【正文】 一個(gè)網(wǎng)絡(luò)嗅探工具的開發(fā) 一個(gè)網(wǎng)絡(luò)嗅探工具的開發(fā) 摘要 隨著 網(wǎng)絡(luò) 技術(shù)的飛速發(fā)展，網(wǎng)絡(luò)安全問題越來越被人重視。嗅探技術(shù)作為網(wǎng)絡(luò)安全攻防中最基礎(chǔ)的技術(shù)，既可以用于獲取網(wǎng)絡(luò)中傳輸?shù)拇罅棵舾行畔?，也可用于網(wǎng)絡(luò)管理。通過獲取網(wǎng)絡(luò)數(shù)據(jù)包的流向和內(nèi)容等信息，可以進(jìn)行網(wǎng)絡(luò)安全分析和網(wǎng)絡(luò)威脅應(yīng)對(duì)。因此對(duì)網(wǎng)絡(luò)嗅探器的研究具有重要意義。 本 畢業(yè)設(shè)計(jì)通過分析網(wǎng)絡(luò)上常用的嗅探軟件 ，在了解其功能和原理的基礎(chǔ)上，以 VC為開發(fā)平臺(tái) ， 使用 Windows 環(huán)境下 的網(wǎng)絡(luò)數(shù)據(jù)包捕獲開發(fā)庫(kù) WinPcap， 按照軟件工程的思想進(jìn)行設(shè)計(jì) 并 實(shí)現(xiàn) 了 一 個(gè)網(wǎng)絡(luò)嗅探工具 。 該嗅探 工具 的總 體架構(gòu) 劃分為 5 個(gè)部分，分別是最底層的數(shù)據(jù)緩存和數(shù)據(jù)訪問、中間層的數(shù)據(jù)捕獲 、 協(xié)議 過濾 、 協(xié)議分析 和最頂層的圖形化用戶界面。 本嗅探工具完成了數(shù)據(jù)包捕獲及分析、協(xié)議過濾的主要功能， 實(shí)現(xiàn) 了 對(duì) 網(wǎng)絡(luò)協(xié)議 、源 IP 地址 、 目標(biāo) IP 地址及端口號(hào)等信息 的顯示， 使得該程序能夠 比 較全面 地 分析出 相關(guān) 信息以供用戶參考決策。 關(guān)鍵詞 ： 網(wǎng)絡(luò) 嗅探 ； WinPcap 編程接口 ； 數(shù)據(jù)包 ； 網(wǎng)絡(luò)協(xié)議 ；多線程 一個(gè)網(wǎng)絡(luò)嗅探工具的開發(fā) THE DEVELOPMENT OF A NETWORK SNIFFER TOOL ABSTRACT Network security is increasingly being seriously with the rapid development of puter technologies. Sniffer technology, as the most basic technology in work attack and defense, can be used to access amounts of sensitive work information in the work transmission, and also be used for work management. We can analysis work security and deal with work threats with information of captured packet. Therefore, it is of significance to study work sniffer technology. This Graduation Project implemented a work sniffer tool by analysising monly used work sniffer software, in the base of understanding their functions and principle. This project is developed under the Windows environment, and using VC as development platform, WinPcap as work packet capture Development Library, according to the idea of software engineering design. The general framework of the sniffer tool has five parts, namely, the lowest level of data caching and data access, the middle layer of data capture、 protocol filtering、 protocol analysis, and the most toplevel graphical user interface. The program pleted the main functions of packet capture, analysis and protocol filtering. Information displayed in work protocol, source and target IP address and port number, can be more prehensive analysized by users to refer and make decision. Key words： work sniffer。 WinPcap API。 data packet。 work protocol。 multithreading 一個(gè)網(wǎng)絡(luò)嗅探工具的開發(fā) 目 錄 1 緒論 ................................................................................................. 1 背景及意義 ................................................................................ 1 任務(wù)與目標(biāo) ................................................................................ 2 章節(jié)安排 .................................................................................. 2 2 技術(shù)背景 ........................................................................................... 3 嗅探原理 .................................................................................. 3 捕獲機(jī)制 .................................................................................. 4 Winpcap 功能介紹 ........................................................................ 5 Winpcap 體系結(jié)構(gòu) ........................................................................ 6 3 需求分析 ........................................................................................... 8 用戶需求 .................................................................................. 8 功能需求 .................................................................................. 8 性能需求 .................................................................................. 9 運(yùn)行環(huán)境 .................................................................................. 9 4 設(shè)計(jì)概要 ..........................................................................................10 系統(tǒng)結(jié)構(gòu) .................................................................................10 設(shè)計(jì)思路 .................................................................................10 程序流程 .................................................................................11 5 詳細(xì)設(shè)計(jì)與實(shí)現(xiàn) .................................................................................12 WinPcap 設(shè)計(jì)步驟 .......................................................................12 WinPcap 的安裝 ..........................................................................12 相關(guān)函數(shù) .................................................................................13 數(shù)據(jù)結(jié)構(gòu) .........................................................................13 與 Windows 相關(guān)函數(shù) ...........................................................15 網(wǎng)絡(luò)接口函數(shù) ...................................................................16 一個(gè)網(wǎng)絡(luò)嗅探工具的開發(fā) 網(wǎng)絡(luò)適配器的設(shè)計(jì) ......................................................................16 函數(shù)調(diào)用關(guān)系 ...................................................................16 適配器的獲取與釋放 ...........................................................18 適配器的打開與關(guān)閉 ...........................................................19 多線程設(shè)計(jì) ...............................................................................20 過濾模塊設(shè)計(jì) ............................................................................22 捕獲模塊設(shè)計(jì) ............................................................................24 分析模塊設(shè)計(jì) ............................................................................25 其它模塊設(shè)計(jì) ............................................................................27 6 程序調(diào)試及測(cè)試 .................................................................................28 程序調(diào)試 .................................................................................28 程序測(cè)試 .................................................................................29 7 總結(jié) ................................................................................................34 成果 .......................................................................................34 展望 .......................................................................................35 參考文獻(xiàn) ........