| Nowadays, many new internet-based applications are characterized complex andtraffic-consuming. These new applications would bring about network jam and occupyresources so that they would offend other users’ rights. Therefore, providing a better internetservice and better managing the net is a problem causing more and more concern. Thenetwork flow could record and reflect the internet user’s application,at the mean time,thetraffic collected from the mainframe could also reflect the matchup between the applicationand traffic(traffic can be determined by wu yuan group). Generally speaking, we can knowwhich application sends the traffic sent from the mainframe.Getting the matchup underliesthe traffic mark, and it provides accurate basic data sets marked by the application for analysis.We can indirectly better understand the use of the net by sorting the traffic,so as to wellmanage the net.This paper aims at solving the essential problem, that is the matchup betweenapplication program and wu yuan group and has designed an analysis of the mainframe trafficcollection based on the socket and hook technique. This system could put the dynamic linkLibraries set written by itself to cyber space of the destination proceeding by hook technique.After this,the system could get the functions, which are being used when the destinationproceeding sends and receives messages, such as send()、recv() and so on. Then, we replacethese functions by others written by ourselves and do some logic dealing to them and exactthe matchup relationship between wu yuan group and application pangram. At the sametime,the functions such as detour_send (), detour_recv() in the dynamic link set written byourself could sends back the bits they received,so that we can calculate the speed and thetotal number of the traffic.Thus, this paper is theorical meaningful and deserves researching.This paper states the design principle based on socket hook’s mainframe traffic analysissystem.And it has introduced the modules, including its function, technique principle andpartial detailed code design.The main techniques involved in the system are:Socketcommunication technique, Hook technique, Hook API technique, enumerating proceedingtechnique, ram reflecting the workfile technique, Detours SDK using technique, sharing databy many proceeding technique, calling dynamic link Libraries set and inject it to other proceeding technique, timer technique, map container technique, traffic statistic technique andso on.The outcome of the programme has been listed in the paper and corresponding analysisis also presented. At the end, the paper points out the shortcomings of the programme andfinds the detection of further research. |
PDF Full Text Request