Improvement And Implementation Of Data Packet Capture System

With the continued growth of network users,network applications continue to emerge,the Internet has become the information infrastructure of human society.The scale of the current Internet is keep growing;Network transfer rate is also increasing.The basic position of the Internet to improve the efficient use of network resources,optimize network performance,to ensure the efficient operation of the Internet is very important.Network traffic monitoring through the collection and analysis of network traffic can be carried on a comprehensive understanding of network operating conditions,so as network management,network optimization,protocol design,network behavior analysis,network security,and so provide a basis and guidance,became the focus of research,get people's attention.The main process of network traffic monitoring network traffic in real time,including collection,storage and subsequent data packet flow analysis,and real-time traffic monitoring network traffic capture is the foundation.Packet capture process in order to ensure no loss as the goal,has made a variety of packet capture methods and tools to achieve real-time traffic capture,their improvement is mainly focused on improving data packets from the NIC copy in memory efficiency.But for traffic monitoring,usually the real-time acquisition and real-time traffic is inseparable from the process stored in a data packet capture process optimization,real-time storage of packets often become a performance bottleneck.It has been stored in the packet due to the need in the user space and kernel space copy repeated several times,making the loss packet capture system will eventually appear.In this paper,the packet capture technology and systems in-depth research and analysis,based on the real-time packet capture system stored procedures to improve and optimize the main work done:1 Through the existing packet capture technologies and systems for a more in-depth research and analysis,the paper found that optimizing existing technologies focused copy packets from the NIC memory processes,and reduce the overhead of packet capture.However,due to traffic monitoring often also need to store the captured packets to the hard disk and other external storage devices,the prior art in this regard less optimized so that the data packet is stored in the user space and also need to make multiple copies of the kernel space,overhead larger packet loss.2.Thesis generic software and hardware architecture as a platform,we propose aspace directly from the kernel to an external storage method for real-time storage of data packets.Implements a kernel space packet capture and storage modules to improve storage efficiency.The proposed LPKP kernel packet capture kernel module by enabling direct write to disk,packet core CPU cache optimization design and optimization of scheduling and other measures to make the packet capture in the entire process from the card to a disk storage are not through user space,while avoiding the kernel to user space to kernel space and user memory copy of the overhead,eliminating unnecessary memory copy.3.Use the built experimental platform of the proposed methods for the more comprehensive tests and experiments.Experimental results show that the system under the same conditions LPKP packet capture packet loss rate than existing packet capture tool low 8.9%;inquiry resulting in increased disk I / O level of competition is high,compared with existing tools,the experimental results show LPKP CPU utilization decreased by 3%,and the overall reduction of 16% on LPKP process memory usage.