METHOD OF MONITORING COMPUTER NETWORK PARAMETERS IN REAL TIME

Abstract

This article presents a comprehensive study and development of a method for monitoring computer network parameters in real time, which is critically important in the context of global digitalization and the increasing complexity of network architectures. The author substantiates that traditional approaches based on periodic collection of statistical data are unable to provide the necessary speed of response to dynamic traffic changes and modern cyber threats. Particular attention is paid to the analysis of the shortcomings of existing systems that use full copying of packets from kernel space to user space, which leads to excessive consumption of processor and memory resources. The scientific novelty of the work lies in proposing a multi-level model for measuring TCP connection characteristics based on eBPF (extended Berkeley Packet Filter) technology. This approach allows filtering and primary aggregation of metrics directly in the kernel space of the operating system, minimizing the overhead of data copying. The developed method provides accurate measurement of delay (RTT) in two ways: by analyzing the session establishment phases (SYN/SYN-ACK) and by processing TCP Timestamp options. The processes of identifying network flows, determining the direction of traffic, estimating the number of intermediate nodes via TTL, and calculating the packet loss rate are mathematically formalized. The software implementation of the method is based on the combined use of the C and Python languages, where low-level processing is performed in the kernel, and high-level analysis, anomaly diagnostics, and integration with metrics collection systems (Prometheus) are performed in user space. The mechanisms of detecting retransmissions and classifying network anomalies using a set of diagnostic rules are separately highlighted. The proposed solution demonstrates high efficiency on devices with limited hardware resources, in particular on single-board computers, ensuring stable monitoring even under conditions of high traffic intensity.