U E D R , A S I H C RSS
ZeroWiki

Computer Network Class/Report2006/Packet Analyzer


= μΆ”κ°€ μš”κ΅¬μ‚¬ν•­ =
  • ν™ˆνŽ˜μ΄μ§€ λ‚˜μ˜¨ λ‚΄μš©.
νŒ¨ν‚·λΆ„μ„κΈ°λŠ” λ‹€μŒ 사항을 μ΅œμ†Œν•œ κ΅¬ν˜„ν•˜μ—¬μ•Ό 함.

1. 선택적 capture
- μˆ˜μ‹ μž μ£Όμ†Œ 등에 따라 μ›ν•˜λŠ” νŒ¨ν‚·λ§Œ 뢄석
2. IP ν—€λ”μ˜ graphicalν•œ ν‘œμ‹œ
- λ¦¬μŠ€νŠΈμ—μ„œ ν•˜λ‚˜μ˜ νŒ¨ν‚·μ„ μ„ νƒν•˜λ©΄ IP ν—€λ”λΌ λΆ„μ„ν•΄μ„œ λ³΄μ—¬μ£ΌλŠ” κΈ°λŠ₯
3. ethereal의 κΈ°λŠ₯ 쀑 1개 λ˜λŠ” μƒˆλ‘œμš΄ κΈ°λŠ₯을 ν•œκ°€μ§€ κ΅¬ν˜„
- 예, TCP connection μ„μ •κ³Όμ • 뢄석

μ΄μƒμ˜ κΈ°λŠ₯이 λ™μž‘ν•˜λŠ” 것을 λ°˜λ“œμ‹œ 보여야 함.
- 이런, -_-; ν• κ²Œ λŠ˜μ–΄λ²„λ Έλ„Ή
λ„€νŠΈμ›Œν¬ μˆ™μ œλΌ ν•˜λž€ 건지 GUI코딩을 ν•˜λž€ 건지...
- γ…‹γ…‹ 그러게 μž˜μ§œμ•Όμ§€... γ…‹γ…‹γ…‹ - eternalbleu

1. WSAIoctl

WSAIoctl 은 μ†ŒμΌ“μ΄λ‚˜ 트랜슀포트 계측 ν”„λ‘œν† μ½œ, 톡신 μ‹œμŠ€ν…œμ˜ ꡬ성과 κ΄€λ ¨λœ 사항을 μ„μ •ν•˜κ±°λ‚˜ μ„정값을 κ°€μ Έμ˜€κΈ°μœ„ν•΄μ„œ λ§Œλ“€μ–΄μ‘Œλ‹€.
WSA prefix λΌ κ°€μ§„ ν•¨μˆ˜μ˜ 경우 λŒ€λΆ€λΆ„ Winsock 2μ—μ„œ 제곡 되기 μ‹œμž‘ν•œ 것이며, 이 WSAIoctl μ—­μ‹œλ„ μœˆμ† 2μ—μ„œ μ§€μ›λœλ‹€.
λ„€νŠΈμ›Œν¬μ˜ 3번째 ν”„λ‘œμ νŠΈλΌ ν•˜κΈ°μœ„ν•΄μ„œλŠ” SIO_RCVALL λΌλŠ” μ˜΅μ…˜μ„ μ„μ •ν•˜μ—¬ μ‚¬μš©ν•  μ„ μ•Œμ•„μ•Όν•œλ‹€. μœ μ‚¬ν•œ μ˜΅μ…˜μœΌλ‘œλŠ”
SIO_RCVALL_IGMPMCAST, SIO_RCVALL_MCAST κ°€μžˆλ‹€.
μžμ„Έν•œ 사항은 MSDN ν˜Ήμ€ Network Programming For Microsoft Windows λΌ μ°Έμ‘°ν•˜κΈ° λ°”λž€λ‹€.

