网络安全监管实验.docx

1、网络安全监管实验使用WinPcap进行网络数据包编程一、实验目的通过实验创建一个使用 wpcap.dll 的应用程序，学习如何使用WinPcap进行编程。二、实验环境操作系统环境：Windows2000/NT/XP；编程环境：Visual c+；Turbo c三、实验任务任务性质：设计性实验任务描述：首先要完全理解winpcap编程的实现过程，然后用C或C+编写程序。实验步骤：1.首先运行winpcap的安装程序WinPcap_3_1.exe，然后把winpcap开发包WpdPack_3_1.zip解压缩到某个目录下，这里假设把winpcap开发包解压缩到C:wpdpack文件夹下。在C:wp

2、dpack文件夹下有子文件夹”include”和”lib”，分别把它们添加到VC的头文件路径和静态链接库路径下面。具体方法如下:打开VC，选择Tools菜单的子菜单options，打开对话框Options，选择Directory页面，然后在”Include files”中添加路径”C:wpdpackinclude”，在”Library files”中添加路径”C:wpdpacklib”。某些应用程序可能使用到Platform SDK，此时应该安装psdk，然后将其include和lib目录添加到VC的头文件路径和静态链接库路径下面。 在具体开发一个基于winpcap的工程时，还需要把winpc

3、ap的静态链接库wpcap.lib添加进来。选择菜单Project的子菜单Settings，打开对话框Project Settings，选择页面Link，在项目Object/library modules中添加wpcap.lib。由于在Windows中要使用其他网络函数操作，如ntohs()，必须使用套接字函数，所以还应该添加静态链接库wsock32.lib。有些控制台程序需要运行参数，可以在VC中这样设置：打开VC菜单Project的子菜单Setting中的对话框Project Settings，然后在页面Debug的选项Program arguments中填入参数。2. 创建工程打开VC，

4、选择菜单File New，在弹出的对话框中选择Projects页，再选择Win32 Console Application，通过Location下面的编辑框旁边的按钮选择存放工程的路径，在Project name:下的编辑框中输入工程名Proj_1，单击OK按钮。在弹出的对话框中选择An empty project，单击Finish按钮。在接下来弹出的对话框中单击OK按钮。选择菜单File New，在弹出的对话框中选择Files页，再选择C+ Source File，将Add to project左边的选择框选中，确定Add to project下面的编辑框中出现的是Proj_1。在File下

5、的编辑框中输入文件名ex1，单击OK按钮。 单击Save All工具条，再单击Build (F7)工具条，输出窗口显示以下信息。单击工具条上红色的!号运行程序。3. Packet Dump 这个程序会依据命令行参数，从网络适配器，或是从文件来读取数据包。如果没有提供源，那么程序会显示出所有可用的适配器，你可以选其中一个。当捕获过程开始，程序会打印数据包的时间戳，长度，原始内容。一旦被编译了，那么它将能运行于所有的Win32平台，当然，它也可以被编译成Unix平台的程序。 -/* * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torin

6、o (Italy) * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain

7、the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3.

8、 Neither the name of the Politecnico di Torino, CACE Technologies * nor the names of its contributors may be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * AS IS A

9、ND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CON

10、SEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING I

11、N ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include #include / / NOTE: remember to include WPCAP and HAVE_REMOTE among your / preprocessor definitions. / #include #define LINE_LEN 16 main(int argc, char *argv) pcap_if_t *alldevs, *d; pcap_t *

12、fp; u_int inum, i=0; char errbufPCAP_ERRBUF_SIZE; int res; struct pcap_pkthdr *header; const u_char *pkt_data; printf(pktdump_ex: prints the packets of the network using WinPcap.n); printf( Usage: pktdump_ex -s sourcenn Examples:n pktdump_ex -s file:/c:/temp/file.acpn pktdump_ex -s rpcap:/DeviceNPF_

13、C8736017-F3C3-4373-94AC-9A34B7DAD998nn); if(argc next) printf(%d. %sn , +i, d-name); if (d-description) printf( (%s)n, d-description); else printf( (No description available)n); if (i=0) fprintf(stderr,No interfaces found! Exiting.n); return -1; printf(Enter the interface number (1-%d):,i); scanf(%d

