摘  要
隨著計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)的飛速發(fā)展，網(wǎng)絡(luò)安全問題顯得尤其突出。通過采集網(wǎng)絡(luò)數(shù)據(jù)并對(duì)其進(jìn)行相應(yīng)的分析，可以清楚地了解到網(wǎng)絡(luò)上使用的各種協(xié)議。分析采集到的數(shù)據(jù)包，可以確定網(wǎng)絡(luò)是否被類似端口掃描這樣的攻擊入侵；其次，使用網(wǎng)絡(luò)應(yīng)用程序時(shí)，有時(shí)會(huì)因?yàn)槟承┰蛟斐蓱?yīng)用程序不能正常運(yùn)行，這種情況下也可以使用采集到的數(shù)據(jù)包來分析，從而推斷出發(fā)生問題的原因；此外，利用數(shù)據(jù)包，還可以清楚的了解整個(gè)網(wǎng)絡(luò)在各個(gè)時(shí)段內(nèi)的網(wǎng)絡(luò)負(fù)載情況，并能調(diào)查處是哪一臺(tái)計(jì)算機(jī)造成了網(wǎng)絡(luò)的負(fù)載過重，從而判斷網(wǎng)絡(luò)使用得是否合理。除了以上談到的幾個(gè)方面以外，數(shù)據(jù)包分析還有其他很多用途。
TCP/IP數(shù)據(jù)包的分析比較復(fù)雜，首先這種分析是基于對(duì)TCP/IP協(xié)議族的理解之上的，其次對(duì)數(shù)據(jù)包的結(jié)構(gòu)也要有很深的認(rèn)識(shí)。本文從以太網(wǎng)的結(jié)構(gòu)內(nèi)容開始，介紹了以太網(wǎng)的構(gòu)成，在分析TCP/IP協(xié)議的基礎(chǔ)上，研究了基于Linux平臺(tái)的數(shù)據(jù)包分析軟件。重點(diǎn)介紹了數(shù)據(jù)包分析器的設(shè)計(jì)原理，方案以及實(shí)現(xiàn)方法。最后對(duì)軟件的具體操作說明也做了簡(jiǎn)單的解釋，從而，設(shè)計(jì)了一套完整的數(shù)據(jù)包分析方案。

關(guān)鍵詞    以太網(wǎng)      TCP/IP協(xié)議      包捕獲機(jī)制       包過濾機(jī)制       
ABSTRACT
With the development at full speed of computer network technology, The network safety problem appears especially outstanding. Carrying out corresponding analysis by collecting the network data and to the person, Can know to arrive at the various agreement being put into use on the network clearly. Analysising collects the data bag arriving at, the attack being able to ascertain if network such is scanned by similar end invades; Secondly, the use of network applications, sometimes because of certain causes application from running, Under such circumstances it can use the data collected to analyze packets, thus infer a problem and the reasons for it; And besides, make use of data bag, can be clear knowing network loads entire network condition within each time intervals, being able to inquire into a place is that which one platform computer has brought about loads network overweight, have judged that the network is put into use such that being rational or not thereby. Outside several aspect talking about except all above, data bag analysis is still had other many use.
The analysising of TCP/IP data bag is comparatively difficult and inconvenient, First of all this analysis is based on a national agreement TCP/IP understanding of the above, Second, the structure of data packets must be well versed in. This paper introduced the composition of Ethernet from the structure and content, on the basis of agreement of TCP/IP analysis, did the research about data analysis software packages on Linux-based. Focus on the data packet analyzer design, programming and implementation. Finally, the software specific instructions have also done a simple explanation. At this point, provide a complete set of data packet analysis program.

KEY  WORDS              Aether net       TCP/IP agreement       
Capture mechanism of package   Fliteration mechanism of package    
 
目 錄

摘  要 I
ABSTRACT II
第一章 緒 論 1
1.1課題研究背景 1
1.2 課題研究意義 1
1.3 國內(nèi)外研究主要技術(shù)及狀況對(duì)比 2
1.3.1 國內(nèi)外研究主要技術(shù) 2
1.3.2 國內(nèi)外研究狀況對(duì)比 4
1.4 論文組織結(jié)構(gòu) 5
第二章 以太網(wǎng)和TCP/IP 6
2.1 以太網(wǎng)的結(jié)構(gòu) 6
2.1.1基于網(wǎng)絡(luò)架構(gòu)的以太網(wǎng)的定義 6
2.1.2 RFC894定義的以太幀 6
2.1.3 以太網(wǎng)上的數(shù)據(jù)交換 8
2.2 TCP/IP體系結(jié)構(gòu) 9
2.2.1 TCP/IP協(xié)議族 9
2.2.2 TCP/IP協(xié)議族的優(yōu)點(diǎn) 9
2.2.3 TCP/IP協(xié)議族的分層 9
2.2.4 TCP/IP協(xié)議組件 11
2.2.5 各層的協(xié)議分析 11
2.3 本章小節(jié) 12
第三章 TCP/IP數(shù)據(jù)包分析器設(shè)計(jì)原理和方案 13
3.1 TCP/IP數(shù)據(jù)包分析器設(shè)計(jì)原理 13
3.2 TCP/IP數(shù)據(jù)包分析器設(shè)計(jì)方案 18
3.2.1數(shù)據(jù)包分析器的系統(tǒng)架構(gòu) 18
3.2.2 實(shí)現(xiàn)機(jī)制 20
3.3本章小節(jié) 21
第四章 TCP/IP數(shù)據(jù)包分析器設(shè)計(jì)過程 22
4.1包的捕獲過程 22
4.2包的分析過程 22
4.3本章小節(jié) 25
第五章 TCP/IP數(shù)據(jù)包分析器實(shí)現(xiàn) 26
5.1 數(shù)據(jù)包捕獲的實(shí)現(xiàn) 26
5.1.1創(chuàng)建套接字 26
5.1.2把網(wǎng)卡設(shè)置為混雜模式 26
5.1.3捕獲數(shù)據(jù)包 27
5.1.4分析數(shù)據(jù)包 28
5.2數(shù)據(jù)包分析的實(shí)現(xiàn) 28
5.2.1 對(duì)以太幀的分析 28
5.2.2 對(duì)IP數(shù)據(jù)報(bào)的分析 29
5.2.3 對(duì)TCP/UDP數(shù)據(jù)報(bào)的分析 30
5.3 利用圖示表示數(shù)據(jù)報(bào)流量隨時(shí)間變化 32
5.4 對(duì)特定端口的觀察 32
5.5 本章小節(jié) 33
第六章 網(wǎng)絡(luò)數(shù)據(jù)采集的研究與應(yīng)用 35
6.1 廣播式以太網(wǎng)與交換式以太網(wǎng) 35
6.2 基于鏈表結(jié)構(gòu)的網(wǎng)絡(luò)數(shù)據(jù)動(dòng)態(tài)采集 36
6.2.1 鏈表結(jié)構(gòu)的設(shè)計(jì) 36
6.2.2 鏈表結(jié)構(gòu)的測(cè)試 37
6.3本章小節(jié) 38
第七章 總結(jié)與展望 39
7.1總結(jié) 39
7.2展望 39
結(jié)束語 40
參考文獻(xiàn) 41
附  錄1 42