本文選題：WinPcap + 高速文件分片存儲(chǔ)　； 參考：《華中師范大學(xué)》2015年碩士論文

【摘要】：當(dāng)今互聯(lián)網(wǎng)技術(shù)發(fā)展迅猛,與商業(yè)交互日益頻繁,越來(lái)越多的經(jīng)濟(jì)活動(dòng)轉(zhuǎn)移到了線上。網(wǎng)絡(luò)已經(jīng)滲透到我們生活的方方面面：我們用網(wǎng)絡(luò)進(jìn)行通信、搜索、購(gòu)物；我們的生活已經(jīng)離不開(kāi)網(wǎng)絡(luò)。在工業(yè)生產(chǎn)過(guò)程中可以通過(guò)網(wǎng)絡(luò)監(jiān)視手段,檢測(cè)網(wǎng)絡(luò)中的設(shè)備及工業(yè)生產(chǎn)中各個(gè)環(huán)節(jié)的運(yùn)行狀態(tài),全面掌握并管理追蹤所有生產(chǎn)過(guò)程和細(xì)節(jié)。網(wǎng)絡(luò)數(shù)據(jù)包的抓取和解析已成為分析管理網(wǎng)絡(luò)及監(jiān)視網(wǎng)絡(luò)設(shè)備的重要工具。本文針對(duì)特殊的工業(yè)應(yīng)用網(wǎng)絡(luò)環(huán)境,利用WinPcap編程接口在Windows平臺(tái)下實(shí)現(xiàn)一個(gè)基本網(wǎng)絡(luò)監(jiān)聽(tīng)捕獲軟件,包括網(wǎng)絡(luò)數(shù)據(jù)包捕獲、抓包文件存儲(chǔ)、網(wǎng)絡(luò)協(xié)議過(guò)濾、協(xié)議解析、數(shù)據(jù)查詢、流量統(tǒng)計(jì)分析等基本網(wǎng)絡(luò)抓包分析功能。為了滿足特殊工業(yè)網(wǎng)絡(luò)環(huán)境的工作特性,解決網(wǎng)絡(luò)中瞬時(shí)大量數(shù)據(jù)的捕獲、長(zhǎng)時(shí)抓包工作的容量和健壯性要求,以及要求網(wǎng)絡(luò)抓包軟件不能丟包的高可靠性問(wèn)題,本文從以下幾個(gè)方面展開(kāi)了特色研究：(1)為了無(wú)丟失地捕獲網(wǎng)絡(luò)中突發(fā)的大數(shù)據(jù)量傳輸時(shí)的所有數(shù)據(jù)包,本文在建立了特殊工業(yè)網(wǎng)絡(luò)應(yīng)用環(huán)境的網(wǎng)絡(luò)數(shù)據(jù)傳輸變化模型的基礎(chǔ)上,針對(duì)最大的瞬時(shí)數(shù)據(jù)量,利用Endace DAG(?) 9.2x2網(wǎng)絡(luò)監(jiān)視采集卡支持大于1Gbps的局域網(wǎng)數(shù)據(jù)捕獲。(2)為了解決在極大網(wǎng)絡(luò)數(shù)據(jù)包存儲(chǔ)速度大于硬盤(pán)讀寫(xiě)速度的問(wèn)題,利用網(wǎng)絡(luò)長(zhǎng)時(shí)平均傳輸數(shù)據(jù)量不高的特點(diǎn),通過(guò)對(duì)緩沖區(qū)的動(dòng)態(tài)管理機(jī)制,保障數(shù)據(jù)包的無(wú)丟失存儲(chǔ)；為解決長(zhǎng)時(shí)工作中存儲(chǔ)數(shù)據(jù)總量巨大的問(wèn)題,并方便抓包數(shù)據(jù)的快速處理和分析調(diào)用,本文提出了分片文件管理存儲(chǔ)機(jī)制,數(shù)據(jù)包捕獲文件能夠自動(dòng)分文件存儲(chǔ)或按用戶設(shè)置的文件大小分別存儲(chǔ)。(3)工業(yè)網(wǎng)絡(luò)中不同設(shè)備的數(shù)據(jù)依靠應(yīng)用層數(shù)據(jù)類型區(qū)分,不同類型的數(shù)據(jù)解析過(guò)程、語(yǔ)義、語(yǔ)法各不相同。利用網(wǎng)絡(luò)協(xié)議過(guò)濾和XML可擴(kuò)展標(biāo)記語(yǔ)言對(duì)設(shè)備自定義數(shù)據(jù)進(jìn)行解析和預(yù)處理,通過(guò)數(shù)據(jù)類型標(biāo)識(shí)靈活調(diào)用不同的處理流程,并將預(yù)處理結(jié)果轉(zhuǎn)錄入數(shù)據(jù)庫(kù)中,便于后續(xù)處理和挖掘。本文還對(duì)嗅探程序的工作原理、SQL數(shù)據(jù)庫(kù)語(yǔ)言、MFC的消息處理機(jī)制及計(jì)算資源管理和文件管理進(jìn)行了討論和研究。通過(guò)對(duì)軟件使用的網(wǎng)絡(luò)環(huán)境進(jìn)行特殊需求方分析,建立網(wǎng)絡(luò)抓包應(yīng)用的模型,根據(jù)需求功能對(duì)軟件進(jìn)行模塊化的設(shè)計(jì),著重對(duì)具體的實(shí)現(xiàn)方法和滿足高性能的特殊改進(jìn)手段進(jìn)行了敘述。文章最后對(duì)所設(shè)計(jì)的網(wǎng)絡(luò)監(jiān)聽(tīng)程序進(jìn)行了實(shí)例測(cè)試和分析討論,結(jié)果表明本系統(tǒng)滿足各項(xiàng)功能需求及性能要求。
[Abstract]:With the rapid development of Internet technology and the increasingly frequent interaction with business, more and more economic activities have been transferred to the line. The network has penetrated into all aspects of our life: we use the network for communication, search, shopping; our life has been inseparable from the network. In the process of industrial production, the equipment in the network and the running status of each link in the industrial production can be detected by means of network monitoring, and all production processes and details can be comprehensively grasped and managed and tracked. The capture and resolution of network packets has become an important tool for analyzing, managing and monitoring network devices. Aiming at the special industrial application network environment, using WinPcap programming interface to realize a basic network monitor and capture software under Windows platform, including network packet capture, capture packet file storage, network protocol filtering, protocol analysis, data query, etc. Traffic statistics analysis and other basic network packet analysis function. In order to meet the working characteristics of the special industrial network environment, solve the problems of capturing a large amount of instantaneous data in the network, the capacity and robustness of the long time packet grasping work, and the high reliability problem of requiring the network packet catching software not to lose the packet. In order to capture all the data packets of burst data transmission in the network without loss, this paper establishes the network data transmission variation model of the special industrial network application environment, in order to capture all the data packets in the burst mass data transmission in the network without loss, based on the following several aspects, this paper establishes the change model of the network data transmission in the special industrial network application environment. In order to solve the problem that the storage speed of data packet is faster than that of hard disk, the data capture of LAN larger than 1Gbps is supported by Endace DAGU) 9.2x2 network monitor and data acquisition card in order to solve the problem that the storage speed of data packet is faster than that of hard disk in order to solve the problem. In order to solve the problem of the huge amount of data stored in long working time, we can make use of the feature that the average data quantity is not high in long time, and guarantee the data packet storage without loss through the dynamic management mechanism of buffer. And it is convenient to quickly process and analyze the packet data. In this paper, a file management and storage mechanism is proposed. Packet capture files can be automatically stored in files or stored separately according to the file size set by the user.) the data of different devices in the industrial network can be distinguished by application layer data types, different types of data parsing processes, semantics, The grammar is different. The network protocol filtering and XML extensible markup language are used to parse and preprocess the self-defined data of the device, and the different processing processes are flexibly called through the data type identification, and the preprocessing results are transferred to the database. Easy to follow up processing and mining. This paper also discusses and studies the working principle of sniffer program and the message processing mechanism, computing resource management and file management of SQL Database language (MFC). Through the analysis of the special demand side of the network environment used by the software, the model of the network packet capture application is established, and the modularized design of the software is carried out according to the requirement function. The specific implementation method and special improvement method to meet the high performance are described. At the end of this paper, the network monitor program is tested and analyzed. The results show that the system can meet the requirements of function and performance.
【學(xué)位授予單位】：華中師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 袁野;;MFC應(yīng)用程序多線程混合顯示界面方法研究[J];電腦知識(shí)與技術(shù);2014年32期

