基于C 网络嗅探器的设计与实现-精品.doc

基于C#的网络嗅探器的设计与实现 摘 要 随着网络技术的发展和网络应用的普及，越来越多的信息资源放在了互联网上，网络的安全性和可靠性显得越发重要。因此，对于能够分析、诊断网络，测试网络性能与安全性的工具软件的需求也越来越迫切。网络嗅探器具有两面性，攻击者可以用它来监听网络中数据，达到非法获得信息的目的，网络管理者可以通过使用嗅探器捕获网络中传输的数据包并对其进行分析，分析结果可供网络安全分析之用。 本文对网络嗅探技术进行了简要分析，研究了网络数据包的捕获机制，如winpcap、原始套接字。文中首先分析了嗅探的原理和危害,并介绍了几种常见的嗅探器，然后研究了入侵检测系统中使用的包捕获技术。本文利用原始套接字在windows平台下实现了一个网络嗅探器程序，完成了对数据包进行解包、分析数据包的功能。 关键词：网络嗅探器；数据包捕获；数据包分析；原始套接字 基于C#的网络嗅探器的设计与实现 PAGE 20 PAGE 21 ABSTRACT Along with the development of network technologies and the popularization of network applications, more and more information resources are put on internet. The network security and reliability become important increasingly. Therefore, the demand of the software tools which could analyze, diagnosis and test network performance or security are more and more pressing. Network sniffer has two sides. An attacker can use it to monitor network data, to achieve the purpose for obtaining information illegally, while network managers can use it to capture and analyze the data which transmitted on network. The result of analysis can be used to analyze the network security. This thesis briefly analyzed the technology of network sniffer, and researched the capture mechanism of network data packets such as winpcap and raw socket. This paper first analyzed the theory and the harm of sniffer, introduced several common sniffers, and then researched the capture technology which used in the intrusion detection system. The thesis uses raw sockets on windows platform to realize one sniffer which can complete unpack and analyze data packet. Key words：network sniffer; capture data packet; analyze data capture; raw sockets 目 录 摘要 Abstract TOC \o 1-3 \h \z \u HYPERLINK \l _Toc386978077 第一章 绪 论 PAGEREF _Toc386978077 \h 1 HYPERLINK \l _Toc386978078 1.1 选题背景与意义 PAGEREF _Toc386978078 \h 1 HYPERLINK \l _Toc386978079 1.2 网络安全的现状 PAGEREF _Toc386978079 \h 1 HYPERLINK \l _Toc386978080 1.2.1 计算机网络安全的问题 PAGEREF _Toc386978080 \h 1 HYPERLINK \l _Toc386978081 1.1.2 网络安全机制及技术措施