Papers by Keyword: Winpcap

Abstract: 10G Ethernet technology has been widely used in modern high speed communication system. As a result, program design for high-speed data capture on 10G Ethernet, as the first and important step in network monitor and analysis system, has become a challenging task. This paper proposed a high-speed data capture method based on WinCap and shared memory pool technology and has features of high speed, low packet loss rate, high efficiency and good portability. The system test and data analysis proved that the proposed method in this paper can effectively capture the data at speed of 6Gbps and stably keep the packet loss rate under 0.03%.

Abstract: Chaperonage network technique of continuously development, make ether net safety problem research more and more importance, involve a network safety the realm have many safety technique, like fire wall, invade examination, safety scan, agreement analysis etc., but these technique of realization all demand depend on a network data pack to succeed in catching. This text to under the system of the data pack succeed in catching a technique to carry on a research, and put forward a few data pack of succeeds in catching a method.

Abstract: The LAN usually hides internal network structure by NAT to share a public IP address in the internal network, and thus it is hard to locate the source host precisely distributing sensitive information for a large-scale information monitoring system by analyzing the intercepted packets. So it is hard to fulfill monitoring work efficiently. This paper puts forward a scheme to intercept and analyze the sensitive information in the LAN environment. It studies the ARP spoofing principle and the sniffer technology based on WINPCAP. The scheme includes 7 modules named NIC capture module, packet filtering module and so on. And it achieves sensitive information filtering and matching by the configured rules, such as "keywords", "URL", "QQ number" and so on. The scheme provides a solution for tracking the source host leaking sensitive information within the LAN.

Abstract: Nowadays, IPv4 addresses have been exhausted. IPv6 as the next generation of the Internet Protocol is gradually moving towards practical , Network monitoring is very important to the practical use of IPv6 , The security problems of IPv6 study is not mature, especially the security of IPv6 network security products are less . This study uses the existing IPv4 network security research results, aiming at the characteristic of IPv6 protocol , Analysis of the structure and classification of the IPv6 address , IPv6 addressing, neighbor discovery process, the domain name system , DHCPv6 , ICMPv6, IPv6 routing and security series of IPv6 basics of features , Using WinPcap programming, enabling the network packet capture, content analysis and experimental verification of the system.

Abstract: This paper presents a model designing and simulation realization of arc protection system based on GOOSE (Generic Object Oriented Substation Event) .It is proposed to fully use the logical node GGIO (Generic Input and Output) of IEC61850 in the modeling of intelligent electronic devices. The real-time data (data of arc intensity and loop circuit) are transferred by GOOSE message with time delay less than 4 ms. GOOSE message communications mechanism is introduced. Winpcap development packet is selected and the simulation program is written to transmit and capture the GOOSE messages.

Abstract: By analyzing packets of the transport layer and the traffic flow statistic characteristics in the peer-to-peer (P2P) applications, a new P2P traffic identification system is presented. The new method in the system relies on the observation of the first few data packets of a TCP/UDP connection. It not only can identify more P2P applications, but also can identify the known and unknown P2P applications even if the data of them is encrypted. According to the results by passing a large number of tests, the system has higher identify-rate to identify the P2P applications and lower false negative and false positive. It has good effects in the actual network.