| With the development of communication technology and network, the network has already become a tool which is indispensable in everyday. It makes the maintenance for the network security become more difficult. To avert an enterprise's secret information from being leaked, block the harmful information on internet. The network monitor system plays a more and more important role in network security.At first this paper has introduced two kinds of data capturing and filtering models: BPF and NPF. And comprehended the architecture of Libpcap and Winpcap, which are the function library respectively corresponding BPF and NPF. Study the protocol analysis technology. Base on these, this paper carry on the detail design and implement to the three major function modules (network sniffer, protocol analysis engine,control and monitor console).Secondly, this paper expatiates on some classical pattern matching algorithms, and analyses their advangtages and disadvantages. On the basis of this, improves the pattern matching algorithms.The improved algorithm makes full use of the information of every matching comparison to skip more characters before the next comparison. Improved the efficiency of the network monitor system. At the same time, point out the defects.Finally, this paper conducts a number of tests in the ethernet network. To test the main function modules and the improved pattern matching algorithm. After analysising the results of the tests, summarized the merits and the limitations of the network monitor system. |
PDF Full Text Request