摘要
数据包截获机制是网络性能分析工具和网络安全工具的实现基础。UNIX系统下可利用基于网卡的混杂方式BPF、DLPI机制实现。Windows系统下有三种实现方法:在网卡驱动程序和TCP/IP协议栈间利用NDIS机制开发中间驱动程序;利用分层结构模式在Tcpip.sys上挂接截获驱动程序;通过编写服务提供者接口程序(SPI)截获。并以NDIS驱动程序为例,详述了其实现过程和主要函数的实现流程。
Capture mechanism on network data packages is the basic analysis tools of network capability and network security systems. It can be implemented both in UNIX system, using BPF、DLPI mechanism based on the network card抯 intermixing mode and in WINDOWS system by 3 ways: using NDIS intermediate driver between network card driver and TCP/IP, putting capture driver into Tcpip.sys and compiling SPI program. Capture mechanism implementation and the primary functiones, taking NDIS driver for example, is described in detail in the article.
出处
《兵工自动化》
2003年第6期34-36,共3页
Ordnance Industry Automation
关键词
数据包
截获机制
过滤器
中间驱动程序
Data packets
Capture mechanism
Filter
Intermediate driver