Research On Network Packet Interception And Analysis System

As the development of in formalization, the importance of the information safety causes more extensive attention gradually. Safety engineering continuously update, various kinds of new attack means and tools change with each passing day. This paper is carrying on relevant research and discussion of the main security control technology--Network Packet Sniffing technology and IDS based on state transition. The research and development is useful for the network management, network troubleshooting, and network intrusion detection system and for its further development. It has essential effect for maintaining the entire network of security and stability.Firstly this article discussed the network packet interception and the implement of the analytics system. This system integrate the data collection technology,network communication technology and Object Oriented programming technology together, it could access data packet, analysis protocol, etc. This paper discussed about the system principle, solving scheme, overall structure, data packet accessing module, protocol analysis module, and other aspects, therefore the design and implement of the entire system. We can know the information of network packet according to Network packet interception and analysis tools. The program picks up the useful information, such as: the type of the protocol, source/destination address, source/destination port and the length of the data packets, etc. Through the source/destination address we know which computer is active and through the length of the package we find out the traffic of the network.Secondly, the analysis method of IDS based on state transition is investigated. At the beginning of this part, the theory of state transition technology is present, then introduces the language rule of the intrusion detector which applied to the state transition in detail, and finally the implement method of IDS based on state transition. What it come down to is that although this system at some distance with the actual products, but it has the primary function if intrusion detector, and it has solved a certain key technical matters which can be summarized in two aspects, one is that the user could easily adapt to and extend the high efficient and general describe language rule, it is convenient to define the attack actions and decide the corresponding measurements, the other is that based on the data package of intrusion detector, a intrusion detector testing project is presented, which provided the science reference for evaluating the IDS method.There arc still some shortages of this system, so it provides the future study direction and content.