本文選題：網(wǎng)絡(luò)數(shù)據(jù)捕獲 + 數(shù)據(jù)分析�。� 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：伴隨著信息化水平的不斷提高,互聯(lián)網(wǎng)正在以前所未有的速度滲入到人們的日常生活中,并且日趨復(fù)雜。復(fù)雜的網(wǎng)絡(luò)必然充滿了海量的網(wǎng)絡(luò)數(shù)據(jù),這些數(shù)據(jù)都是由無數(shù)的網(wǎng)絡(luò)應(yīng)用所產(chǎn)生的,由于網(wǎng)絡(luò)應(yīng)用千變?nèi)f化,所以這些數(shù)據(jù)也隨著變得非常復(fù)雜。網(wǎng)絡(luò)數(shù)據(jù)中包含有大量的信息,既包括用戶本人傳遞的信息,也包括各網(wǎng)絡(luò)設(shè)備為協(xié)調(diào)自身的工作所傳輸?shù)男畔?這些數(shù)據(jù)中通常會包含有威脅網(wǎng)絡(luò)安全的數(shù)據(jù)。對網(wǎng)絡(luò)數(shù)據(jù)進行捕獲和分析不僅有助于網(wǎng)絡(luò)進行監(jiān)管和優(yōu)化,還能發(fā)現(xiàn)網(wǎng)絡(luò)中潛在的安全問題,以對可能存在的網(wǎng)絡(luò)安全問題做好預(yù)防工作。很多與網(wǎng)絡(luò)安全有關(guān)的工具都是以網(wǎng)絡(luò)數(shù)據(jù)包捕獲和分析為基礎(chǔ)的,如IDS和IPS等。由于如今所使用網(wǎng)絡(luò)設(shè)備和數(shù)據(jù)站大多都是以Linux系統(tǒng)為基礎(chǔ)的,因此以Linux系統(tǒng)為基礎(chǔ)對網(wǎng)絡(luò)數(shù)據(jù)進行捕獲并進行分析具有更現(xiàn)實的意義,本課題所做的工作也都是基于Linux系統(tǒng)的。本文首先系統(tǒng)的闡述了網(wǎng)絡(luò)數(shù)據(jù)包捕獲和分析的原理以及本課題所用到的技術(shù),涉及了 TCP/IP網(wǎng)絡(luò)體系結(jié)構(gòu)、協(xié)議分析技術(shù)以及數(shù)據(jù)包的封裝格式等,Libpcap函數(shù)庫以及數(shù)據(jù)包過濾技術(shù)是這其中的一個關(guān)鍵點。然后,以以上相關(guān)技術(shù)為基礎(chǔ),分析本系統(tǒng)的功能,對網(wǎng)絡(luò)數(shù)據(jù)捕獲和分析模塊進行設(shè)計并實現(xiàn),這其中比較重要的有統(tǒng)計分析、協(xié)議分析和分析結(jié)果實時展示。由于現(xiàn)有的技術(shù)不能及時的給出分析結(jié)果,本課題以此為突破點,在采集數(shù)據(jù)包的同時對其進行分析,實現(xiàn)了數(shù)據(jù)包的及時分析和實時展示。最后對本系統(tǒng)所提供的功能進行了測試,并對測試結(jié)果做簡要說明。本課題的創(chuàng)新之處在于網(wǎng)絡(luò)數(shù)據(jù)包的實時捕獲以及分析結(jié)果的實時展示上,系統(tǒng)在捕獲數(shù)據(jù)包時便立即對其進行分析,并將分析的數(shù)據(jù)以可視化的方式向用戶展示,用戶便可以非常及時的掌握網(wǎng)絡(luò)的異常情況,以便能迅速做出應(yīng)對措施�？偨Y(jié)來說,本文主要進行了以下幾個方面的工作:1. 闡述網(wǎng)絡(luò)數(shù)據(jù)捕獲和分析的一般方法和部分已有成果,并進行分析和加以對比,為后續(xù)工作提供參考依據(jù)。2. 深入挖掘Libpcap函數(shù)庫提供的用于網(wǎng)絡(luò)數(shù)據(jù)包捕獲的功能,總結(jié)利用該函數(shù)庫進行網(wǎng)絡(luò)數(shù)據(jù)捕獲的主要方法和流程。3. 在Linux系統(tǒng)下編寫程序利用Libpcap函數(shù)庫對網(wǎng)絡(luò)數(shù)據(jù)進行捕獲,然后進行信息提取,這其中包括數(shù)據(jù)包使用的網(wǎng)絡(luò)協(xié)議,源端口號和目的端口號,HTTP數(shù)據(jù)包等。4. 將對網(wǎng)絡(luò)數(shù)據(jù)包分析所得的數(shù)據(jù)以可視化的方式實時向用戶展示。5. 對本系統(tǒng)實現(xiàn)的所有功能進行測試。
[Abstract]:With the continuous improvement of information technology, the Internet is infiltrating into people's daily life at an unprecedented speed, and is becoming more and more complex. Complex network must be full of massive network data, these data are produced by numerous network applications, because the network applications are changing, so these data also become very complex. There are a lot of information in network data, not only the information transmitted by users themselves, but also the information transmitted by various network devices to coordinate their own work. These data usually contain data that threaten the security of the network. The acquisition and analysis of network data can not only help to supervise and optimize the network, but also find the potential security problems in the network, so as to prevent the possible network security problems. Many tools related to network security are based on network packet capture and analysis, such as IDS and IPS. Because most of the network devices and data stations used today are based on Linux system, it is more realistic to capture and analyze the network data based on Linux system. The work of this subject is also based on Linux system. In this paper, the principle of network packet capture and analysis and the technology used in this subject are described systematically, and the TCP/IP network architecture is involved. Protocol analysis technology, packet encapsulation format and Libpcap library and packet filtering technology are one of the key points. Then, based on the above related technologies, the function of the system is analyzed, and the network data capture and analysis module is designed and implemented. Among these modules, the important ones are statistical analysis, protocol analysis and real-time display of analysis results. Because the existing technology can not give the analysis result in time, this subject takes this as the breakthrough point, collects the data packet simultaneously carries on the analysis, has realized the data packet timely analysis and the real-time display. Finally, the functions provided by the system are tested, and the test results are briefly explained. The innovation of this subject lies in the real-time capture of network data packets and the real-time display of the analysis results. The system analyzes the data packets immediately when they are captured, and displays the analyzed data to the users in a visual way. Users can very timely grasp the abnormal situation of the network in order to make quick response. To sum up, this paper mainly carried out the following aspects of work: 1. This paper expounds the general methods and some existing achievements of network data acquisition and analysis, analyzes and compares them, and provides a reference basis for the follow-up work. This paper deeply excavates the function provided by Libpcap function library for network data packet capture, and summarizes the main methods and flow chart of network data capture using this function library. In the Linux system, the program uses the Libpcap function library to capture the network data and extract the information, which includes the network protocol, the source port number and the destination port number, etc. The data obtained from the analysis of the network packets will be displayed to the user in a visual way in real time. All the functions of this system are tested.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08;TP316.81

