【正文】 基于 TCP/IP 的協(xié)議分析器設(shè)計 I 基于 TCP/IP 的協(xié)議分析器設(shè)計 【摘要】網(wǎng)絡(luò)分析技術(shù)作為一種積極的安全監(jiān)測技術(shù)，能實時監(jiān)測網(wǎng)絡(luò)中發(fā)生的一些事件，也更加有效地保障被監(jiān)測網(wǎng)絡(luò)的安全性。基于 TCP/IP 的分析技術(shù)也是具有入侵監(jiān)測能力網(wǎng)絡(luò)系統(tǒng)的核心技術(shù)之一。所以，研究以捕獲數(shù)據(jù)包為基礎(chǔ)的網(wǎng)絡(luò)分析方法在當(dāng)今是非常必要的。 本課題針對 10Mbps 以太網(wǎng)，設(shè)計一個具有實時性的網(wǎng)絡(luò)數(shù)據(jù)包捕獲和統(tǒng)計分析系統(tǒng)。本系統(tǒng)使用具有數(shù)據(jù)包捕獲功能的 winpcap 開源包 ，對流經(jīng)本機的網(wǎng)絡(luò)數(shù)據(jù)包進行嗅探和統(tǒng)計分析。在循環(huán)捕獲網(wǎng)絡(luò)上的數(shù)據(jù)包的同時，對數(shù)據(jù)包進行分析與歸 類。本系統(tǒng)以 TCP/IP體系結(jié)構(gòu)為根本，對數(shù)據(jù)包實現(xiàn)由下至上的層層解析，最終實現(xiàn)對 HTTP 協(xié)議報文的讀取，F(xiàn)TP 文件傳輸協(xié)議的命令讀取，也可以實現(xiàn)以 UDP 協(xié)議或 TCP 協(xié)議為基礎(chǔ)的 數(shù)據(jù)包的判斷。 本論文首先介紹了捕獲網(wǎng)絡(luò)數(shù)據(jù)包的工具 ,其次是重點介紹了 winpcap 開源庫的相關(guān)知識、捕獲數(shù)據(jù)包的理論過程以及數(shù)據(jù)包的分析過程等。 【 關(guān)鍵詞 】 winpcap 開源包 ， TCP/IP 協(xié)議，數(shù)據(jù)包捕獲，協(xié)議分析基于 TCP/IP 的協(xié)議分析器設(shè)計 II Design a protocol analyzer based on TCP/IP protocol Abstract Network analysis technology as a positive safety monitoring technology, it can occur in the realtime monitoring of work events and more effective protection of the security of the work to be monitored. The work analysis technology is also one of the core technologies for work intrusion detection systems. Therefore, the study to capture the packetbased work monitoring is necessary in todays. The topic designs a realtime work packet capture and statistical analysis system for 10Mbps Ether. The system uses winpcap es with work packet capture mechanism for monitoring and statistical analysis of data packets flowing through the local puter. In the loop capturing data packets at the same time, synchronization is achieved on the analysis of data packets classified. It is mainly done to the TCP/IP protocol stackbased work packet capture. The system is based on the TCP/IP architecture and analysis packets from the bottom layers. Ultimately, the system can read the HTTP protocol packets, the FTP file transfer protocol mand and it can also implement the judgments of the data packets based on UDP or TCP protocol. This paper introduces a work packet capture tool firstly. And the paper focuses on the winpcap knowledge, the principle of packet capture and analysis of data packets mechanism secondly. Key word: winpcap opensource packet, TCP/IP protocol, packet capture, protocol analysis基于 TCP/IP 的協(xié)議分析器設(shè)計 III 目錄 第一章 緒論 ...................................................................................................................................... 1 . 課題背景 ...................................................................................................................... 1 . 研究現(xiàn)狀 ...................................................................................................................... 1 . 本文研究內(nèi)容 ............................................................................................................... 2 . 論文結(jié)構(gòu) ...................................................................................................................... 2 第二章 網(wǎng)絡(luò)數(shù)據(jù)捕獲及 winpcap的相關(guān)知識 ..................................................................................... 3 網(wǎng)絡(luò)數(shù) 據(jù)捕獲 .................................................................................................................. 3 網(wǎng)卡的工作模式 ........................................................................................................ 3 共享式的網(wǎng)絡(luò)數(shù)據(jù)捕獲 .......................................................................................... 3 交換式的的網(wǎng)絡(luò)數(shù)據(jù)捕獲 ....................................................................................... 4 網(wǎng)絡(luò)開發(fā)工具 .................................................................................................................. 4 網(wǎng)絡(luò)開發(fā)現(xiàn)有的函數(shù)庫 .......................................................................................... 4 數(shù)據(jù)包的捕獲工具 ................................................................................................. 5 winpcap 的相關(guān)知識 ......................................................................................................... 5 winpcap 簡介 ............................................................................................................. 5 winpcap 的各功能模塊 ............................................................................................... 5 winpcap 的主要函數(shù)及相關(guān)功能 ................................................................................. 7 第三章 TCP/IP 協(xié)議分析模塊 ............................................................................................................ 8 TCP/IP 分析過程 .............................................................................................................. 8 TCP/IP 模型 .............................................................................................................. 8 數(shù)據(jù)包的封裝與分用 .............................................................................................. 9 主要協(xié)議數(shù)據(jù)包格式 ............................................................................................ 10 基于 winpcap 的網(wǎng)絡(luò)數(shù)據(jù)捕獲程序 ................................................................................. 15 獲得本地網(wǎng)絡(luò)驅(qū)動器列表 ..................................................................................... 16 獲得已安裝的網(wǎng)絡(luò)設(shè)備的高級信息 ....................................................................... 17 打開網(wǎng)卡準(zhǔn)備捕獲數(shù)據(jù)包 ..................................................................................... 17 數(shù)據(jù)包的過濾設(shè)定 ............................................................................................... 18 基于 TCP/IP 的協(xié)議分析器設(shè)計 IV 開始捕獲數(shù)據(jù)包 ................................................................................................... 19 數(shù)據(jù)包的分析 ...................................................................................................... 20 第四章 程序的實現(xiàn) ......................................................................................................................... 21 winpcap 的安裝使用方法 ................................................................................................ 22 程序的運行 .................................................................................................................... 23 捕獲程序性能的調(diào)整 ...................