信息安全实践第十次作业

四川大学计算机学院、软件学院实验报告学号：__1043111034姓名：＿陈枝＿专业：＿软件工程＿班级：＿3＿第14周课程名称信息安全产品开发实践实验课时5实验项目多路IO复用并发服务器模型——网络嗅探器实验时间12.07实验目的使用Libpcap库捕获局域网中的IP包实验环境X86；WindowsXP；VMwareWorkstation5.0.0；SSHSecureShellClient-3.2.9实验内容（算法、程序、步骤和方法）根据课程内容：•嗅探器概述•Libpcap简介、安装与程序编译•利用Libpcap进行网络嗅探的工作流程•Libpcap主要函数简介使用Libpcap库捕获局域网中的IP包，要求：1.打印数据包的源与目的物理地址；2.打印源ＩＰ与目的ＩＰ地址；3.打印出上层协议类型；4.如果上层协议为TCP或UDP协议，打印目的与源端口信息；5.如果上层协议为TCP或UDP协议，将数据以16进制与ASCII的两种方式同时打印出来，不可打印字符以‘.’代替；00000474554202f20485454502f312e310d0aGET/HTTP/1.1..解决思路：1：在main函数中捕获网卡设备设置过滤策略循环抓包2：在packet_process函数中解析抓包内的数据，分层逐步从链路层到传输层，一层一层解析3：在print_data函数与print函数的结合下按照16进制与ascii两种方式进行对齐打印。（接上）实验内容（算法、程序、步骤和方法）根据以下内容写出以下程序：#includestdio.h#includestring.h#includesys/types.h#includesys/time.h#includesys/socket.h#includenetinet/in.h#includenetinet/in_systm.h#includenetinet/ip.h#includenetinet/if_ether.h#includenetinet/tcp.h#includenetinet/udp.h#includepcap.h#includenetdb.h#includetime.h#includesys/time.h#includectype.h#defineDEFAULT_SNAPLEN1518//打印16进制与asciivoidprint(u_char*payload,intlen,intoffset,intmaxlen){printf(%.5d,offset);intmax=maxlen;inti;for(i=0;i16;i++){if((len-i)0){printf(%.2x,payload[max-(len-i)]);}else{printf();}}printf();for(i=0;i16;i++){if(isprint(payload[max-(len-i)])){printf(%c,payload[max-(len-i)]);}else{printf(.);}}}//打印数据包voidprint_data(u_char*payload,intlen){intline_width=16;intlen_rem=len;intmaxlen=len;intoffset=0;while(1){if(len_remline_width){if(len_rem==0){break;}else{print(payload,len_rem,offset,maxlen);offset=offset+len_rem;printf(\n);break;}}else{print(payload,len_rem,offset,maxlen);offset=offset+16;printf(\n);}len_rem=len_rem-line_width;}}//打印mac地址函数voidprint_mac(u_char*macadd){inti;for(i=0;i5;i++){printf(%.2x:,macadd[i]);}printf(%.2x,macadd[i]);}//打印ip地址voidprint_ip(u_char*ipadd){inti;for(i=0;i3;++i){printf(%d.,ipadd[i]);}printf(%d,ipadd[i]);}//包处理函数voidpacket_process(u_char*user,conststructpcap_pkthdr*h,constu_char*p){structether_header*eth;staticlongintpacket_num=0;structether_arp*arppkt;structip*iph;structicmphdr*icmp;structtcphdr*tcph;structudphdr*udph;intm;char*buf;printf(==================================================\n);printf(Packetanalysing...\n);printf(Recievedat.....%s\n,ctime((consttime_t*)&(h-ts).tv_sec));//showthetime;printf(Packetnumber:%d\n,++packet_num);//showthepacketnum;printf(Packetlength::%d\n,h-len);//showthepacketlen;inti;eth=(structether_header*)p;printf(SourceMacAddress:);print_mac(eth-ether_shost);printf(\n);printf(DestinationMacAddress:);print_mac(eth-ether_dhost);printf(\n);//判断网路层协议unsignedinttypeno;typeno=ntohs(eth-ether_type);switch(typeno){caseETHERTYPE_IP:printf(IPV4\n);break;caseETHERTYPE_PUP:printf(PUP\n);break;caseETHERTYPE_ARP:printf(ARP\n);break;default:printf(unknownnetworklayertypes\n);}if(typeno==ETHERTYPE_IP){iph=(structip*)(p+sizeof(structether_header));printf(SourceIpAddress:);print_ip((u_char*)&(iph-ip_src));printf(\n);printf(DestinationIpaddress:);print_ip((u_char*)&(iph-ip_dst));printf(\n);printf(Transportlayerprotocal:\n);if(iph-ip_p==1)//判断传输层协议{printf(ICMP\n);}elseif(iph-ip_p==2){printf(IGMP\n);}elseif(iph-ip_p==6){printf(TCP\n);tcph=(structtcphdr*)(p+sizeof(structether_header)+sizeof(structip));printf(destport:%d\n,ntohs(tcph-dest));printf(sourport:%d\n,ntohs(tcph-source));printf(Payload:\n);print_data(p,h-len);}elseif(iph-ip_p==17){printf(UDP\n);printf(applicationlayerprotocol:\n);udph=(structudphdr*)(p+sizeof(structether_header)+sizeof(structip));printf(destport:%d\n,ntohs(udph-dest));printf(sourceport%d\n:,ntohs(udph-source));printf(Payload:\n);print_data(p,h-len);}else{printf(unknownprotocol\n);}}}intmain(intargc,char**argv){charebuf[PCAP_ERRBUF_SIZE];pcap_t*pd;structbpf_programfcode;bpf_u_int32netaddr=0,mask=0;inti=0;if(argc=1){printf(usage:%snetworkinterface\n,argv[0]);exit(1);}//opentheportandsetif((pd=pcap_open_live(argv[1],DEFAULT_SNAPLEN,1,1000,ebuf))==NULL){(void)fprintf(stderr,%s,ebuf);exit(1);}//findthenetaddrandmaskif(i=pcap_lookupnet(argv[1],&netaddr,&mask,ebuf)==-1){(void)fprintf(stderr,%s,ebuf);exit(1);}//setthefilterpcap_compile(pd,&fcode,ip,1,mask);pcap_setfilter(pd,&fcode);//getthepacketif(pcap_loop(pd,-1,packet_process,NULL)0){(void)fprintf(stderr,pcap_loop:%s\n,pcap_geterr(pd));exit(0);}pcap_close(pd);exit(0);}数据记录和计算运行截图：结论（结果）运用Libpcap相关函数，成功实现对局域网的数据进行协议解析小结Libpcap是基于以太帧进行解析的，最底层的是链路层然后一层一层的向上进行解析，从而得到我们需要的解析。需要多了解原始套接字。指导老师评议成绩评定：指导教师签名：