ZHANG Wei,WANG Tao,PAN Yan-hui,HAO Zhen-hua

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.07.060

2008-01-01

Abstract:Network data packet capture is the precondition for network analysis,through the analysis of the models of network data packet capture in Windows,the structure and function of WinPcap based on NDIS is analyzed and introduced in detail,and how to program on the network adapter and how to capture and analyze the network data packets through WinPcap are realized under the envi-ronment of VC 6.0,and the applications of network data capture for network analysis is narrated in detail finally.

苍志刚,潘爱民

DOI: https://doi.org/10.3969/j.issn.1000-7024.2004.02.027

2004-01-01

Abstract:Sniffer has special significance to the Internet information security. This is a brief introduction to the principles of sniffer and its diversities on different platforms. There has been great difficulty in developing net monitor tools on windows platform before the appearance of winPcap, which makes it now much easier. The architecture of winPcap is depicted, and how it works. The new features and its functions, as well as key API functions are introduced. How to design network monitor tools using winPcap exemplified with a practical case of miniCap is also explained.

HE Yu,GONG Liang,YANG Yu-Pu

DOI: https://doi.org/10.3969/j.issn.1007-757X.2008.05.015

2008-01-01

Abstract:WinPcap is widely used in network monitor & control and the analyst of flow.This paper analyses the structure and main function of the packet capture system WinPcap,and uses MFC to encase it.It realizes the function of WinPcap using Visual Basic.

Xiaoyu Ma,Feiyan Chen

DOI: https://doi.org/10.4028/www.scientific.net/amr.433-440.5193

2012-01-01

Advanced Materials Research

Abstract:The P2P streaming media technology is popular and promising in recent years, to ensure the correctness of the identification method, and improve the identification rate and accuracy of the network traffic, this paper proposes a identification principle and algorithm of the P2P network traffic, and gives the overall structure of the system, Finally, puts up the system test environment. The experimental results show that the identification method of the network traffic proposed in this paper can effectively improve the identification rate and accuracy of the network traffic, the scheme has the value of further research and promotion.

Yi Gao,Wei Dong,Xiaoyu Zhang,Wenbin Wu

DOI: https://doi.org/10.1109/tnet.2020.2965587

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:Most sensor networks employ dynamic routing protocols so that the routing topology can be dynamically optimized with environmental changes. The routing behaviors can be quite complex with increasing network scale and environmental dynamics. Knowledge on the routing path of each packet is certainly a great help in understanding the complex routing behaviors, allowing effective performance diagnosis and efficient network management. We propose PAT, a universal sensornet path tracing approach. PAT includes an intelligent path encoding scheme that allows efficient decoding at the PC side. To make PAT more scalable, we propose techniques to accurately estimate the degree information by exploiting timing information, allowing more compact path encoding. Moreover, we employ subpath concatenation to infer excessively long paths with a high recovery probability. We carefully evaluate PAT's performance using testbed experiments and and extensive simulations with up to 4,000 nodes. Results show that PAT significantly outperforms existing approaches.

Shengli Liu

2007-01-01

Abstract:A traffic-analysis-based honeypot for Windows system is designed and implemented.Based on the library of IDS rules,the network driver of Windows DDK and NDIS middle-ware technology are used to realize filtering and diversion of network flow.This mechanism diverts the unauthorized flow from reaching the real server.In the meantime,it collects a vast amount of “hacking techniques” from the unauthorized flow to continuously adapt the system to the various “hacking techniques”.It improves the efficiency of Honeypot and protects the real servers.

Xiaoyu Ma,Feiyan Chen

DOI: https://doi.org/10.1109/EMEIT.2011.6023605

2011-01-01

Abstract:This article first describes the architecture of Linux network stack, the principles of link layer's filtering acquisition, and then analyze the network card drivers, lastly, gives the building Scheme of data acquisition environment and the implementation strategies of link layer filtering acquisition. Using the data acquisition system to which the filter policy is added, reduces the packet loss rate, saved the system resources, and enhanced the processing efficiency.

GAN Biao,LING Xiao-feng,GONG Xin-bao

DOI: https://doi.org/10.3969/j.issn.1009-2552.2012.01.020

2012-01-01

Abstract:In this paper,a high-speed data capture technology based on dynamic memory pool and WinpCap is proposed to cater the requirements of high-speed communications,diversified information and real-time processing in modern communication system.The proposed technology has features of high speed,low packet loss rate,high efficiency and good portability.The system test and data analysis proved that the proposed technology can effectively capture the data at speed of 300 Mbps,and can work stably in high-speed network environment.

Dan Cogălniceanu,Jijun Li

2004-01-01

Abstract:In this article,a network intrusion detection system based on WinPcap and Boyer-Moore in Windows2000 /XP is put forward and implemented.Its architecture,the capture to the packets with WinPcap and Boyer-Moore string matching algorithm are introduced and analyzed in detail.

郑凯元,叶茂,赵欣

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.36.020

2008-01-01

Abstract:With the development of World Wide Web network,the network risk occurs here and there around of us. Our information risks various intrusions and computer virus. To observe and prevent the intrusions is on the edge,a new network security technology called IPS came forth these years. The IPS can detect and prevent network intrusions in time. A Winpcap based IPS(WNIPS) includ-ing the design and implementation is present in this paper. The WNIPS will capture net packets via the NDIS,and then detect in-trusions by analyzing and statistic. It can update the firewall rules while detecting the intrusions,taking the advantage this function,the WNIPS can detect and prevent all the known intrusions and some unknown intrusions.

