Real-time network data capture method based on connection

Abstract

The invention discloses a real-time network data capture method based on connection, comprising the following steps: 1. initializing the application layer programs and registering the network data processing function; 2. initializing a virtual network card drive module; 3. the application layer opening the kernel communication event and monitoring whether the kernel communication event is signal state; 4. the virtual network card drive module receiving the data packets submitted by a network card drive module; 5. analyzing the data header information; 6. computing connectives according to the common connection information such as the IP addresses, physical addresses, port numbers and the like of the data packets; 7. extracting the data which are not repetitive in connectors from the data packets and generating packet descriptions; 8. merging the packet descriptions into a connection buffer; 9. judging whether the data in connection need to be submitted in real time; and 10. the virtual network card drive module setting the kernel communication event as the signal state. The method avoids submitting the data which are repetitive in one connection.

Description

technical field [0001] The invention relates to a network technology, in particular to a connection-based real-time network data capture method. Background technique [0002] Obtaining and processing and analyzing data packets transmitted in the network has become a basic technology of network analysis. At present, packet capture technologies basically rely on foreign open source software and are basically based on data packets. Under the Linux system, the Libpcap function package is generally used (a network access system under Linux, which obtains data packets based on timing), and under the Windows system, the Winpcap system (a Windows network access system, which obtains data packets based on timing) is generally used, or Use shared memory based packet capture method. In the TCP / IP protocol, a complete data packet has an Ethernet header, an IP header, a TCP / UDP / ICMP header, and application layer data. In the data packets in the same data connection, the Ethernet header...

AI Technical Summary

Problems solved by technology

[0003] The related technology of relevant packet capturing has been disclosed in Chinese patents 200810097512.9, 200610113329.4, 200810019282.4, 01139038.7, 200710076153.4, 200810192946.7, 200610065273.X, but these patents do not solve the following problems in real time through TCP / IP communication protocol: Second, merge the repeated content between data packets, reduce the content submitted to the application layer for analysis, thereby reducing system memory usage and I / O times; third, the application layer program obtains data based on connections

[0004] The current network data capture method, such as Chinese patent 200610113329.4, can only be based on data packet capture, and cannot process data based on connection. It can only poll and process data according to the traditional method, and cannot notify the application layer for processing in real time. All data packets need to be completely submitted. wasting memory

Moreover, the existing technologies that have been disclosed on the market only put all the data packets into the shared memory or put them in the queue through a certain technical means to wait for the application layer to obtain the data through the polling method or the timing read and write method.

Images