网络流量测量软件的设计与实现
摘 要:为了方便网络编程,90年代初,由Microsoft联合了其他几家公司共同制定了一套WINDOWS下的网络编程接口,即Windows Sockets规范,它不是一种网络协议,而是一套开放的、支持多种协议的Windows下的网络编程接口。本篇论文主要是介绍了在TCP/IP基础上利用winsock2对网卡进行编程,以达到网络流量监测的目的。论文首先介绍了TCP/IP协议,旨在介绍IP,TCP,UDP等比较重要的协议。主要是介绍IP头,TCP头,UDP头的特点,以便从IP头中可以获取源地址,目的地址,协议类型等信息。在随后的章节中提出了Socket的概念,Socket实际上提供了一个通信端口使所有拥有Socket的端口的计算机之间能够相互通信,在本论文中主要说明了socket的建立,监听和撤销的过程。具体到程序实现中,对网卡混杂模式的设置是通过原始套接字(raw socket)来实现的。为了让原始套接字能接受所有的数据,还需要通过将SOCK_RAW设置成SIO_RCVALL。对数据包的获取通过recv()函数来完成。最后要完成的工作就是对所捕获的IP数据包进行分析以提取出我们所需要的信息。在论文的最后是旨在说明进一步工作的展开。
关键字: TCP/IP,Winsock,原始套接字,NetBios
Abstract: For convenience of network programming, in the early 1990s, a new set of network programming interface using under WINDOWS was established by some companies united by Microsoft. It is known as Windows Socket Norm. It isn’t a kind of network protocol, but an open network programming interface support multiple protocols under WINDOWS. The main purpose of the thesis is to introduce how to use Winsock2 program on network adapter under the protocol of TCP/IP. This is for the purpose of measure the network discharge. At the beginning of the thesis, we introduce all important protocols of TCP/IP, like IP, TCP, and UDP. We introduce IP header, TCP header and UDP header for the most important because we need acquire the information of source address, destination address, and protocol type from the IP header.
In the following section, we give the concept of Socket. Sockets actually provide a communication port to allow all the computers that have Socket port to communicate with each other. In the thesis, we talk on the process of the Socket’s building listening and canceling. In the program, we use RAW Socket to set adapter on the mixed mode. To let the Socket receive all data, we also need to set the on SIO_RCVALL. Then we use the function recv () to get data pack. At last we need analyze the data pack to get the information we need.
KEY WORDS:TCP/IP, Winsock,RAW SOCKET, NetBIOS
目 录
摘 要…………………………………………………………………….1
Abstract………………………………………………………..2
前 言…………………………………………………………………….4
第一章 绪论……………………………………………………………5
1.1 TCP/IP协议及其协议分析方法……………………………….5
1.1.1 分层…………………………………………………………..5
1.1.2 IP地址……………………………………………………….6
1.1.3 端口…………………………………………………………..6
1.1.4 TCP/IP协议在Windows中的实现………………………….7
1.2 Winsock编程……………………………………………………7
1.3 网络流量测量的程序实现原理………………………………..8
第二章 TCP/IP协议集………………………………………………9
2.1 TCP/IP协议简介……………………………………………….9
2.2 IP协议………………………………………………………….9
2.3 TCP协议………………………………………………………..10
2.3.1 TCP服务模型………………………………………………..10
2.3.2 TCP数据段头………………………………………………..11
2.3.3 TCP协议的建立……………………………………………..12
2.4 UDP协议………………………………………………………..13
第三章 WINSOCK编程概述…………………………………………14
3.1 套接字的概念………………………………………………….14
3.2 套接字的种类………………………………………………….14
3.3 套接字的建立………………………………………………….14
第四章 网络流量测量的程序实现……………………………….16
4.1 网卡初始化…………………………………………………….16
4.1.1 NetBios概述…………………………………………………16
4.1.2 利用NetBios来初始化网卡………………………………..16
4.2 原始套接字的设置…………………………………………….16
4.3 IP包的协议分析………………………………………………17
4.4 结果与测试…………………………………………………….19
结 论…………………………………………………………………….21
结束语…………………………………………………………………….22
参考文献…………………………………………………………………23
