Socks Proxy-server and NetFlow Data Registration Files Joint Analysis

A problem of network traffic processing is one of the most important tasks that should be solved while investigating a computer network. Usually traffic data is distributed and frequently contain the information that is impossible to use without modifications. That.s why the methods of different registration files joint analysis are applied recently. Mostly there are used registration files of different levels. Their coprocessing allows making full and exact analysis of the traffic, rejecting errors and investigating internal mechanisms of generate traffic.

In the report there are considered algorithms of Socks5 proxy-server and NetFlow data registration files joint analysis and the problems connected with them.

All the collected information about a flow is identified by the sourse IP-address and the destination IP-address. Because the part of traffic passes through Socks proxy-server, this traffic will not directly contact with a certain user. To consider this, it is necessary on the basis of a registration file and NetFlow data to receive a new record about this flow: user - required site. So, passing through proxy the impersonal traffic will be possible to identify for concrete network devices. It is possible to note, that using this approach NetFlow data aggregation is realized on the basis of Socks registration file. Aggregation of traffic is an opportunity of logic compression of great volumes of traffic. It is carried by the combination of a big number of flows into one record about resultant flow which is more concrete and full.