| With the comprehensive analysis of the vulnerability of the network and intrusion behaviors, the network based Intrusion Detection System (IDS) becomes more and more important in network security. In the mean time, this young field also meets many challenges today. These challenges include how to increase the detecting speed to meet the requirement of the band increase, how to reduce the false positive and false negative to enhance the accuracy of the detection as well as how to realize the interoperation among the IDSs and other security products.This paper introducing the corresponding background knowledge and analyzing the protocol frame releated to IDS. In the design of NIDS, sniffing component is very important .you can use sniffer log network traffic effectively. This paper take advantage of WINPCAP to design a sniffer. The application of the protocol analysis technology in IDS is also discussed in this paper. In this part, many protocols are analyzed (from datalink layer to network layer).In this sniffer, you can log your LAN traffic through rule files, which describe the rules, such as protocol type, port number and IP address. With the help of this sniffer you can find valuable information. |
PDF Full Text Request