Due to rapid changes and consequent new threats to computer networks there is a need for the design of systems that enhance network security. These systems make network administrators fully aware of the potential vulnerability of their networks. This paperdesigns a Network Monitoring System (NMS) which is an active defense and complex network surveillance platform designed for ISPs to meet their most rigorous security requirements. This system is motivated by the great needof government agencies, ecommerce companies and Web development organizations to secure their computer networks. The proposed system is also used by network administrators to enable them understand the vulnerabilities affecting computer networks. This enables these administrators to improve network security. The proposed system is a lawful network traffic (Internet Service Provider IP trffic) interception system with the main task of obtaining network communications, giving access to intercepted traffic to lawful authorities for the purpose of data analysis and/or evidence. Such data generally consist of signaling, network management information, or the content of network communications. The intercepted IP traffic is gathered and analyzed for network vulnerability in real time. Then, the corresponding TCP/UDP traffic (Web page, email message, VOIP calls, DHCP traffic, files transferred over the LAN such as HTML files, images, and video files, etc.) is rebuilt and displayed. Based on the results of the analysis of the rebuilt TCP/UDP an alarm could be generatedif amalicious behavior is detected. Experimental results show that the proposed system has many
