| Along with the rapid development of the network technology, some new requirements have been continuously emerging on network performance analysis tool and network security tool. Therefore, it has a practical significance researching the basal module of capture packets and related protocol analysis. The module of capture packets is a kind of technology which has been developed along with network, it has a very important effect on network performance analysis tool, Firewall system realizing, intrusion detection system and analysis of hacker attack. During the practical phase, the module of capture packets is the base of implementation protocol analysis and network monitor. There are two kinds of the module of capture packets, one is provided by the kernel of operation system, the other is the module through installing the capture packets driver by the application or the designing software tools, this is mainly use for WIN32. There shall be some diversity of the module of capture packets because of the different operation system. There are three kinds of module of capture packets in UNIX: BPF, DLPI and SOCK_PACKET. Regarding to the performance aspect, BPF is better than DLPI, however, SOCK_PACKET is not as good as them. Libpcap is a grouping capture function library that no relates to the operation system, that may directly accessing the data link layer. This library provide accordant programming interface for the different platform, if the platform install libpcap, the program or the application that structuring by libpcap can use freely on the different platform. The most of sniff program communicate with the kernel through libpcap. Windows has no built-in module of capture packet, just provide few and limited function API.PCAUSA provide a commercial product, that has the capture packet interface and the similar BPF filter. The analysis protocol is the process that finds out the content and the using service in the network data packet after capturing packets. Network protocol analytic system is the effective tools for monitoring network, when the network bog down, they may get the running state of network: which computer, which protocol, which user generate the maximal flow. Through this, the network administrator can find out those protocols and users that may generate network huddle, and manage those so that improves the network transmission performance. This is an idiographic application on the flow control. Network administrator can know which kind protocol apply on the present network, each of kind protocol occupies proportion, which computer apply which protocol to communication, and network administrator can analyze the rationality and effectively of this application. Through this, he can reasonable choose the protocol so that it can economize the limited bandwidth and improve the network transmission performance. If network administrator wants further to understand how each protocol encapsulation, network protocolanalytic system can decode to capture data frame, this make user know deep level data so that he can develop and research on the present network. This paper is about current common module of capture packets, mainly discussing the BPF process, detailed presentation on capture packets working principle, analyzing similitude and difference on the architecture and function of different module of capture packets, indicating the advantage and disadvantage of performance of every module of capture packets which lays the base of the developing the high efficiency and reliability network monitor and recovery system. This paper also includes the analysis method of the TCP/IP protocol, a sample of experiment program monitoring & testing utilizing the Libpcap, and testing for my work environment LAN.
|
PDF Full Text Request