Research And Application Of Special-purpose TCP/IP Protocol Stack

This thesis agrees to control the further investigation of relevant technology in realization of the TCP/IP protocol and standard TCP/IP protcol stack, monitoring system of network application , advances some methods and measures in improve protocol stack analyze efficiency and strengthen protocol stack security two propose, and then has realized a kind of special-purpose TCP/IP protocol stack , and realize one controls monitoring system of using SMTP to send the mail on the basis of this special-purpose TCP/IP protocol stack. In order to improve the efficiency of the monitoring system further, it has specially research technology to capture data. Point out through experimental analysis , the performance of the network card and size of WinpCap buffering area exert a great influence on capturing rate of the data, and has put forward the method solved to that how to raise the capturing rate of the data.Realize a steady, safe and high-efficient network application monitoring system that involves a lot of respects. But the most important one is realization of TCP/IP protocol stack and the capturing data frame. Face this kind of situation, this thesis accords with the special demand for the monitoring system of network application, has abandon some codes of standard TCP/IP protocol stack, has redesigned and realized an TCP/IP protocol stack. This protocol stack has reduced the possibility attacked. This thesis has done some improvement in analyzing efficiency and security in IP , TCP and SMTP protocol mainly. It has study the principle that IP chip attack and has realized dividing one slice of codes recombinated to IP again, have prevented to attack to each of the monitoring system of network application. Study to using the denial of service of the server to attack , this thesis carry on a potential means to attack to monitoring system of network application after putting forward one. Because its difference attacked with traditional SYN Flooding of this kind of attack means, this thesis calls itmutation SYN Flooding attack. In order to prevent this kind of attack, this thesis also put forward the algorithm of evading counted on the basis of connecting peak value under a kind of controllable network environment to judge and deal with the attack algorithm of mutation SYN Flooding in the thesis.In order to raise the analytic efficiency which SMTP, base on the phenomenon that TCP protocol division the application protocol according to port similar to the loading, inheriting and covering of the class of C ++ programming language, We have written a very good TCP C ++ base class. It can save the connecting information and has good ada- ptability and expanding. We call this base class CConnect. This base class can be used for writing and analyzing other application protocol by way of inheritting. The state of TCP connection can be kept by hash table.It is that data capturing technology to influence another factor of the monitoring system working efficiency of network application. Influence reasons that data capturing for network adapter and the driver two. One is the size of the datum buffering area of network card. Catch through TCP data messager experimental result prove different network adapter of producer performance disparity relatively heavy. Another one is to the driver. This thesis chooses WinPcap as the diver. In WinPcap, there are two kinds of buffer areas. Their size influences the ability of capturing of the data frame directly. Draw through the experiment, different capacity of buffer area in case of speed of the high data, the capturing rate of data of WinPcap is different. Through testing repeatedly, this thesis has obtained a suitable experience value.Through testing, SMTP agreement monitoring system based on special-purpose TCP/IP protocol stack runs steadily, reliable, the capturing rate of data frame of the sensitive data is 100%, can totally monitor behavior which sends the mail of using SMTP and mail content in the network, has certain resisting the ability of attacking. It is successful to apply to the design of special-purpose TCP/IP protocol stack of the monitoring system of network application. It has good analytic efficiency and resists the ability of attacking. It has offered better reference and reference value for research and application of the monitoring system of similar network application.