| With the development of communication technology and network, the network has already become a tool which indispensable in day life. It makes the design, maintain and guarantee of the network security become difficult. To maintain the network security, various kinds of technology are proposed. Network sniffing is one of the important technologies in safe field. And it is the main component of the firewall, IDS and network monitor tool. Network sniffing is like one double-edged sword. It makes the network administrator convenience, but it also offers the hacker a tool to steal network information.At first this paper has introduced the data capture model of network sniffing technology and the Berkeley Packet Filter based on OS, analyses the architecture of Libpcap and Winpcap, which is the function library irrelevant with OS.Secondly, this paper has study the protocol analysis based on TCP/IP protocol. Protocol analysis is one of the important functions of network sniffing. By the real-time decoding or analysis data file, sniffer can get the source and destination address, the format of data frame and so on. Protocol analysis is the main technology that the IDS adopts at present, used to remedy the deficiency of the simple mode matches.Then this paper analysis the bottleneck of data capture of Linux based on the light quantity IDS Snort. And it has study the popular key technology, including the memory mapping, NAPI and "zero-copy" technology. By these technologies, it can improve the efficiency of data capture.This paper simplifies and abstracts the process of data capture, uses the M|M|1|m model in Queue Theory to analysis the process of data capture. This model calculates three key parameters including packet loss rate, packet average in queue and packet queue time. Using this model, it can evaluate and analysis the system of data capture.Finally, this paper has introduced the network security monitor system based on Snort and study the process of rule match. It has classified the rule of Snort, improved the efficiency of rule search by adopting the technology of dynamically adjust rule tree. It has improved the performance of system.
|
PDF Full Text Request