基于WinPcap的网络嗅探器的设计与实现

发布时间：2018-02-10 23:28

本文关键词： 网络嗅探器 Winpcap TCP/IP　出处：《吉林大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着信息时代的高速发展，Internet所提供的业务范围越来越广，从简单的资料查阅到线上交易，互联网所承载的用户信息十分庞大。而在现在主流的TCP/IP协议下，网络显露出很多安全问题。因此，在网络给人们带来愈来愈多便捷服务的同时，人们也开始更加关注其安全程度。这使得Internet的安全已经成为亟待解决的问题。网络嗅探器由此而生，它作为网络流量监控和故障检测中必不可少的工具之一，已经成为计算机专业一个重要的领域。网络嗅探器具有很强的收集数据的能力，无论在维护网络安全方面还是辅助黑客进行攻击方面都有着十分重要的作用。它可以有效的探测到网络上传输的数据包信息，通过分析和利用可以有效的维护网络安全。当我们深陷网络问题的时候，嗅探器可以帮我们确定问题的根源所在。本次研究基于对TCP/IP协议中各类数据包结构和嗅探器实现原理的深入理解。在设计过程中我们将整个程序划分为三个子模块：网络嗅探的设置、网络数据包捕获以及数据包解析和显示，，我们对每一个模块进行详细的算法分析和设计。在这个过程中，我们采用面向对象的C++进行实现，利用MFC、多线程技术。我们依据嗅探器的实现原理，依次实现对网络适配器信息的获取，打开网络设备，设置并编译过滤器，捕获数据包，读取离线数据包，我们通过每一步的具体实现，最终在在Windows平台上实现了基于WinPcap的网络嗅探器的实现。在研究过程中，我们解决了捕获与解析数据包同时进行、跨线程调用主窗口控件以及packet_next_ex函数捕获的header和pkt_data指针在postmessage后出现地址错误等重要问题。此次开发的网络嗅探器工具能够根据协议类型、端口、地址信息对数据包进行过滤，采用了多线程的实现，并实现了易于使用的操作界面。完成了此次课题研究的目的。我们所设计的网络嗅探器能够详细的显示出所捕获的数据包，从而在此基础上做出相应的分析和统计。
[Abstract]:With the rapid development of the information age, the scope of services provided by the Internet is becoming more and more extensive. From simple data access to online transactions, the Internet carries a huge amount of user information. However, under the current mainstream TCP/IP protocol, The network reveals a lot of security problems. Therefore, while the network brings more and more convenient services to people, People are also beginning to pay more attention to the security of Internet, which makes the security of Internet an urgent problem. Thus, network sniffer is one of the essential tools in network traffic monitoring and fault detection. It has become an important field of computer science. Network sniffer has a strong ability to collect data, whether in the maintenance of network security or in assisting hackers to attack, it can effectively detect the transmission of data packets on the network. Network security can be effectively maintained through analysis and utilization. When we are trapped in network problems, sniffer can help us identify the root cause of the problem. This study is based on the in-depth understanding of the various packet structures and sniffer implementation principles in the TCP/IP protocol. In the design process, we divide the whole program into three sub-modules: the setting of network sniffer, Network packet capture and packet parsing and display, we analyze and design each module in detail. In this process, we use object-oriented C to implement, According to the principle of sniffer, we can obtain the network adapter information, open the network device, set up and compile the filter, capture the data packet, read the off-line data packet. Finally, we realize the network sniffer based on WinPcap on the Windows platform through the concrete realization of each step. In the research process, we solve the problem of capturing and parsing data packets simultaneously. Some important problems such as cross-thread call to the main window control and header and pkt_data pointers captured by the packet_next_ex function occur after the postmessage. The network sniffer tool developed in this paper can filter data packets according to protocol type, port and address information. The design of the network sniffer can display the captured data packet in detail, and then make the corresponding analysis and statistics.
【学位授予单位】：吉林大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】