摘要
被动数据捕捉技术在网络安全领域有着极其丰富的应用,但传统的采集方式在网络流量较大时,系统将出现大量丢包现象,己经不能适应千兆网络的要求。PF_RING机制是一种不必修改网卡驱动,面向PC、普通网卡的接口丰富的性能表现优异的软件解决方案。本文首先分析了传统的数据包采集技术,然后对PF_RING机制进行详细的分析,在此基础上,基于Linux操作系统实现了基于PF_RING的IPv6数据包采集,最后在实验平台上进行测试并对测试结果进行分析。
Passive packet capture is widely used in network security.The traditional packet capture architecture is no longer efficient in Gigahit network because it loses most of the packets when flooded by high speed data transfer.PF_RING is an architecture which doesn't need to modify the NIC driver and it is a high performance solution for high speed packet capturing.lt is designed for PC and has various interfaces.It can he used in various systems.This paper analyses traditional packet capture methods and concentrates on the principles of PF_RING, and then implements the IPv6 packet capturing in the network environment on Linux system.The paper tests the performance of PF_RING architecture and analyses the result.
出处
《电脑编程技巧与维护》
2009年第12期62-63,共2页
Computer Programming Skills & Maintenance
