基于libpcap的网络嗅探系统的设计与实现

发布时间：2018-05-19 16:28

本文选题：网络嗅探 + libpcap　；参考：《北京邮电大学》2017年硕士论文

【摘要】：随着计算机技术,信息技术的迅速发展,网络安全的问题对于社会的很多方面都显得非常重要,由病毒,网络攻击等造成的损失十分巨大,每年出现的网络安全问题的事件越来越多,网络嗅探技术则是当今网络安全领域内的一项重要技术,可以主动通过捕获网络中所有或者特定的网络数据包进行分析,找出网络中存在或者潜在的网络安全问题,检查出网络中的故障和免遭黑客或他人非法利用和攻击。网络嗅探也称为网络监听,具有网络监测、流量分析和数据获取等功能,网络嗅探器是利用网络接口捕获在网络中传输的数据信息的一种工具,主要功能是分析流过网络接口的网络流量,来发现网络中存在和潜在的问题,它是提供给网络管理者监视网络运行状态和数据流动情况的有效管理工具。网络嗅探器既能用于合法网络管理也能用于窃取网络信息。网络管理员和安全人员可以采用网络嗅探器进行网络运作和维护,如监控网络数据流量、进行网络安全操作、鉴定分析网络数据以及诊断并修复异常网络问题等。本文主要研究网络数据包的捕获和分析技术,并基于libpcap技术开发了一个网络数据包嗅探系统,实现了数据包的捕获与分析。论文主要进行了以下几方面的工作:(1)介绍了网络嗅探的概念,对网络嗅探的背景意义现状和现有的嗅探软件进行了综述。(2)对本文实现的嗅探系统所用的技术,libpcap捕获数据包,PF_RING技术,协议分析等技术进行了学习和研究。(3)对本文的网络嗅探系统进行了功能和需求分析,以及对各个模块及其功能进行了详细设计和阐述。(4)利用PF_RING技术对libpcap捕获数据包进行了优化,在linux系统中使用libpcap+PF_RING捕获数据包提高了捕获效率,采用B/S架构实现该网络嗅探系统,在web端利用图表形式展示数据包及其统计信息。
[Abstract]:With the rapid development of computer technology and information technology, the problem of network security is very important to many aspects of society. The losses caused by viruses and network attacks are very great. Every year, there are more and more network security problems. Network sniffing is an important technology in the field of network security. It can be analyzed by capturing all or specific network packets. Find out the existing or potential network security problems in the network, detect the network faults and avoid illegal exploitation and attack by hackers or others. Network sniffer, also known as network sniffing, has the functions of network monitoring, traffic analysis and data acquisition. The network sniffer is a tool for capturing the data information transmitted in the network by using the network interface. The main function is to analyze the network traffic flowing through the network interface to find out the existing and potential problems in the network. It is an effective management tool for network managers to monitor the network running state and data flow. Network sniffer can be used both for legitimate network management and for stealing network information. Network administrators and security personnel can use network sniffer for network operation and maintenance, such as monitoring network data flow, carrying out network security operations, identifying and analyzing network data, diagnosing and repairing abnormal network problems, and so on. This paper mainly studies the capture and analysis technology of network data packet, and develops a network packet sniffing system based on libpcap technology, which realizes the capture and analysis of data packet. This paper introduces the concept of network sniffing. The background significance of network sniffing and the existing sniffer software are summarized. Protocol analysis and other technologies are studied and studied. (3) the functions and requirements of the network sniffer system are analyzed, and each module and its functions are designed and described in detail. The PF_RING technology is used to optimize the capture of libpcap data packets. The capture efficiency is improved by using libpcap PF_RING capture data packet in linux system. The network sniffer system is implemented by using B / S architecture, and the data packet and its statistical information are displayed in the form of chart at the web end.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】