【正文】 儲錯誤信息。設(shè)置過濾器所使用的函數(shù)。1 )判斷網(wǎng)絡(luò)類型的函數(shù) ，其函數(shù)原型為 ：int pcap_datalink (pcap_t d )它的功能是返回主機所在的鏈路層上的一個適配器 ，即鏈路層的類型 ，如D1EN10MB指的就 是10 M以太網(wǎng)。參數(shù)是一個WinPCap 核心類型，內(nèi)部定義了多個變量 ，是表示W(wǎng)inPcap句柄 的數(shù)據(jù)結(jié)構(gòu)。2 ) 編譯過濾條件的函數(shù),其原型為：1. int pcap_pile ( bpf_pro gramprog，char buffer，int opt_bpfu int 32mask )此函數(shù)操作成功返回0 ，操作失敗則返回1。 參數(shù)P 表示W(wǎng)inPcap 的一個句柄 ，參數(shù)prog 表示BPF的過濾規(guī)則 (NP F的過濾機制來源于BPF。即BSD Packet Filter)。參數(shù) buffer 表示一個包含布爾表達式的過濾規(guī)則的字符串 ，參數(shù)opt 表示優(yōu)化。參數(shù) mask 表示是主機的IP地址的掩碼 。此函數(shù)功能是把參數(shù)buf內(nèi)的過濾規(guī)則字符串轉(zhuǎn)化為一個能夠被底層協(xié)議驅(qū)動(這里主要是NPF )所識別和解釋的二進制編碼 。 檢測的過程2. 首先用ARP泛洪攻擊進行攻擊不斷地發(fā)送偽造的數(shù)據(jù)包。圖 ARP泛洪攻擊3. ， 攻擊者 圖 被攻擊者，第一步打開網(wǎng)卡，顯示網(wǎng)卡信息，然后選擇自己的網(wǎng)卡2。 ，攻擊者的IP為：,，MAC為206A8A6DD1EB，所以試驗的結(jié)果達到了預(yù)期的效果，在模擬環(huán)境下可以檢測到ARP的攻擊，并能分析出攻擊者的IP和受害者的IP與MAC。 打印網(wǎng)卡圖 檢測結(jié)果6 結(jié)論隨著近年來“ARP”地址欺騙類攻擊的興起，公眾上網(wǎng)設(shè)施由于其終端眾多、網(wǎng)絡(luò)廣播域大、安全防護網(wǎng)關(guān)缺乏、用戶層次面廣的特征，極易被不法分子利用，他們使用ARP攻擊發(fā)布不良信息、監(jiān)聽盜取用戶帳號、在公眾服務(wù)網(wǎng)頁掛載惡意代碼等，已經(jīng)影響到區(qū)域內(nèi)公眾上網(wǎng)安全。ARP 欺騙利用ARP協(xié)議的安全漏洞，給局域網(wǎng)內(nèi)各主機的安全通信帶來了極大地危害。局域網(wǎng)內(nèi)一旦出現(xiàn) ARP 攻擊，將會導(dǎo)致整個通信網(wǎng)絡(luò)安全的性能下降，甚至使整個網(wǎng)絡(luò)癱瘓。首先，本設(shè)計從理論入手，在掌握了 ARP 協(xié)議相關(guān)理論的基礎(chǔ)上對 ARP 協(xié)議的工作原理、通信模式以及 ARP 協(xié)議的固有缺陷作了深入分析。在分析研究 ARP 欺騙攻擊原理的基礎(chǔ)上，編程實現(xiàn)了一種 ARP 溢出攻擊和一種ARP攻擊的檢測方法，并在小型局域網(wǎng)環(huán)境中，模擬實現(xiàn)其實施欺騙攻擊的過程。然后，本文又分析探討了現(xiàn)有各種防范 ARP 欺騙攻擊的機制，以及它們的優(yōu)缺點。致謝首先要感謝我的指導(dǎo)老師李菊葉老師，在大四下半學(xué)期的畢業(yè)設(shè)計中給了我極大的幫助。指導(dǎo)老師平易近人，對不懂的問題能給我們耐心的講述，給我留下了深刻的印象。該課題能順利完成，離不開指導(dǎo)老師的關(guān)心與指導(dǎo)，在此向指導(dǎo)老師表示衷心的感謝。感謝我的同學(xué)在我的學(xué)習和生活中都給了我極大的幫助和關(guān)心，遇到問題時，經(jīng)常犧牲個人時間為我答疑解惑，經(jīng)常能得到他們的細心指點和啟發(fā)，在此向他們的無私精神表示誠摯的謝意。最后要感謝全體老師與同學(xué)在整個學(xué)習過程中，給予了我無微不至的關(guān)愛與支持，使我有堅定的信念克服困難、完成學(xué)業(yè)。 參考文獻[1] [N].中國電腦教育報，2009，6.[2] 單國杰，徐夫田, ARP 欺騙攻擊的防御策略研究[J].計算機與現(xiàn)代化，2010(12):8588.[3] 胡曉元， 包截獲系統(tǒng)的分析及其應(yīng)用[J].計算機工程，2005，(2):9698.[4] 任俠， 欺騙原理分析與抵御方法[J].計算機工程,2003，9:2728.[5] 王燕，[J].信息安全,2007，23(12):7274.[6] 單國杰, [J].信息技術(shù)與信息化,2010(2):4749.[7] 吳高凱，、防范與追蹤，中國鐵道出版社[M], 2008，6.[8] [M].北京:電子工業(yè)出版社, 2007，6.[9] [J].網(wǎng)絡(luò)安全, 2007，2.[10] 陸余良，[J].計算機工程, 2004年.[11] [M]. 北京:中國鐵道出版社, 2008 年.[12] 郭浩，[J].信息安全與通信保密, 2005，10:6646[13] 林宏剛， ARP 攻擊的算法研究[J].四川大學(xué)學(xué)報，2008，40(3):143149.[14] [J].福建信息技術(shù)教育,2008,1(8):2024.[15] 徐華中，[J].中國水運，2007,3(5):9799.[16] (第三版)[M].北京:清華大學(xué)出版社，2009 年.[17] 鄭文兵，[J].江南大學(xué)學(xué)報(自然科學(xué)版), 2003，2(6):574577.[18] Bruschi D, Ornaghi A, Rosti E. SARP: A secure address resolution protocol[C]. Proceedings of the19thAnnual Computer Security Applications Conference. NV, USA:IEEE puter Society, 2003.[19] Goyal V, TrIPathy R. An efficient solution to the ARP cache poisoning problem[C]. 10th AustralasianConference on In formation Security and Privacy(ACISP2005).[20] 羅杰云，[J], 2003,5(12):43一45.