Design And Implementation Of Data Packet Capture And Parsing System Based On CM Platform

With popularity of Internet and exploring of formation, monitoring, analyzingand controlling network data becomes more important and urgent. Networkequipment is the only tool to transfer network data. It is the most reliable andconvenient method which uses network equipment for netwok fault locating anddata monitoring.This article explains a system of data pacaket capture and parsing on the basisof CM platform(a network operating system), which allows network managers anddevelopers to avoid constructing complex graph and realize data packet capture andparsing on network equipment and make further parsing. First, the article provides acomplete requirement analysis, makes a division of requirement point and outputsdetailed requirements document to guide to design, develop and test. Therequirements can be divided into two parts roughly: data packet parsing requirementpart (data packet transferring and parsing) and kernel data packet capturerequirement part: data packet capture and filtering. Each part is divided into smallfunction points.Second, in the system design and implementation, the system includes twoparts: data packet parsing module and data packet capture module. data packetparsing module includes Tshark, Tdump, Dumcap, Pcap sub-module. Tsharksubmodule mainly fulfills analytical function, and Tdump module finishes datapacket transferring function and receives data captured through kernel and editspacket into file. Pcap submodule mainly provides unified interface for capturingdata packet. data packet capture module is the key module and the base of the wholesystem, which realizes a new socket protocol family LPS(Linux Packet Socket),captures packetd from link layer, makes BPF filtration and supports query forrelative socket information. Because CM platform is network operating system likeUNIX system and there is no socket in kernel to meet the needs, data packet capturemodule needs to be developed by programmers. In addition, CM platform supportsreal Network equipment and doesn't support interface board writing file opration tomaster board. Therefore open source model, WireShark module, is not fit for thesystem. Through comparative analysis, without changing open source Tshark modeland file system of platform layer, we hit the target by Tshark sub-moduletransplantation, newly-added Tdump sub-module and Dumpcap sub-moduledeveloped by ourselves. Pcap (Libpcap), as multi-platform general database, can betransplanted to many platforms. Last, we carried on functional test and non-functional test on the system. Thetesting result shows the system can meet requirement of function point andnon-function point, which fulfills the initially designed target.