局域网监听系统设计与实现

摘要：局域网的监听系统可以监视网络的状态,并利用这些信息分析网络性能等。本文介绍了局域网监听的基本原理和它的系统实现实现,系统设计包括用户界面部分、数据包的捕获与过滤部分、监听检测部分、数据解码部分。

关键词:网络安全; 局域网技术;网络监听

 

Abstract: LAN network monitoring system can monitor the status and use the information network performance analysis, and so on. In this paper, LAN monitor the basic principles and systems to achieve its realization, systems design, including part of the user interface, data capture and packet filtering of the eavesdropping detection of the decoding of the data.
Key words: network security; LAN technology; eavesdropping 

 

                          目 录

第一章 前言 2

第二章局域网监听的原理和防范    3

2.1网络监听 4

2.2在局域网实现监听的基本原理 4

2.3监听的简单实现 5

2.4如何检测并防范网络监听 5

2.4.1对可能存在的网络监听的检测 5

2.4.2对网络监听的防范措施 6

第三章监听与检测概述    7

3. 1监听概述 7

2.2检测概述 8

第三章程序部分的实现    9

3.1 程序的总体设计 9

3. 2界面部分 10

3.3以太网的数据包捕获 11

3.4数据包的过滤 11

3.5数据包的解码 12

3.6监听检测功能 13

第四章局域网监听系统总体设计    15

4.2模块划分及功能设计 16

4.2.1控制台子系统 16

4.2.2监控代理子系统 16

4.2.3通信模块 17

4.3局域网监听系统详细设计 18

4.3.1网络监听模块设计 18

4.3.2 LAN监听模块结构设计 19

4.3.3信息内容分析模块设计 23

第五章局域网监听系统测试 32

结 语               36

参 考文 献 37

 

 第一章     前言

随着计算机技术的发展,网络已日益成为生活中不可或缺的工具,但伴之而来的非法入侵也一直威胁着计算机网络系统的安全。由于局域网中采用广播方式,因此,在某个广播域中可以监听到所有的信息包。而黑客通过对信息包进行分析,就能获取局域网上传输的一些重要信息。事实上,很多黑客入侵时都把局域网扫描和侦听作为其最基本的步骤和手段,原因是想用这种方法获取其想要的密码等信息。但另一方面,我们对黑客入侵活动和其它网络犯罪进行侦查、取证时,也可以使用网络监听技术来获取必要的信息。因此,了解以太网监听技术的原理、实现方法和防范措施就显得尤为重要。

网络监听在网络安全上一直是一个比较敏感的话题。一方面，网络监听在协助网络管理员监测网络传输数据，排除网络故障等方面具有不可替代的作用;另一方面，网络监听也给以太网安全带来了极大的隐患，许多的网络入侵往往都伴随着以太网内的网络监听行为，从而造成口令失窃，敏感数据被截获等事件。实际上，在网络中，当信息进行传播的时候，可以利用工具将网络接口设置在监听模式，便可将网络中正在传播的信息截获或者捕获到，从而进行攻击。

在Ethernet局域网内通常采用广播方式传输数据，因此不论数据包的目标物理地址是什么，同一局域网内的主机物理层均能接收到发送的数据包。然而只有与数据包中物理层目标地址一致的那台主机才将数据包向上层程序传送并处理。但是当某台主机的网卡工作在混杂模式时，则不管数据包中的物理层目标地址是什么，该主机的上层程序都可以获取到数据包。这就是网络监听的基本原理。

本文主要介绍了以太局域网中数据包的监听以及监听检测的原理和实现方法，然后从监听与检测的实现原理出发来设计一个同时具有监听和检测功能的软件系统。为了便于程序设计，使用目前流行的开发工具Visual C十语言，采用面向对象(OOP）的设计思想来设计各个模块，便于以后整个软件系统的开发雄护与升级。  

 

 

 

 

