Research And Implementation Of Network Packet Capture System In 10 Gigabit Network

With the rapid development of Internet, the bottleneck of the network packet capture system which is base of network security has become more and more obvious. On the one hand, network bandwidth has been developed to gigabit network and the bottleneck of network has not been network transmission, but network processing. On the other hand, a large amount of CPU resources are consumed to capture network packet with the traditional packet capture system, and this has resulted in low efficiency. Thereby, the thesis mainly focuses on the new system of packet capture, which is designed for 10 gigabit network. The new system not only can handle 10 gigabit wire-speed data, but also can analysis network packets protocols and filter the keywords of the packets.Firstly, this thesis proposes a new hardware architecture of network packet capture system, the function of the framework can not only process data with wire-speed, but also can filter invalid garbage data, greatly enhances the efficiency of data capture. Meanwhile, according to the characteristics of network packet protocols, a fast new protocols identification algorithm based on cache is presented, which allows packets to enter cache for identifying the packet head protocols with pipeline, and then the packet characteristics header is constructed with analysis results. In order to match the contents of network packets, a parallel multi-byte matching algorithm is advanced, which uses the advantage of hardware pipeline processing to build unit matched chain. The successful matching table is build based on the successfully matching of unit chain after the network packets are sent to unit matched chain. In additional, the algorithm can meet the bandwidth of the 10 gigabit network, record the basic attributes of the packets which is accurately matched. Based on protocols analysis and keyword matching, the new packets capture and trigger mechanism can easily start to capture packets or stop capturing. It integrates 6 rules which can be combined together to form a large special rules, filters the invalid packets and capture the packets which are wanted.Finally, this thesis presents a reference design which applies the all above algorithms, and the design is implemented successfully with FPGA. The full functional verification system is also present to verify the function of the system, and lots of test technologies are used to examine the performance of the system, the result has reach the desired objectives.