Ling Ruilin,Li Junfeng,Li Dan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20160823

2017-01-01

Journal of Computer Research and Development

Abstract:With the development of Internet application and the increase of network bandwidth,security issues become increasingly serious.In addition to the spread of the virus,spams and DDoS attacks,there have been lots of strongly hidden attack methods.Network probe tools which are deployed as a bypass device at the gateway of the intranet,can collect all the traffic of the current network and analyze them.The most important module of the network probe is packet capture.In Linux network protocol stack,there are many performance bottlenecks in the procedure of packets processing which cannot meet the demand of high speed network environment.In this paper,we introduce several new packet capture engines based on zero-copy and multi-core technology.Further,we design and implement a scalable high performance packet capture framework based on Intel DPDK,which uses RSS (receiver-side scaling) to make packet capture parallelization and customize the packet processing.Additionally,this paper also discusses more effective and fair Hash function by which data packet can be deliveried to different receiving queues.In evaluation,we can see that the system can capture and process the packets in nearly line-speed and balance the load between CPU cores.

WANG Li-chao,LU Qi-yong,LIN Lü-zhou

DOI: https://doi.org/10.3969/j.issn.1006-7167.2006.12.022

2006-01-01

Abstract:This article introduced an experiment,using Win32 based network-analysis and packet-capture link library Winpcap,and Visual C++,to monitor the LAN communication under Windows operation system.The practice proved that through this experiment,students should be able to understand and master computer network more quickly and deeply,and improved their programming skills.

Jiaqian Li,Chengrong Wu,Jiawei Ye,Jiong Ding,Qinwei Fu,Jiatao Huang

DOI: https://doi.org/10.1109/dasc/picom/cbdcom/cyberscitech.2019.00177

2019-01-01

Abstract:Packet capture technology is the basis for network data analysis and processing. The rapid development of network applications, the speed of network transmission, and the speedy increase in the number of network users put forward higher requirements for packet capture technology. Some high-performance network packet capture technologies come into being.This paper first analyzes the inherent defects of the traditional Linux data capture method, and then introduces and analyzes the advantages and disadvantages of the current high-performance packet capture technologies and framework from the technical principle, application flow, packet capture rate and resource occupancy.

Fengyu Wang,Xiaochun Yun,Weidong Shen

DOI: https://doi.org/10.3321/j.issn:1002-0470.2006.03.003

2006-01-01

Abstract:Through analyzing the problems of traditional network traffic measurement system, a passive network traffic measurement system is designed based on zero-copy packet capture, raw device storage and so on. The performance and the precision of network traffic measurement are improved greatly. This system is suitable for the traffic measurement of 1 Gb/s network.

Youwei Du

2013-01-01

Abstract:With the development of the P2P technology, the P2P application occupies lots of network bandwidth resources. Identification and control of P2P traffic is a hot topic nowadays. Based on the analysis of four related technologies, a NDIS intermediate driver based supervision system is proposed, and the entity characteristics are introduced in detail. The system is realized by using DDK Passthru routine, and the shared memory communication mechanism, packet interception mechanism and main data structure are also discussed.Finally, the experimental results of three common used P2P applications show the validity and usability of the system.

CHENG Lin

DOI: https://doi.org/10.3969/j.issn.1002-2279.2013.05.014

2013-01-01

Microprocessors

Abstract:This paper introduces a Multi-NIC forwarding technology in Windows embedded system.The technology can be used in network monitoring of 10-Gigabit level of traffic. On the base of the research on using NDIS IMD to realize packet capturing and packet analysis,packets can be forwarded by the specified NIC. In order to maintain the effectiveness of network monitoring,the packets of the same source IP are generally forwarded by the same NIC,so an algorithm quickly finding IP in IP address library is introduced. At last,the results of verification tests show that the views put forward in this paper are feasible and correct.

Jiang Qingmin,Wu Ning,Yan Shenyou

DOI: https://doi.org/10.3969/j.issn.2095-2163.2007.02.012

2007-01-01

Abstract:The features、parameters and the used methods of Tcpdump are introduced in the paper.

Fu Qingyun,Liu Xinsong,Wu Ai

DOI: https://doi.org/10.13382/j.jemi.2008.03.008

2008-01-01

JOURNAL OF ELECTRONIC MEASUREMENT AND INSTRUMENT

Abstract:In this paper,we propose a new streaming media traffic measurement software design method.This method does not need modify the source code of streaming media player,which has realistic value to the traffic analysis where the source code of the streaming media player is not available.At the same time the difficulties of modifying the source code of the player is avoided.Because of using PCAP software package,researchers that devote on streaming traffic characteristic measurement need not to go deep into the protocols of streaming and network communication,which reduces software development difficulties greatly.Meanwhile,PCAP software package supports most of the operating systems,which facilitates the measurement software migration among different operating systems.The technology proposed in this paper has an important engineering value in streaming or network traffic characteristic research.

LIU Bin,LI Zhi-tang,LI Yao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.05.080

2006-01-01

Abstract:Passive packet capture under high traffic load network will lead to NIC interrupt frequently.In this paper,an explanation for the poor performance of packet capture under heavey load is presented.A approach is proposed to decrease the number of NIC interrupt that NAPI mechanism for linux-based systems is taken.

Zhao-xin ZHANG,Bin-xing FANG,Ming-zeng HU

DOI: https://doi.org/10.3969/j.issn.1007-5321.2006.02.030

2006-01-01

Abstract:The architecture of information capture for the high-speed network environment was proposed. The different network bandwidth adaptive problem was well solved by the extensible network detection model. It has been found that real-time data stream capture from high-bandwidth networks, high-performance multi-thread TCP/IP (transmission control protocol/Internet protocol) protocol stack, and protocol analysis platform based on PLUGINs have captured and assembled the information wonderfully. The architecture integrated these technologies effectively will solve the problems such as the large-scale detection, high-speed data stream, ensuring the in-time, security and veracity of the information on multi-road and high-speed networks.