With the rapid development of the network, network bandwidth has been greatly improved. In high speed network environment, higher requirement is needed to the Intrusion Detection System(IDS). The packet capture capability of IDS has become the bottleneck to enhance the system performance. At present most IDS apply Libpcap to capture packet. This paper analyzes and designes an packet caputure module in IDS based on Snort, and then shows the design structure and work process. At last this paper analyzes the system performance by comparison.% 随着网络的高速发展,网络带宽得到了极大的提升。高速网络环境下对入侵检测系统提出了更高的要求,其中入侵检测系统的数据包捕获能力成为其发展的瓶颈。目前大多数系统使用传统的Libpcap库来实现数据包捕获功能,文章对一个基于Snort入侵检测系统中数据包捕获模块进行了分析设计,给出了设计架构,详细说明了工作流程,并对系统的性能进行了对比分析。
展开▼
