| With the popularity of the global computer network, how to guarantee the security of computer networks and share Computer resource is the important issue in computer science.As Internet users continue to increase, threats to computer security issues have appeared in large numbers. Such as computer virus and attacks have occupied the top of the security incidents.Worm.WhBoy is an example, It not only undermined the interference of the mainframe communications, but also steal the user's confidential information. All kinds of worms virus, Denial of Service and Distributed Denial of Service attack has seriously affected the normal use of the network.Using the technology of the flow of data Sniffer and network monitoring can help network managers to maintain the network. Flow monitoring technology includes two kinds of measurements which are active measurement and passive measurement. The passive measurement techniques are mainly the techniques blow which are the statistical data techniques based on SNMP/RMON,the statistical sampling techniques based on Netflow,the statistical data techniques based on WinPcap or LibPcap. This issue is based on the WinPcap network monitoring technique which is based on the Windows system mainframe to develop a simple Java Protocol statistical system using JPcap interface. Convenient for understand about ICMP protocol,TCP and UDP port distributing status. According to these protocols and ports can confirm loopholes attacks based on special protocols and ports, and block attacks and diffuse transmission of virus by modification of configuration of equipment and host.Denial of service attacks and worms virus attacks are mainly against the loopholes of equipment principle, mainframe systems and network protocol launched by themselves. The main feature of the network is to produce a large number of ICMP protocol data packets,TCP data packets of data link messages and UDP protocol data packets, which take up most of the network bandwidth, decrease the performance of network equipment and host, result in network congestion, affect the network communications and damage the network's availability.In this paper, I researched the conditions of implements of network monitoring technology, in order to put the monitoring technology into practice, NIC need to be equipped with promiscuous mode, it's relatively easy to monitor in the network-sharing which is connected by hubs, But innetwork-switching which is connected by switches,the implements of network monitoring will perform with the help of the functions of Tabs and the port's mirror of switch. The bottom-based driver program for performing the monitor is different due to the different of Operating System in mainframe.the driver is WinPcap in Windows Operating System, LibPcap in the Linux Operating System. Using the software of Sniffer Pro, the functions shortcomings of MAC address's studying was discovered in the network monitoring test for switching network which is connected by switches. This deficiency is due to MAC address learning function which will create MAC address table which is corresponding to port. Switch performs data transmission with the MAC address table. However, this table is formed by the source MAC address which is sent from the data frame of the switch port. Using the network monitoring technology to fake the source MAC address of data frame, to send the data frame to switches, that will establish a wrong MAC address table which led to the transmitted data. The entire communication of network will be probably normal, Once the shortcoming is used by the Computer virus or Offensive Software.Because the common characters of such attacks is to send a large amount of data to duplicate. Therefore, the same network monitoring technology can be used to capture the data network to detect such attacks.In this paper,TCP/IP protocol is analysised and tested using sniffer technology,which facilitates network security managers to understand the structural principles of the agreements,Network anomalies are analyzed through the monitored protocol data.Here we analyze several major protocols: IP, ARP, ICMP, TCP and UDP,and definite the data structure through the captured protocol data. Finally, Using network Sniffer.pro software to test the security of three way handshake of TCP protocol, discover the leaks of TCP protocol and use the monitoring technology to solve the problem.This paper analysised the captured data structure of NDIS equipment driver in Windows system,anslysised the data modules captured by WinPcap;By the technology ,It also gave a brief introduction for detection testing software which is Snort;and analysised the JPcap programming interface,finally designed the statistical monitoring DTSS program based on Dynamic TCP/IP protocol on the mainframe.Program in Java and JPcap on the basis of DTSS program. The main program modules are the followings: Protocol data capture and filter module,protocol data statistics and data building module. The paper designed and explained the program,had a test for code by JAVA,NDIS,WinPcap,JPcapand SQL Server under the Windows system.In this paper, the main task is to analysis and discover the defects of the Network technology and new protocol by monitoring technology,to Proposed a new DTSS program based on the statistic monitoring of TCP/IP protocol,and the program is based on the NDIS equipment driver belongs ot network layer using the WinPcap and JPcap technology,to discover the detects in network by the statistics of the captured protocol data in mainframe; to program in Java and database,and finally perform the test of program.Based on the DTSS program ,To establish ICMP protocol which devotes to network layer,to establish TCP/UDP protocol for database,According the statistical results,help network managers to judge the network operations,to redude the workload of management module in traditional management,and to improve the efficiency of network management and maintenance. |
PDF Full Text Request