第二章 局域网监听的原理和防范

根据IEEE的描述,局域网技术是"把分散在一个建筑物或相邻几个建筑物中的计算机、终端、大容量存储器的外围设备、控制器、显示器、以及为连接其它网络而使用的网络连接器等相互连接起来,以很高的速度进行通讯的手段"。局域网具有设备共享、信息共享、可进行高速数据通讯和多媒体信息通信、分布式处理、具有较高的兼容性和安全性等基本功能和特点。目前局域网主要用于办公室自动化和校园教学及管理,一般可根据具体情况采用总线形、环形、树形及星形的拓扑结构。

2.1网络监听

网络监听技术本来是提供给网络安全管理人员进行管理的工具,可以用来监视网络的状态、数据流动情况以及网络上传输的信息等。当信息以明文的形式在网络上传输时,使用监听技术进行攻击并不是一件难事,只要将网络接口设置成监听模式,便可以源源不断地将网上传输的信息截获。网络监听可以在网上的任何一个位置实施,如局域网中的一台主机、网关上或远程网的调制解调器之间等。

2.2在局域网实现监听的基本原理

对于目前很流行的以太网协议,其工作方式是:将要发送的数据包发往连接在一起的所有主机,包中包含着应该接收数据包主机的正确地址,只有与数据包中目标地址一致的那台主机才能接收。但是,当主机工作监听模式下,无论数据包中的目标地址是什么,主机都将接收(当然只能监听经过自己网络接口的那些包)。在因特网上有很多使用以太网协议的局域网,许多主机通过电缆、集线器连在一起。当同一网络中的两台主机通信的时候,源主机将写有目的的主机地址的数据包直接发向目的主机。但这种数据包不能在IP层直接发送,必须从TCP/IP协议的IP层交给网络接口,也就是数据链路层,而网络接口是不会识别IP地址的,因此在网络接口数据包又增加了一部分以太帧头的信息。在帧头中有两个域,分别为只有网络接口才能识别的源主机和目的主机的物理地址,这是一个与IP地址相对应的

 

 

LAN monitoring system design and implementation of


 


Abstract: The local area network monitoring system can monitor the network status, and use this information to analyze network performance. This article describes the basic principles of the LAN monitoring and its implementation of the system implementation, system design, including the user interface part of the packet capture and filtering part, listening test section, the data decoding part.

Key words: network security; LAN technology; Network Monitoring

  

Abstract: LAN network monitoring system can monitor the status and use the information network performance analysis, and so on. In this paper, LAN monitor the basic principles and systems to achieve its realization, systems design, including part of the user interface, data capture and packet filtering of the eavesdropping detection of the decoding of the data.
Key words: network security; LAN technology; eavesdropping

  







                          Directory

Chapter Foreword 2

Chapter II the principle of local area network monitoring and prevention of 3

2.1 Network Monitoring 4

2.2 In the local area network to achieve the basic principles of listening 4

2.3 Monitor the simple realization of 5

2.4 How to detect and prevent network monitoring 5

2.4.1 on the possible detection of network monitoring 5

2.4.2 Network Monitoring and preventive measures for six

Chapter 7 outlines monitoring and detection of

3.1 Monitor Overview 7

2.2 Detection of an overview of 8

Chapter III programs part of the implementation of nine

3.1 The overall design process 9

3.2 interface, part of the 10

3.3 Ethernet packet capture 11

3.4 packet filtering 11

3.5 packet decoding 12

3.6 Monitor detection 13

Chapter IV Local Area Network Monitoring System Design 15

4.2 module division and functional design 16

4.2.1 Console Subsystem 16

4.2.2 monitoring agent subsystem 16

4.2.3 Communication Module 17

4.3 LAN monitoring system detailed design of the 18

4.3.1 Network Monitoring Module 18

4.3.2 LAN monitoring module structure design 19

4.3.3 Information content analysis module design 23

Chapter V LAN monitoring system test 32

Conclusion 36

References 37

  