附錄A外文文獻：Research on the defense against ARP Spoofing Attacks based on WinpcapWenjian XingThe Moden Education Technology Cnter Hebei University of Engineering HanDan Hebei ,Chinaxingwenjian@Abstract：Based on the study of the existing methods and the WinPcaP, aimed with the ARP spoofing attacks achieved mainly by disguising the gateway, the thesis presents a method of defending ARP spoofing attacks based on WinPcaP. The method is: Setting filtering rules by filtering mechanisms of the WinPcaP, and the system just captures the ARP packets flowing through the local card, and then sends the packets to the analysis module。 In the analysis module, the system parses out the IP address and MAC address from the data packets, and sends them to the checking module。 In the checking module, the system first judges whether the last number of the IP address is one, if not, the system gives up treating the packet, otherwise pares the IP/MAC to the right IP/MAC and sends the result to the response module。 In the response module, if judging there exists ARP spoofing attacks, the system sends information to the users, modifies the ARP cache table and stores the information to the database server. Keywords：Network Security。 Winpcap。 ARP Spoofing。 FiltrateI. IntroductionARP protocol, located in the network layer of TCP / IP protocol stack is responsible for the resolution of IP address into a corresponding MAC address. As the final network is transmitted in accordance with the MAC address, as for LAN, ARP protocol is the normal munication of a network based on. ARP spoofing attacks exploit the flaw of ARP itself in TCP / IP protocols , that is, not to verify ARP response packet sent, but directly update ARP cache table. It sends ARP response package to the target host, makes the target host update their ARP cache table, the package sent to its own instead of the posing machine, through which spoofs information. The reason is that one or machines within LAN infected with some ARP virus, which lead to each machine under attack[1]. This paper achieves a packet capture and filtering through the data packet capture and filtering mechanisms in winPcaP, as well as related interface and data structure,。 resolves the packet by use of protocol analytic functions。 judges if spoofed using set methods, and transmits results to the response module for the appropriate treatment in accordance with the results judged by the detection module[2]. PRINCIPLE OF ARP ARP is responsible for the agreement to host the target of 32bit IP address into the corresponding 48bit MAC address, so as to ensure smooth munication. Web hosting is usually included in the ARP cache multIPle forms of munication used to keep the last of the host IP address and MAC address of the corresponding resolution, thus greatly reducing the frequency of address resolution and expenses [3]. As the ARP is a stateless protocol, in the absence of a request being able to send the response packet, which for the ARP virus attacks can be provided for the machine.ARP virus is a ARP deceit Trojan horse virus. When the local area network with the virus in the host running the Trojan horse virus, ARP, will deceive all the local area network routers and hosts, so that all Internet traffic to go through the host virus, which in