摘要： 通过分析Linux 操作系统数据包处理流程，提出了一种基于Linux 内核的流量分析方法，采用该方法实现了基于Linux 内核的流量分析模块KTAM。分析显示KTAM 降低了系统调用和内存拷贝等开销，提高了流量分析性能，比基于Libpcap 的工具能力提高近50％。

关键词: 流量分析；数据包捕获；被动测量

Abstract: The paper proposes a traffic analysis method through analysis of implementation of network packet receiving in Linux OS. Using this method, one loadable Linux kernel module kernel-based traffic analysis module (KTAM) is implemented. KTAM makes use of the characters of kernel module, reduces the overhead of system calls and memory copy times. And experiments show that KTAM can enhance the performance about 50% than one traffic analysis tool based on Libpcap

Key words: Traffic analysis; Packet capture; Passive measurement