 Chapter Preface

With the development of computer technology, the network has increasingly become an indispensable tool in life, but comes with the illegal invasion has also been threatening the security of computer network system. As the use of LAN broadcast, therefore, in a broadcast domain, you can listen to all packets. The hacker through packet analysis, you can access the LAN to transmit some of the important information. In fact, many regard the local area network hacking scanning and listening as their most basic steps and tools is because we wish to use this method to obtain the desired password and other information. On the other hand, we are hacking activities and other cyber crime investigation, evidence collection, you can also use network monitoring to obtain the necessary information. Therefore, the understanding of Ethernet technology, the principle of monitoring, implementation and preventive measures becomes particularly important.

Network monitoring network security has always been a sensitive topic. On the one hand, the network monitoring in assisting the network administrator to monitor network traffic, remove network failure, etc. has an irreplaceable role; the other hand, the Ethernet network monitoring also brought great security risks, many network intrusion are often accompanied by the Ethernet network monitoring within the behavior, resulting in stolen passwords and sensitive data from being intercepted by such incidents. In fact, in the network, when the information transmitted when the network interface can use the tool to set listening mode, it will be the network is spreading the information intercepted or captured, and thus attack.

Commonly used in Ethernet LAN broadcast transmission of data, so both the physical address of the packet goal of what is in the same local area network physical layer within the host can receive the sent packets. However, only the data packets in the same physical layer destination address of that host until the data packets sent to the upper procedure and process. However, when a host''s NIC work in promiscuous mode, then regardless of the physical layer packet destination address what is the host of the top programs can get to the data packet. This is the basic principle of network monitoring.

This paper describes the Ethernet local area network packet monitoring, as well as monitoring principle and methods of detection, and then monitoring and testing of the implementation principle of starting to design a monitoring and detection capabilities at the same time with the software system. In order to facilitate programming, using the current popular development tools, Visual C 10 languages, using object-oriented (OOP) design concepts to design each module to facilitate the future development of the entire software system and upgrading of male protection.

  

  

  

  

Chapter II the principle of local area network monitoring and prevention of

According to the description of IEEE, LAN technology is "scattered in a building or several buildings adjacent to the computers, terminals, mass storage peripherals, controllers, monitors, as well as connected to other networks using network connection , etc. have been linked to a high speed communication means. " LAN has device sharing, information sharing, can be high-speed data communications and multimedia information and communications, distributed processing, high compatibility and safety and other basic functions and features. LAN is currently mainly used in office automation and campus teaching and management, and can be shaped according to specific adaptation of the bus, ring, tree and star-shaped topology.

2.1 Network Monitoring

Network monitoring technology was originally provided to the network security management personnel management tool, can be used to monitor the status of the network, data flow and information transmitted over the network. When the information is in the form of clear text transmitted over the network, the use of eavesdropping technology is not a difficult attack, as long as the network interface to set the listening mode, it can be an endless stream of information transmitted over the Internet interception. Network monitoring can be implemented online in any one location, such as local area networks in a host, gateway or remote network, modem, etc. between.

2.2 In the local area network to achieve the basic principles of listening

For the present it is very popular Ethernet protocol, its methods of work are: to send the packet to be sent to all hosts connected together, the package should receive the packet contains the correct address of the host, only the destination address and data packets in the same of that host in order to receive. However, when the master work of listening mode, regardless of the packet in the destination address what the host will receive (of course, only through its own network interface monitor those packages). There are many on the Internet using the Ethernet protocol for local area network, many of the host through the cable, hubs together. When the same network when the two host communication, the source host will host address written on the purpose of the data packets directly sent to the destination host. However, this can not be IP-layer packets sent directly to be from the TCP / IP protocol of the IP layer to the network interface, which is the data link layer, while the network interface will not recognize IP addresses, so the network interface data packet added to part of the Ethernet frame header information. There are two fields in the header, namely, only the network interface in order to identify the source host and destination host''s physical address, which is an IP address corresponding to the