system manager at a university in the UK. This 20,000 person outfit had a single 64 Kbit Internet link. The campus itself was well connected within, so you can imagine what happened on that Internet link. During working hours, it was almost unusable as everybody was working hard to squeeze some bytes through it. Working in the central IT services group, I figured it might help people to know whether the link was slow because it was full or because it was broken. After some initial experiments with shell scripts-snmpget and gnuplot-I wrote my first big Perl script: the Multi Router Traffic Grapher (MRTG). This tool ran on our Web server. Every 5 minutes it read the inbound and outbound octet counters off our Internet gateway router. By building the difference between two consecutive readouts and dividing the result by the elapsed time, it could determine the average data rate on the link for the past 5 minutes. It logged this data and drew graphs for a Web page, where everybody could readily see the link's state. At the time, we were also discussing the need for a faster link with university management. MRTG provided us with exactly the type of easy-to-understand information required to sell a faster link to management | ||
| 2 | Routing Inference Based on Pseudo Traffic Matrix Estimation | Ziqian Liu; Changjia Chen |
| Routing information is so crucial to an operational network that it is always regarded as confidential by network administrators. This paper proposes a novel routing inference method that only needs the knowledge of the network topology and the link counts, both of which can be obtained from MRTG (Multi-Router Traffic Grahper) data. The insight is that the traffic observed on each link arises from the superposition of the traffic demands between the origin-destination (OD) pairs and each traffic demand corresponds to a unique path. The method employs expectation maximization (EM) algorithm cooperating with a hypothetic pseudo routing scheme, which is expected to embrace the real routing, to compute a pseudo traffic matrix. The real routing then can be conjectured from this pseudo traffic matrix. This method is applied to a real IP network, and the results show that it correctly infers the routings for 87% OD pairs. | ||
| 3 | A distributed real-time tool for IP-flow measurement | Kitatsuji, Y.; Yamazaki, K. |
| It is getting more difficult to monitor multiple services as well as to detect and/or to trace denial of service attacks with only tools showing graphs of the whole IP layer traffic like MRTG or by checking counters of router interfaces. In this paper, we discuss the specification of a software-based real-time measurement tool for flow which consists of multiple capture devices, a manager device and user interface devices, enabling flexible flow definition on demand without stopping system and working with IPv4 and/or IPv6, while also enabling high performance. With this discussion, we propose its architecture, bit-pattern-based flow definition method and data structure. Then we report on the performance evaluation of a prototype of proposed real-time flow measurement tools developed on PC-UNIXs and show that the number of bit-pattern composing flow definitions impact on the performance. Lastly we show an example of measuring flows in a real world environment and confirm that the flow extraction is simplified. | ||