β€» μœˆλ„μš° μ†ŒμΌ“ ν”„λ‘œκ·Έλž˜λ°μ„ μœ„ν•΄μ„œλŠ” μœˆμ† λΌμ΄λΈŒλŸ¬λ¦¬λΌ κ°™μ΄ linking ν•΄μ•Όν•˜λ©°, WSActrl 을 μ‚¬μš©ν•˜κΈ° μœ„ν•΄μ„œλŠ” winsock2 라이브러리인 ws2_32.lib λΌ ν¬ν•¨ν•΄μ•Όν•œλ‹€. 
~cpp
#include <mstcpip.h>
β€» 'SIO_RCVALL' : undeclared identifier μ—λŸ¬κ°€ 뜰 κ²½μš°μ— μ•„λž˜ μ½”λ“œλΌ μΆ”κ°€ ν•œλ‹€. 
~cpp
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)

2. Sample Code 

~cpp
int _cdecl main(int argc, char **argv)
{
    SOCKET        s;
    WSADATA       wsd;
    SOCKADDR_IN   if0;
    int           ret,
                  count;
    unsigned int  optval;
    DWORD         dwBytesRet,
                  dwFlags,
                  nproc;
    char          rcvbuf[MAX_IP_SIZE];
    WSABUF        wbuf;

    // Load Winsock
    //
    if (WSAStartup(MAKEWORD(2,2), &wsd) != 0)
    {
        printf("WSAStartup() failed: %d\n", GetLastError());
        return -1;
    }
    // Parse the command line
    //
    ValidateArgs(argc, argv);
    if (bFilter)
    {
        printf("Source Port: %d\n", usSourcePort);
        printf("Dest   Port: %d\n", usDestPort);
    }
    // Create a raw socket for receiving IP datagrams
    //
    s = WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, NULL, 0, WSA_FLAG_OVERLAPPED);
    if (s == INVALID_SOCKET)
    {
        printf("WSASocket() failed: %d\n", WSAGetLastError());
        return -1;
    }
    // Get an interface to read IP packets on
    //
    if (GetInterface(s, &if0, dwInterface) != 0)
    {
        printf("Unable to obtain an interface\n");
        return -1;
    }
    printf("Binding to IF: %s\n", inet_ntoa(if0.sin_addr));
    //
    // This socket MUST be bound before calling the ioctl
    //
    if0.sin_family = AF_INET;
    if0.sin_port = htons(0);

    if (bind(s, (SOCKADDR *)&if0, sizeof(if0)) == SOCKET_ERROR)
    {
        printf("bind() failed: %d\n", WSAGetLastError());
        return -1;
    }
    //
    // Set the SIO_RCVALLxxx ioctl
    //
    optval = 1;
    if (WSAIoctl(s, SIO_RCVALL, &optval, sizeof(optval),
            NULL, 0, &dwBytesRet, NULL, NULL) == SOCKET_ERROR)
    {
        printf("WSAIotcl(%d) failed; %d\n", dwIoControlCode,
            WSAGetLastError());
        return -1;
    }
    // Start receiving IP datagrams until interrupted
    // 
    count = 0;
    while (1)
    {
        wbuf.len = MAX_IP_SIZE;
        wbuf.buf = rcvbuf;
        dwFlags  = 0;

        ret = WSARecv(s, &wbuf, 1, &dwBytesRet, &dwFlags, NULL, NULL);
        if (ret == SOCKET_ERROR)
        {
            printf("WSARecv() failed: %d\n", WSAGetLastError());
            return -1;
        }
        // Decode the IP header
        //
    }
    // Cleanup
    //
    closesocket(s);
    WSACleanup();
    return 0;
}
상기와 같이 기쑴의 μ„œλ²„ ν”„λ‘œκ·Έλž¨κ³Ό λ‹€λ₯Έ 점은 λ³„λ‘œ μ—†λ‹€. (Listenκ³Ό acceptκ°€ μ—†λ„μš”. WSAIoctrlμ—μ„œ λ‹€ μ²˜λ¦¬ν•˜λŠ”κ±΄μ§€...) 단지 μ†ŒμΌ“μ„ ioctrl 둜 μ‘°μ •ν•΄μ„œ ip 수μ€μ—μ„œ μ˜¬λΌμ˜€λŠ” νŒ¨ν‚·μ„ κΈ°μ‘΄κ³Ό λ‹€λ₯΄κ²Œ μ²˜λ¦¬ν•  뿐이닀.
SIO_RCVALL 을 ν†΅ν•΄μ„œ NICλΌ ν†΅ν•΄ μ˜¬λΌμ˜€λŠ” λͺ¨λ“  νŒ¨ν‚·μ˜ 캑쳐가 κ°€λŠ₯ν•˜λ‹€. NICλΌ ν†΅ν•΄ λ‚˜κ°€λŠ” νŒ¨ν‚·μ„ μΊ‘μ³ν•˜μ§€ λͺ»ν•˜λŠ” λ“ ν•˜λ‹€.

