| The advancement of network technology is promoting the development of the Internet.The access methods to Internet through broadband access and optical fiber access have gradually become popular.Almost all aspects of production and living of humans have been inseparable from the existence of the Internet.Therefore,it becomes very important to guarantee the stability of network operation and the security of the networks.Monitoring the network is a main method to obtain the operation status and security information of a network.One of the effective measures for network monitoring is to capture and analyze packets in the network.Firstly,this paper analyzes the process of receiving and processing incoming packets in the Linux operating system,from arriving at network card until entering the network stack for later processing.And this paper describes the principle of capturing packets in the network where hosts are connected through the switch.After that,this paper studies and compares the traditional packet capture method and the memory mapping packet capture method.Then based on the communication mechanism between the kernel space and user space in the Linux operation system,this paper proposes a method for capture packets using a character device based on the network interface drive.This method is effective for capturing large-size packets under a high bandwidth.After studying the packet capture methods,in this paper a packet capture and monitoring system is designed according to the analysis of the packet capture and monitoring requirements.The system is able to capture the packets through a mirror port of the switch.Almost no packet losts when the system is working under a high packet sending speed or a large bandwidth situation and it can work stably for a certain period under a continuous high speed.And the system is able to analyze and store the captured data,record the suspicious packets captured and receive real-time control in the running state from local or remote. |
PDF Full Text Request