Research And Application Of Network Protocol Analysis Technology

With the rapid development of computer network communication technology and information industry, computer network plays a more and more important role in people’s daily life and studying. Network protocol, as the core framework of computer network communication, is attracting a lot of attention. In view of the network protocol’s significance and practical value, the thesis designs and implements a Network Protocol Analysis Framework (NPAF), as well as two application platforms based on NPAF after in-depth research of protocol analysis method and its implementation.This thesis studies the technology which is related to network data acquisition and network protocol analysis technology. Firstly, the thesis focuses on the Winpcap technology which collects network data from data link layer bypass and the Berkeley packet filter mechanism which is used to collect specific data packet. Then, the thesis does some researches on the key technologies, such as packet packing and so on. In accordance with the TCP/IP reference model, the NPAF uses network port and deep packet information with eigenvalue to identify protocol type according to the protocol identification. The NPAF shows the collected network packet information in accordance with the TCP/IP protocol format using a tree structure layer by layer. Ultimately, the thesis designs and implements NPAF.With the combination of theory and practical, the thesis applies the NPAF in practical environment and does a lot of researches on it. The thesis implements Network Protocol Teaching Platform (NPTP) and Terminal Security Detection Platform (TSDP) based on the NPAF. The NPTP designs protocol interactive learning and data flow classification module to implement protocol teaching platform with the research on trigger mode of network interactive behavior. The test results show that the NPTP provides more realistic network environment for the user, and thus contributes to make further study and grasp of each layer protocols in TCP/IP protocol suite. With the study of application process management and network intrusion technology, the TSDP designs process contrast and intrusion detection module to implement terminal security detection. The TSDP implements process lookup at the packet level, terminal intrusion response and so on. The results of the experiment show that the TSDP can detect the terminal security in time. Besides of this, the TSDP has a high recognition rate of application process, as well as intrusion detection rate.