| With the popularization and development of computer network, network technologybecomes more and more mature. Network has turned an indispensable part of people’s life.Therefore, network security monitoring and management seem particularly important. Inorder to protect the safety and reliability of the network, especially in the large flow networkenvironment, improving the efficiency and accuracy of network monitoring and managementhas very vital significance.At the situation of big network size and large data flow, network packets interception andanalysis base on application layer often occurs the phenomenon of packet loss andincompatible with64-bit operating system. It meets the requirements of network securitymanagement and monitoring difficultly.A network monitoring system base on NDIS intermediate driver which captures networkpackets on link layer in the Windows platform is proposed in this paper. Firstly, extendPassthru to capture packets. Then use the method of shared memory and especial datastructure to reduce the number of data copying and transmission time between the applicationlayer and kernel layer. Finally, application layer system uses multi-core multi-threadtechnology and MongoDB database for high-speed storage to reduce the loss rate of packetduring the analysis. Besides, designed packets reorganization algorithm of HTTP data packetto restore the complete information of packets and enhance the regulatory scope of thenetwork monitoring system.Taking use of a suitable network to test the effectiveness of the algorithm and systemdesigned in this paper. Compared with traditional network packet interception and analysissystem, there are better accuracy and effective showed by the experiment results. |
PDF Full Text Request