Introduction of Ethereal Protocol analysis system

Source: Internet
Author: User
Tags functions linux

Ethereal is an open source network analysis system and is currently the best Open Source Network protocol analyzer, supporting Linux and Windows platform.

Ethereal was initially developed by Gerald Combs and subsequently maintained and developed by a loose Etheral team organization. It currently offers a powerful protocol analysis capability comparable to the commercial network analysis system, since the release of the first 0.2 release in 1998, a large number of volunteers for ethereal to add a new protocol parser, now Ethereal has supported more than 500 protocol resolution. It is hard to imagine that so many people develop code that fits into the system well, and adding a new protocol parser to the system is simple, and a novice who does not understand the structure of the system can develop its own protocol based on the set of interfaces left behind. This is thanks to Ehereal's good design structure. In fact, due to the wide variety of protocols on the Internet, new protocols are emerging. A good protocol analyzer must have good scalability and structure. In order to adapt to the needs of network development, the new protocol parser has been added.

1 Ethereal's bag-catching platform

The network analysis system first relies on a set of function libraries to capture network packets. This function library works at the bottom of the network Analysis System module. The function is to obtain the packet from the NIC or remove a subset of the packet according to the filtering rule, and then transfer it to the upper analysis module. From the protocol, this set of functions receives a packet from the link layer, at least to restore it above the transport layer for upper analysis.

In the Linux system, Steven McCanne and Van Jacobson of Lawrence Berkeley Lab in 1992 presented an implementation of packet filters, BPF (BSD Packet filter). Libpcap is a BPF-based, open Source Library of capture functions. Most of the existing Linux capture systems are based on this set of functions or are based on some specific improvements

In the window system, the Italian Fulvio Risso and Loris Degioanni proposed and implemented the WINPCAP function library, which the author calls NPF. Because NPF's main idea is to come from BPF, its design goal is to Windows

The system provides a powerful development packet capture platform, and it is hoped that the network analysis tools in Linux can be ported to Windows after simple compilation, so these two kinds of trap architectures are very realistic. The function call interface provided for the implementation is also consistent.

Ethereal network Analysis system also needs a bottom grab platform, in Linux is to use Libpcap function library grab bag, in Windows system using WINPCAP function library Grab Bag

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.