Design of Network Protocol Analyzers Using WinPcap
نویسنده
چکیده
This paper introduces two approaches to develop the network protocol analyzers, one of which is based on NDIS (Network Driver Interface Specification), the other is based on WinPcap. The second approach is discussed in details. This paper outlines the WinPcap architecture. Functions exported by WinPcap are classified in three types. On this classification, we can accurately configure the developing environment, e.g. define the preprocessors, set working directories. Three basic functions, i.e. pcap_ findalldevs_ex(), pcap_open(), and pcap_next_ex(), are interpreted thoroughly. In the end, a step-by-step example is given with its outcomes.
منابع مشابه
Architecture of a Novel High Performance Traffic Capturing Device Based on the Intel IXP2400 Network Processor
The extensive availability of cost effective commodity PC hardware pushed the development of flexible and versatile traffic monitoring software such as protocol analyzers, protocol dissectors, traffic sniffers, traffic characterizers and IDSs (Intrusion Detection Systems). The largest part of these pieces of software is based on the well known libpcap API, which in the last few years has become...
متن کاملDynamic Application-Layer Protocol Analysis for Network Intrusion Detection
Many network intrusion detection systems (NIDS) rely on protocol-specific analyzers to extract the higher-level semantic context from a traffic stream. To select the correct kind of analysis, traditional systems exclusively depend on well-known port numbers. However, based on our experience, increasingly significant portions of today’s traffic are not classifiable by such a scheme. Yet for a NI...
متن کاملAn Architecture for High Performance Network Analysis
Most Unix systems provide a set of system calls that allow applications to interact with the network directly. These primitives are useful for example in packet capture applications, which need to grab the data flowing through the network without any further processing from the kernel. WinPcap is a newly proposed architecture that adds these functionalities to Win32 operating systems. WinPcap i...
متن کاملProfiling and Optimization of Software-Based Network-Analysis Applications
A large set of tools for network monitoring and accounting, security, traffic analysis and prediction — more broadly, for network operation and management — require direct and efficient real-time access to data traveling on the network. Software tools are often preferred because of their low cost and high versatility. However, these tools are often considered to suffer from performance problems...
متن کاملOffline Time Synchronization for libpcap Logs
A fundamental problem in real-world computer network experiments is that each system uses its own local clock to timestamp events. These clocks are not perfectly accurate, and thus deviate from each other. Event timestamps assigned by different nodes can therefore not immediately be compared, making the analysis of experimental results difficult. The synchronization of the clocks online during ...
متن کامل