【參考文獻】

相關(guān)期刊論文 前10條

1 楊川;劉丹;;一種云環(huán)境下防火墻策略異常處理的優(yōu)化方法[J];微電子學(xué)與計算機;2015年09期

2 李美萱;;網(wǎng)絡(luò)中路由器的應(yīng)用與配置分析[J];科技展望;2015年05期

3 吳軍;鄧寶龍;邵定宏;;基于SMFDD實現(xiàn)分布式防火墻異常規(guī)則檢測及優(yōu)化[J];計算機工程與設(shè)計;2014年11期

4 王立軍;;基于域間路由的分布式分組過濾有效性研究[J];軟件學(xué)報;2012年08期

5 潘楠;王勇;陶曉玲;;基于OSPF協(xié)議的網(wǎng)絡(luò)拓撲發(fā)現(xiàn)算法[J];計算機工程與設(shè)計;2011年05期

6 詹瑾;謝贊福;;Linux內(nèi)核Netfilter包過濾防火墻的設(shè)計與實現(xiàn)[J];科學(xué)技術(shù)與工程;2010年18期

7 張永彩;;SNMP協(xié)議下的計算機網(wǎng)絡(luò)監(jiān)控管理系統(tǒng)開發(fā)研究[J];信息與電腦(理論版);2010年01期

8 周紹君;徐中偉;喻鋼;李弋強;吳劍;;面向安全需求的測試用例自動生成技術(shù)研究[J];計算機工程與應(yīng)用;2009年28期

9 楊奕;楊樹堂;陳健寧;陸松年;;基于統(tǒng)計分析與規(guī)則沖突檢測的防火墻優(yōu)化[J];計算機工程;2008年15期

10 李紅嬌;李建華;;基于程序行為異常檢測的數(shù)據(jù)流屬性分析[J];上海交通大學(xué)學(xué)報;2007年11期

相關(guān)碩士學(xué)位論文 前8條

1 熊堅;網(wǎng)絡(luò)實時分析系統(tǒng)數(shù)據(jù)采集與傳輸分析模塊的設(shè)計與實現(xiàn)[D];北京郵電大學(xué);2015年

2 王建強;網(wǎng)絡(luò)實時分析系統(tǒng)故障分析功能的設(shè)計與實現(xiàn)[D];北京郵電大學(xué);2014年

3 翁佳雷;網(wǎng)絡(luò)實時分析系統(tǒng)的分析平臺設(shè)計與實現(xiàn)[D];北京郵電大學(xué);2014年

4 宋穎瑩;分布式流計算框架節(jié)點管理功能的設(shè)計與實現(xiàn)[D];北京郵電大學(xué);2013年

5 張瀟曉;網(wǎng)絡(luò)流量分析關(guān)鍵技術(shù)研究與系統(tǒng)實現(xiàn)[D];國防科學(xué)技術(shù)大學(xué);2012年

6 易小林;基于Linux的網(wǎng)絡(luò)測量技術(shù)研究與實現(xiàn)[D];河北工業(yè)大學(xué);2011年

7 賈靜;基于Linux平臺的數(shù)據(jù)截獲分析技術(shù)研究與實現(xiàn)[D];上海交通大學(xué);2007年

8 陳唯典;基于Linux的網(wǎng)絡(luò)分析、檢測系統(tǒng)的研究與實現(xiàn)[D];四川大學(xué);2005年

，

本文編號：1917067