基于嗅探技术的网络监控系统设计与实现

【作者】 杨明涛；

【导师】 黄汉永；

【作者基本信息】 中南大学 ， 计算机应用技术， 2007， 硕士

【摘要】 随着通讯技术和网络的发展，网络已日益成为生活中不可或缺的工具，在给用户带来方便的同时也使得维护网络安全变得更加困难。为了保护企业的机密信息不被泄漏，封堵网上的不良信息，网络监控系统在网络安全中起到越来越重要的作用。论文首先介绍了网络嗅探技术中的两种数据包捕获过滤模型：BPF和NPF。并了解了相对应的捕获函数库Libpcap和Winpcap的体系结构；研究了协议分析技术。在此基础上，对系统的三个主要功能模块(网络嗅探器、协议分析引擎、监控台)进行了详细的设计和实现。其次，论文阐述了几种经典的协议分析技术。基于此，对模式匹配算法进行了改进。改进的算法充分利用每一次匹配比较的信息以跳过尽可能多的字符进行下次比较，提高了网络监控系统的效率。同时也指出了其缺陷。最后，论文对系统的主要功能模块和改进的模式匹配算法进行了测试。通过对测试结果的分析总结了其优点和不足。更多还原

【Abstract】 With the development of communication technology and network, the network has already become a tool which is indispensable in everyday. It makes the maintenance for the network security become more difficult. To avert an enterprise’s secret information from being leaked, block the harmful information on internet. The network monitor system plays a more and more important role in network security.At first this paper has introduced two kinds of data capturing and filtering models: BPF and NPF. And comprehended the architecture of Libpcap and Winpcap, which are the function library respectively corresponding BPF and NPF. Study the protocol analysis technology. Base on these, this paper carry on the detail design and implement to the three major function modules (network sniffer, protocol analysis engine、control and monitor console).Secondly, this paper expatiates on some classical pattern matching algorithms, and analyses their advangtages and disadvantages. On the basis of this, improves the pattern matching algorithms.The improved algorithm makes full use of the information of every matching comparison to skip more characters before the next comparison. Improved the efficiency of the network monitor system. At the same time, point out the defects.Finally, this paper conducts a number of tests in the ethernet network. To test the main function modules and the improved pattern matching algorithm. After analysising the results of the tests, summarized the merits and the limitations of the network monitor system.更多还原