- 學位論文
高速網路下被動式封包擷取之效能提升
Improvement of Passive Packet Capture under High Speed Network
摘要
封包擷取是網路安全鑑識(Network Forensics)的第一個步驟,在確認網路安全鑑識系統能正確側錄所監控的網路封包之後,才能進一步去對封包所帶有的資訊做重整及分析。但是隨著網路頻寬日漸增長,除了在硬體上尋求更高價的設備外,亦可由系統軟體的設計去突破,以應付高流量的網路環境。因此如何在同樣的硬體設備和作業系統平台,利用分散式緩衝封包擷取架構(Distributed-Buffer Packet Capture Architecture)來減少封包遺失的情形,並藉此提高以Linux為基礎之網路安全鑑識系統的可靠度,益形重要。本研究在Linux環境下對自由軟體封包擷取函式庫Libpcap,進行封包擷取效能的提升。主要將會針對封包擷取過程中因緩衝區溢位(Buffer Overflow)而產生的封包遺失,提出更有效的系統設計,以期能達到改善封包擷取的效能,並利用封包遺失的比率來評估系統的效能。
並列摘要
Packet Capture is the first step in Network Forensics. We reassemble packets into network session and analyze the information in these network sessions, only after we could capture all the packets completely. With the increasing of network bandwidth, how to capture packets under high speed network and reduce packet loss happened has become an important issue. In this paper, we try to improve the performance of Packet Capture Library – Libpcap under Linux Operation System by adjusting Linux Kernel and new packet capture architecture – Multi-Buffer Packet Capture Architecture. And we implement this Multi-Buffer Packet Capture System and evaluate performance through the percentage of lost packets.
參考文獻
被引用紀錄
延伸閱讀
- 曾明祥(2006)。高速下載封包擷取系統中的適應性連結調整演算法〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2006.02161
- Yang, J. C. (2008). 應用於網路入侵偵測系統之快速狀態化封包檢測架構 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2008.01146
- Hsu, C. H. (2011). 整合網路封包安全檢測系統及多核心封包擷取模組於超高速網路環境 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.01230
- 劉家隆、杜冠賢、曾俊豪、張景旭(2013)。Improving Packet Delay of Mobile Communication Network with Local Routing。電腦與通訊,(151),5-11。https://www.airitilibrary.com/Article/Detail?DocID=1019391x-201306-201307030022-201307030022-5-11
- 邱治達(2007)。Dynamic Bandwidth Allocation in Gigabit Passive Optical Network〔碩士論文,國立臺北科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0006-2808200714073400