网络抓包和分析技术是很多网络安全软件实现的基础,也是设计网络分析软件的基础,现有的一些技术如防火墙、协议分析等软件的实现都是以数据包的嗅探捕获为前提的，所以研究相关的数据包捕获和分析技术对保证网络的安全运行是很有现实意义的。本文对Windows下基于WinPcap的网络监测与协议分析技术进行了深入的研究，详细的研究了WinPcap的框架，得出了基于WinPcap驱动开发的一般过程，最后实现了一个数据包捕获解析器CapturePacket。程序中网络监听的目标是TCP/IP协议中的ARP、IP、TCP、UDP甲种协议，以WindowsXP操作系统为平台，在VisualC++环境下使用WinPcap驱动从TCP/IP协议栈的数据链路层捕获原始数据包，并从中提取出以上四种协议及数据包的数据。通过在实际环境中测试，证明了本系统可以比较高效地监听到和所设定的过滤条件一致的数据包，并显示每个包的协议、源IP地址、目的IP地址、数据包长和包内的数据等内容，可以帮助网络管理员分析网络数据，具有一定的实用价值，主要表现在以下几个方面：（1）首先实现了对本机上所有网卡的自由选择。（2）实现了自定义包过滤规则，可以同时绑定主机、协议和端口，能有针对性地监听某些类型的数据包，并且能以协议树的形式显示协议的层次。（3）以太网链路层帧的截获和分析，并实现对ARP、IP、TCP、UDP四种协议的支持。（4）实现对捕获数据的十六进制及ASCII码显示。关键词：数据包捕获；WinPcap；协议分析；TCP/IP协议；VC++6.0

(Network packet capture and analysis technology is the basis for the implementation of many network security software, and also the basis for the design of network analysis software. The implementation of some existing technologies such as firewall, protocol analysis and other software is based on the sniffing and capture of data packets. Therefore, the research on relevant packet capture and analysis technology is of great practical significance to ensure the safe operation of the network. This paper makes an in-depth study on the network monitoring and protocol analysis technology based on WinPcap under windows, studies the framework of WinPcap in detail, obtains the general process of development based on WinPcap driver, and finally realizes a packet capture parser capturepacket. The target of network monitoring in the program is ARP, IP, TCP, UDP a protocols in tcp/ip protocol. Based on WindowsXP operating system and in visualc++ environment, WinPcap driver is used to capture the original data packets from the data link layer of tcp/ip protocol stack, and extract the data of the above four protocols and data packets. Through testing in the actual environment, it is proved that the system can efficiently monitor and hear data packets that are consistent with the set filtering conditions, and display the protocol, source IP address, destination IP address, packet length and data in each packet, which can help network managers analyze network data and has certain practical value, It is mainly manifested in the following aspects: (1) first, it realizes the free choice of all network cards on the machine. (2) It realizes the custom packet filtering rules, which can bind the host, protocol and port at the same time, can listen to some types of packets pertinently, and can display the protocol hierarchy in the form of protocol tree. (3) Capture and analyze Ethernet link layer frames, and support ARP, IP, TCP and UDP protocols. (4) Realize the hexadecimal and ASCII code display of the captured data. Keywords: packet capture; WinPcap； Protocol analysis; Tcp/ip protocol; VC++6.0)

[下载]21161575970.rar

2022-7-1 21:16 上传

文件大小: 1 MB
下载次数: 0

网络抓包和分析技术是很多网络安全软件实现的基础,也是设计网络分析软件的基础,现有的一些技术如防火墙、协议分析等软件的实现都是以数据包的嗅探捕获为前提的，所以研究相关的数据包捕获和分析技术对保证网络的安全运行是很有现实意义的。本文对Windows下基于WinPcap的网络监测与协议分析技术进行了深入的研究，详细的研究了WinPcap的框架，得出了基于WinPcap驱动开发的一般过程，最后实现了一个数据包捕获解析器CapturePacket。程序中网络监听的目标是TCP/IP协议中的ARP、IP、TCP、UDP甲种协议，以WindowsXP操作系统为平台，在VisualC++环境下使用WinPcap驱动从TCP/IP协议栈的数据链路层捕获原始数据包，并从中提取出以上四种协议及数据包的数据。通过在实际环境中测试，证明了本系统可以比较高效地监听到和所设定的过滤条件一致的数据包，并显示每个包的协议、源IP地址、目的IP地址、数据包长和包内的数据等内容，可以帮助网络管理员分析网络数据，具有一定的实用价值，主要表现在以下几个方面：（1）首先实现了对本机上所有网卡的自由选择。（2）实现了自定义包过滤规则，可以同时绑定主机、协议和端口，能有针对性地监听某些类型的数据包，并且能以协议树的形式显示协议的层次。（3）以太网链路层帧的截获和分析，并实现对ARP、IP、TCP、UDP四种协议的支持。（4）实现对捕获数据的十六进制及ASCII码显示。关键词：数据包捕获；WinPcap；协议分析；TCP/IP协议；VC++6.0

(Network packet capture and analysis technology is the basis for the implementation of many network security software, and also the basis for the design of network analysis software. The implementation of some existing technologies such as firewall, protocol analysis and other software is based on the sniffing and capture of data packets. Therefore, the research on relevant packet capture and analysis technology is of great practical significance to ensure the safe operation of the network. This paper makes an in-depth study on the network monitoring and protocol analysis technology based on WinPcap under windows, studies the framework of WinPcap in detail, obtains the general process of development based on WinPcap driver, and finally realizes a packet capture parser capturepacket. The target of network monitoring in the program is ARP, IP, TCP, UDP a protocols in tcp/ip protocol. Based on WindowsXP operating system and in visualc++ environment, WinPcap driver is used to capture the original data packets from the data link layer of tcp/ip protocol stack, and extract the data of the above four protocols and data packets. Through testing in the actual environment, it is proved that the system can efficiently monitor and hear data packets that are consistent with the set filtering conditions, and display the protocol, source IP address, destination IP address, packet length and data in each packet, which can help network managers analyze network data and has certain practical value, It is mainly manifested in the following aspects: (1) first, it realizes the free choice of all network cards on the machine. (2) It realizes the custom packet filtering rules, which can bind the host, protocol and port at the same time, can listen to some types of packets pertinently, and can display the protocol hierarchy in the form of protocol tree. (3) Capture and analyze Ethernet link layer frames, and support ARP, IP, TCP and UDP protocols. (4) Realize the hexadecimal and ASCII code display of the captured data. Keywords: packet capture; WinPcap； Protocol analysis; Tcp/ip protocol; VC++6.0)

[下载]21161575970.rar

2022-7-1 21:16 上传

文件大小: 1 MB
下载次数: 0