Big Data Network Diagnosis System project summary

Background

　　

Network data stream Format:

Use the Wireshark Capture tool, default access to Pcap file

PCAP file Format:

File header: 24b:magic:4b Mark file start + major:2b current File major version number + MINOR:2B+THISZONE:4B local Standard Time +sigfigs:4b timestamp precision +snaplen:4b Maximum storage length + LINKTYPE:4B LINK Type

Packet Baotou (16B) and packet data components

　　

Timestamp: Timestamp high, accurate to seconds

Timestamp: Time stamp low, accurate to microseconds

Caplen: The length of the current data area, that is, the length of the captured data frame, so that the next data frame can be located

Len: Offline data length: The length of the actual data frame in the network, in most cases equal to the Caplen value.

Packet data: That is, packet (usually the data frame of the link layer minus the amount of 8 bytes previously used to synchronize and identify the beginning of the frame, and the last 4 bytes for the CRC check), the length is Caplen. Note: There is no interval string between the captured packet packets in the Pcap file, so the first packet package is needed to determine the starting position of the next set of data in the file.

The data contents start with the DLC (Data Link Control layer) header, then the IP header, the Transport Layer header (TCP/UDP/ICMP/IGMP), and finally the Transport Layer data section

The first 14 bytes of each packet are the Ethernet frame head, the data frame header of the link layer, followed by the IP header, and so on.

Ethernet Frame Format:

Pre-order (8byte) + Destination Address (6byte) + Source Address (6byte) + type (2byte) + payload (46~1500) + frame inspection (4byte)

Minimum frame length 64 bytes, not including 8byte pre-order

(1) Only file header: size-pos<24

(2) file header + some packet size-pos<42

(3) Partial packet size-pos<53

(4) Just complete if () return POS

Method: In ReadLine

Big Data Network Diagnosis System project summary