摘要
介绍了两种重要的网络数据包截获机制,SOCKET_PACKET套接口和BPF过滤机制,然后介绍了Unix下的支持BPF的一种常用的数据包截获技术:Libpcap库,给出其常用的函数,并总结设计出了一个通用的数据包截获程序框架。基于开源入侵检测系统Snort的源代码,详细分析了Snort如何调用Libpcap以实现网络数据包的截获,对该框架进行了进一步的证实和阐述。网络数据包截获机制在其它领域也有广泛的应用,该研究提出的设计思路对于相关开发人员具有重要的参考价值。
Two network packet capture method are discussed, SOCKET PACKET and BPF. As follows, a very wide-used packet capture library Libpcap is introduced in detail, which supports BPF. Its main functions are explained. Then a useful packet capture programming frame is designed. Snort, which is an open-sourced network intrusion detecting system, captures network packets by Libpcap. After analyzed and explained in detail based on the Snort source code, the mechanism of capturing packets in Snort also obeys the programming frame we design. Since packet capture method is also used in many other fields, such as network monitoring system, the programming frame has great values to relative researches and developments.
出处
《计算机工程与设计》
CSCD
北大核心
2006年第23期4529-4532,共4页
Computer Engineering and Design
