【正文】 本嗅探工具完成了數(shù)據(jù)包捕獲及分析、協(xié)議過濾的主要功能， 實現(xiàn) 了 對 網(wǎng)絡(luò)協(xié)議 、源 IP 地址 、 目標 IP 地址及端口號等信息 的顯示， 使得該程序能夠 比 較全面 地 分析出 相關(guān) 信息以供用戶參考決策。 本 畢業(yè)設(shè)計通過分析網(wǎng)絡(luò)上常用的嗅探軟件 ，在了解其功能和原理的基礎(chǔ)上，以 VC為開發(fā)平臺 ， 使用 Windows 環(huán)境下 的網(wǎng)絡(luò)數(shù)據(jù)包捕獲開發(fā)庫 WinPcap， 按照軟件工程的思想進行設(shè)計 并 實現(xiàn) 了 一 個網(wǎng)絡(luò)嗅探工具 。通過獲取網(wǎng)絡(luò)數(shù)據(jù)包的流向和內(nèi)容等信息，可以進行網(wǎng)絡(luò)安全分析和網(wǎng)絡(luò)威脅應對。 一個網(wǎng)絡(luò)嗅探工具的開發(fā) 一個網(wǎng)絡(luò)嗅探工具的開發(fā) 摘要 隨著 網(wǎng)絡(luò) 技術(shù)的飛速發(fā)展，網(wǎng)絡(luò)安全問題越來越被人重視。嗅探技術(shù)作為網(wǎng)絡(luò)安全攻防中最基礎(chǔ)的技術(shù)，既可以用于獲取網(wǎng)絡(luò)中傳輸?shù)拇罅棵舾行畔ⅲ部捎糜诰W(wǎng)絡(luò)管理。因此對網(wǎng)絡(luò)嗅探器的研究具有重要意義。 該嗅探 工具 的總 體架構(gòu) 劃分為 5 個部分，分別是最底層的數(shù)據(jù)緩存和數(shù)據(jù)訪問、中間層的數(shù)據(jù)捕獲 、 協(xié)議 過濾 、 協(xié)議分析 和最頂層的圖形化用戶界面。 關(guān)鍵詞 ： 網(wǎng)絡(luò) 嗅探 ； WinPcap 編程接口 ； 數(shù)據(jù)包 ； 網(wǎng)絡(luò)協(xié)議 ；多線程 一個網(wǎng)絡(luò)嗅探工具的開發(fā) THE DEVELOPMENT OF A NETWORK SNIFFER TOOL ABSTRACT Network security is increasingly being seriously with the rapid development of puter technologies. Sniffer technology, as the most basic technology in work attack and defense, can be used to access amounts of sensitive work information in the work transmission, and also be used for work management. We can analysis work security and deal with work threats with information of captured packet. Therefore, it is of significance to study work sniffer technology. This Graduation Project implemented a work sniffer tool by analysising monly used work sniffer software, in the base of understanding their functions and principle. This project is developed under the Windows environment, and using VC as development platform, WinPcap as work packet capture Development Library, according to the idea of software engineering design. The general framework of the sniffer tool has five parts, namely, the lowest level of data caching and data access, the middle layer of data capture、 protocol filtering、 protocol analysis, and the most toplevel graphical user interface. The program pleted the main functions of packet capture, analysis and protocol filtering. Information displayed in work protocol, source and target IP address and port number, can be more prehensive analysized by users to refer and make decision. Key words： work sniffer。 data packet。 multithreading 一個網(wǎng)絡(luò)嗅探工具的開發(fā) 目 錄 1 緒論 ................................................................................................. 1 背景及意義 ................................................................................ 1 任務與目標 ................................................................................ 2 章節(jié)安排 .................................................................................. 2 2 技術(shù)背景 ........................................................................................... 3 嗅探原理 .................................................................................. 3 捕獲機制 .................................................................................. 4 Winpcap 功能介紹 ........................................................................ 5 Winpcap 體系結(jié)構(gòu) ........................................................................ 6 3 需求分析 ........................................................................................... 8 用戶需求 .................................................................................. 8 功能需求 .................................................................................. 8 性能需求 .................................................................................. 9 運行環(huán)境 .................................................................................. 9 4 設(shè)計概要 ..........................................................................................10 系統(tǒng)結(jié)構(gòu) .................................................................................10 設(shè)計思路 .................................................................................10 程序流程 .................................................................................11 5 詳細設(shè)計與實現(xiàn) .................................................................................12 WinPcap 設(shè)計步驟 .......................................................................12 WinPcap 的安裝 ..........................................................................12 相關(guān)函數(shù) .................................................................................13 數(shù)據(jù)結(jié)構(gòu) .........................................................................13 與 Windows 相關(guān)函數(shù) ...........................................................15 網(wǎng)絡(luò)接口函數(shù) ...................................................................16 一個網(wǎng)絡(luò)嗅探工具的開發(fā) 網(wǎng)絡(luò)適配器的設(shè)計 ......................................................................16 函數(shù)調(diào)用關(guān)系 ...................................................................16 適配器的獲取與釋放 ...........................................................18 適配器的打開與關(guān)閉 ...........................................................19 多線程設(shè)計 ...............................................................................20 過濾模塊設(shè)計 ............................................................................22 捕獲模塊設(shè)計 ............................................................................24 分析模塊設(shè)計 ............................................................................25 其它模塊設(shè)計 ............................................................................27 6 程序調(diào)試及測試 .................................................................................28 程序調(diào)試 .................................................................................28 程序測試 .................................................................................29 7 總結(jié) ................................................................................................34 成果 .......................................................................................34 展望 .......................................................................................35 參考文獻 ....................................