14、, &inum); if (inum i) printf(nInterface number out of range.n); /* Free the device list */ pcap_freealldevs(alldevs); return -1; /* Jump to the selected adapter */ for (d=alldevs, i=0; inext, i+); /* Open the device */ if ( (fp= pcap_open(d-name, 100 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/,

15、 20 /*read timeout*/, NULL /* remote authentication */, errbuf) ) = NULL) fprintf(stderr,nError opening adaptern); return -1; else / Do not check for the switch type (-s) if ( (fp= pcap_open(argv2, 100 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/, 20 /*read timeout*/, NULL /* remote authenticati

16、on */, errbuf) ) = NULL) fprintf(stderr,nError opening source: %sn, errbuf); return -1; /* Read the packets */ while(res = pcap_next_ex( fp, &header, &pkt_data) = 0) if(res = 0) /* Timeout elapsed */ continue; /* print pkt timestamp and pkt len */ printf(%ld:%ld (%ld)n, header-ts.tv_sec, header-ts.t

17、v_usec, header-len); /* Print the packet */ for (i=1; (i caplen + 1 ) ; i+) printf(%.2x , pkt_datai-1); if ( (i % LINE_LEN) = 0) printf(n); printf(nn); if(res = -1) fprintf(stderr, Error reading the packets: %sn, pcap_geterr(fp); return -1; return 0; 数据包过滤器 这是一个更加完整的使用libpcap的范例程序，它显示了如何创建和设置过滤器，如何把

18、捕获保存到磁盘。这个程序在Win32和Unix平台下都能编译。Pcap_filter(pf.exe)是一个通用的数据包过滤程序：它的输入参数有数据包的源(可以是物理接口，或是一个文件)，过滤器和一个输出文件。它会从源获取数据包，并对它们进行过滤，如果它们符合过滤器的要求，就把它们保存到输出文件，直到按下Ctrl+C，或者整个文件处理完毕。Pcap_filter不但可以根据一个特定的过滤器，来堆处理网络中的数据，而且可以从已经保存过的文件中提取数据包。输入和输出文件的格式都是libpcap兼容的格式，比如，WinDump,tcpdump和其他许多网络工具。 /* * Copyright (c)

19、1999 - 2005 NetGroup, Politecnico di Torino (Italy) * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. R

20、edistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other mate

21、rials provided with the distribution. * 3. Neither the name of the Politecnico di Torino, CACE Technologies * nor the names of its contributors may be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE CO

22、PYRIGHT HOLDERS AND CONTRIBUTORS * AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT

23、, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (IN

24、CLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include #include #include #define MAX_PRINT 80 #define MAX_LINE 16 void usage(); void main(int argc, char *argv) pcap_t *fp; char errbufPCAP_ERRBUF_SIZE; ch

25、ar *source=NULL; char *ofilename=NULL; char *filter=NULL; int i; pcap_dumper_t *dumpfile; struct bpf_program fcode; bpf_u_int32 NetMask; int res; struct pcap_pkthdr *header; const u_char *pkt_data; if (argc = 1) usage(); return; for(i=1;i argc; i+= 2) switch (argvi 1) case s: source=argvi+1; ; break

26、; case o: ofilename=argvi+1; ; break; case f: filter=argvi+1; ; break; / open a capture from the network if (source != NULL) if ( (fp= pcap_open(source, 1514 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/, 20 /*read timeout*/, NULL /* remote authentication */, errbuf) ) = NULL) fprintf(stderr,nUna

27、ble to open the adapter.n); return; else usage(); if (filter != NULL) / We should loop through the adapters returned by the pcap_findalldevs_ex() / in order to locate the correct one. / / Lets do things simpler: we suppose to be in a C class network ;-) NetMask=0xffffff; /compile the filter if(pcap_compile(fp, &fcode, filter, 1, NetMask) 0) fprintf(stderr,nError compiling filter: wrong syntax.n); return; /set the filter if(pcap_setfilter(fp, &fcode)= 0) if(res = 0) /* Timeout elapsed */ continue; /save the packet on t