东煤勘探局内网网络协议分析器设计与实现

发布时间：2018-06-22 00:30

本文选题：扫描 + 截获　；参考：《吉林大学》2014年硕士论文

【摘要】：国外网络技术的迅猛发展和网络的广泛普及使得网络安全的深层研究也日益受到人们的重视。与此同时，产生了大量的与网络分析和截获相关的软件，致使网络安全问题越来越迫切。国外的相关软件虽然很多，但是功能都比较单一，例如国外的：Sniffer，EtherPeek NX,Omin3等等。国内使用的相关软件，虽然功能强大，但是一般可视化的界面比较繁杂，需要大量记忆相关命令，来达到熟练运用的目的，例如国内：吉大中软的网络协议分析器、科来网络分析系统。另外，，目前市场上的相关软件还要购买相应的大型设备和相关的辅助软件，资金投入要求高，相应的维护费用也有所增加。如上述吉大中软的软件公司开发的网络协议分析器的软件，这款软件在网络分析和网络模拟方面相当的卓越，但是这款软件是需要相应的硬件支持，也就是说，需要吉大中软开发的路由器和交换机对软件进行支持。所以，开发一款简单实用的网络协议的分析程序(网络嗅探器)的需求应运而生。本文给出了项目的开发背景、主要应用功能,以及开发环境和开发工具。基于需求分析，我们重点实现如下功能： 1、扫描功能，比较ARP扫描、半端口扫描、NetBIOS扫描三种网络扫描的方法后，采用NetBIOS的服务接口扫描方法，利用MFC提供的Socket类库实现局域网内的快速稳定的扫描。 2、截获功能，采用WinPcap提供的类库和协议驱动程序，从物理层实现数据帧的截获。 3、发送功能，采用WinPcap提供的类库和协议驱动程序，来发送自定义的6种数据帧(MAC、ARP、IP、ICMP、TCP、UDP)。 4、界面方面，使用了BCG的BCGControlBar Library (v.6.2)Professional Edition开发库的控件和MFC提供的常用控件，截获数据帧界面部分由三个视图构成的拆分窗口（列表视图(CListView)、树形视图(CTreeView)、编辑视图(CEditView)）。
[Abstract]:With the rapid development of foreign network technology and the wide spread of network, people pay more and more attention to the deep research of network security. At the same time, there are a lot of software related to network analysis and interception, which makes network security more and more urgent. Although there are a lot of related software in foreign countries, they all have a single function, for example, the foreign version of "EtherPeek NX" Omin3 and so on. Although the relevant software used in China is powerful, the general visual interface is complicated and requires a large number of memorized commands to achieve the purpose of skillful use, such as domestic: Jida medium soft network protocol analyzer, Ke-Lai Network Analysis system. In addition, the related software in the market also need to purchase the corresponding large-scale equipment and related auxiliary software, the capital investment is high, the corresponding maintenance expense also increases. For example, the software of the network protocol analyzer developed by the software company of Jida in China, this software is quite excellent in network analysis and network simulation, but this software needs the corresponding hardware support, that is, The router and switch developed by Jida are needed to support the software. Therefore, the development of a simple and practical network protocol analysis program (network sniffer) came into being. This paper gives the development background, main application functions, development environment and development tools of the project. Based on requirement analysis, we focus on the following functions: 1. Scan function, compare ARP scan, half-port scan and NetBIOS scan, then use NetBIOS service interface scanning method. The socket class library provided by MFC is used to realize the fast and stable scan in the LAN. 2. The interception function, the class library provided by WinPcap and the protocol driver, are used to realize the capture of data frames from the physical layer. The class library and protocol driver provided by WinPcap are used to send 6 kinds of custom data frames (MACARP / IP / ICMPU / TCPUDP). 4. In terms of interface, we use BCG's BCGControlBar Library (v.6.2) Professional Edition development library controls and MFC common controls. A split window (list view, tree view, CEditView).) composed of three views in the interface of intercepting data frames
【学位授予单位】：吉林大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】