| 摘要 |
A method, apparatus, and computer-readable medium for analyzing network data streams with parsers generated using script based parsers is provided. The script based parsers are used to analyze the captured frames of a network data stream and identify conversations in the frames. The script based parsers are written in a language that describes network protocols. A script interpreter interprets script to build a parser in the memory of a computing device. A parsing engine uses the protocol parsers stored in memory to parse frames. A capture engine captures frames for parsing and frames are organized into conversations. The parsing of frames is optimized by substituting data structure sizes for data structures that are not of interest in a particular parser.
|