2 夏明忠;夏以軒;李兵元;;軟件模塊化設(shè)計(jì)和模塊化管理[J];中國(guó)信息界;2012年11期

3 王剛;;計(jì)算機(jī)網(wǎng)絡(luò)存儲(chǔ)技術(shù)[J];計(jì)算機(jī)系統(tǒng)應(yīng)用;2015年01期

相關(guān)博士學(xué)位論文 前1條

1 金晶;并行計(jì)算普適編程模型及系統(tǒng)架構(gòu)研究[D];北京郵電大學(xué);2012年

相關(guān)碩士學(xué)位論文 前5條

1 李旭鵬;基于PCI總線的高速采集系統(tǒng)的研究與設(shè)計(jì)[D];西安電子科技大學(xué);2011年

2 李祥;基于Web的網(wǎng)絡(luò)文件管理系統(tǒng)的研究與實(shí)現(xiàn)[D];蘭州大學(xué);2010年

3 熊堯;多功能高速采集卡的設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2013年

4 陳潔瑜;基于云平臺(tái)的文件管理系統(tǒng)的設(shè)計(jì)與測(cè)試研究[D];廈門(mén)大學(xué);2014年

5 郭凱;基于WinPcap的數(shù)據(jù)包捕獲系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2013年

，

本文編號(hào)：1952844