Design And Implementation Of The Monitoring System Of Network Application Based On Protocol Analysis

With the development of the Internet, in China, various network applications have sprung up in the market. Almost everyone use Internet everyday. People share information through the Internet. In this information age, information has been an important resource in supporting activities in society, economy and production. In order to ensure the security of information, we need to establish a reliable and efficient information security guarantee system, which has practical significance for maintaining the stability of the social life and national security.Combining specific application requirements, this article states the design and the implementation of a network application which called the monitoring system of network application-based on protocol analysis, gives the general design principles, describe the basic architecture of the system, the division of each function module and the main workflow.The system mainly consists of five subsystems. The platform management subsystem manages the system configuration and log, and also takes responsible for controlling and scheduling the system process; The business management subsystem manages the system business; The data collection subsystem is for a variety of different sources of data collection and sorting; The protocol decoding subsystem contains underlying decoding and application layer decoding. The system uses template technology and multi-pattern matching algorithm to analysis HTTP protocol when decoding in application layer. The output subsystem outputs the parsed data according to business requirements. When system collects data by netcard driver method, it can directly get data from netcard by zero copy technology, and give the limited CPU resources to system at the most extent. Also, the system uses memory buffer pool to be cache of data transmission of process communication. So, it can use the memory that has been replied repeatedly instead of replying and release again and again. This reduce the expense in memory application and release and improve the performance of the system. The main work of author is to identify and decode the non-HTTP protocols such as instant messaging protocols, implement the template technology and output the original content and operation behavior, as to say, to finish and put up with the design idea of template technology and decoding module of application layer.The system comes into service now. It has provided a lot of useful clues for government. Actual operating results show that the system is able to listen more than one thousand applications simultaneously. It can meet the needs of practical application.