μ•„λ§ˆλ„ listen, accept κ°€ νŒ¨ν‚· 필터링을 ν•˜λŠ” κ²ƒμœΌλ‘œ λ³΄μ΄λŠ”λ° dst 상관없이 무쑰겁 application κΉŒμ§€ μ˜¬λΌμ˜€λ‹ˆκΉ ν•„μš”μ—†λŠ” 것이 μ•„λ‹κΉŒ? 그런 μƒκ°ν•˜κ³  있음. -_- - eternalbleu

3. μ°Έκ³ 

  • MFC 각 데이터 νƒ€μž… 크기
Type Size
bool 1 byte
char, unsigned char, signed char 1 byte
short, unsigned short 2 bytes
int, unsigned int 4 bytes
__intn 1, 2, 4, or 8 bytes depending on the value of n. __intn is Microsoft-specific.
long, unsigned long 4 bytes
float 4 bytes
double 8 bytes
long double1 8 bytes
long long Equivalent to __int64.

4. 데이터 λ³€ν™˜

const char* szIpAddr to DWORD ipvalue
inet_addr() :

Unsigned short interger λ³€ν™˜ (2λ°”μ΄νŠΈ 체계)
htons() : host-to-network λ°”μ΄νŠΈ λ³€ν™˜
ntohs() : network-to-host λ°”μ΄νŠΈ λ³€ν™˜

Unsigned long interger λ³€ν™˜ (4λ°”μ΄νŠΈ 체계)
htonl() : host-to-network λ°”μ΄νŠΈ λ³€ν™˜
ntohl() : network-to-host λ°”μ΄νŠΈ λ³€ν™˜

5. μΆ”μ²œ 개발 κ³Όμ •

(1) μ½˜μ†”λ‘œ 캑쳐기, ν•„ν„°, μ»¨ν…Œμ΄λ„ˆ ν΄λž˜μŠ€λΌ κ΅¬μ„±ν•œλ‹€.
ν•„ν„°κΈ°λŠ” κ°€λŠ₯ν•˜λ©΄ propery λΌ μ„μ •ν•΄μ„œ λ™μž‘ν•˜λ„λ‘ κ΅¬μ„±ν•œλ‹€.
(2) MFC, VB 등을 μ΄μš©ν•΄μ„œ GUI 뢀뢄을 μ§ λ‹€. (핡심은 리포트 λͺ¨λ“ˆ μž‘μ„±)
μ»¨ν…Œμ΄λ„ˆμ™€ 리슀트 μ»¨νŠΈλ‘€μ„ μ˜΅μ €λ²„ νŒ¨ν„΄μœΌλ‘œ μ—°κ²°ν•  것을 염두에 λ‘”λ‹€.
캑쳐기의 λ™μž‘μœΌλ‘œ μΈν•œ UI λ”œλ ˆμ΄ ν˜„μƒμ„ λ§‰κΈ°μœ„ν•΄μ„œ μ“°λ ˆλ“œλΌ μ΄μš©.
(3) λ§Œλ“€μ–΄μ§„ front-end, back-end λΌ ν†΅ν•©ν•œλ‹€.
리포트 λͺ¨λ“ˆμ„ 리슀트 컨트둀과 μ˜΅μ €λ²„ νŒ¨ν„΄ ν˜Ήμ€ 이벀트 λ“œλ¦¬λΈμœΌλ‘œ 연동

6. postscript

일단 캑쳐기만 μ™„μ„±ν•˜λ‹ˆ κ·Έμ•Όλ§λ‘œ μΌμ‚¬μ²œλ¦¬λ‘œ ν’€λ¦¬λŠ”λ° -_-; κ·€μ°¨λ‹ˆμ¦˜μ΄ λ°œλ™ν•˜λŠ”κ΅¬λ§Œ.. 쿨럭 - eternalbleu
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2021-02-07 05:23:00
Processing time 0.0196 sec