U E D R , A S I H C RSS
ZeroWiki

Computer Network Class/Report2006/Packet Analyzer


= ถ”๊ฐ€ š”๊ตฌ‚ฌ•ญ =
  • ™ˆŽ˜ดง€ ๋‚˜˜จ ๋‚ดšฉ.
Œจ‚ท๋ถ„„๊ธฐ๋Š” ๋‹คŒ ‚ฌ•ญ„ ตœ†Œ•œ ๊ตฌ˜„•˜—ฌ•ผ •จ.

1. „ ƒ  capture
- ˆ˜‹ ž ฃผ†Œ ๋“— ๋”ฐ๋ผ ›•˜๋Š” Œจ‚ท๋งŒ ๋ถ„„
2. IP —ค๋”˜ graphical•œ ‘œ‹œ
- ๋ฆฌŠคŠธ—„œ •˜๋‚˜˜ Œจ‚ท„ „ ƒ•˜๋ฉด IP —ค๋”๋ฅผ ๋ถ„„•ด„œ ๋ณด—ฌฃผ๋Š” ๊ธฐ๋Šฅ
3. ethereal˜ ๊ธฐ๋Šฅ ค‘ 1๊ฐœ ๋˜๋Š” ƒˆ๋กœšด ๊ธฐ๋Šฅ„ •œ๊ฐ€ง€ ๊ตฌ˜„
- ˜ˆ, TCP connection „ •๊ณผ • ๋ถ„„

ดƒ˜ ๊ธฐ๋Šฅด ๋™ž‘•˜๋Š” ๊ฒƒ„ ๋ฐ˜๋“œ‹œ ๋ณด—ฌ•ผ •จ.
- ด๋Ÿฐ, -_-; • ๊ฒŒ ๋Š˜–ด๋ฒ„๋ ธ๋„
„Šธ›Œฌ ˆ™ œ๋ฅผ •˜๋ž€ ๊ง€ GUIฝ”๋”ฉ„ •˜๋ž€ ๊ง€...
- ใ…‹ใ…‹ ๊ทธ๋Ÿฌ๊ฒŒ ž˜งœ•ผง€... ใ…‹ใ…‹ใ…‹ - eternalbleu

1. WSAIoctl

WSAIoctl € †Œผ“ด๋‚˜ Šธ๋žœŠคฌŠธ ๊ณ„ธต ”„๋กœ† ฝœ, †ต‹  ‹œŠค…œ˜ ๊ตฌ„๊ณผ ๊ด€๋ จ๋œ ‚ฌ•ญ„ „ ••˜๊ฐ๋‚˜ „ •๊ฐ’„ ๊ฐ€ ธ˜ค๊ธฐœ„•ด„œ ๋งŒ๋“ค–ดกŒ๋‹ค.
WSA prefix ๋ฅผ ๊ฐ€„ •จˆ˜˜ ๊ฒฝšฐ ๋Œ€๋ถ€๋ถ„ Winsock 2—„œ  œ๊ณต ๋˜๊ธฐ ‹œž‘•œ ๊ฒƒด๋ฉฐ, ด WSAIoctl —ญ‹œ๋„ œˆ† 2—„œ ง€›๋œ๋‹ค.
„Šธ›Œฌ˜ 3๋ฒˆงธ ”„๋กœ Šธ๋ฅผ •˜๊ธฐœ„•ด„œ๋Š” SIO_RCVALL ๋ผ๋Š” ˜ต…˜„ „ ••˜—ฌ ‚ฌšฉ•  „ •Œ•„•ผ•œ๋‹ค. œ ‚ฌ•œ ˜ต…˜œผ๋กœ๋Š”
SIO_RCVALL_IGMPMCAST, SIO_RCVALL_MCAST ๊ฐ€žˆ๋‹ค.
ž„•œ ‚ฌ•ญ€ MSDN ˜น€ Network Programming For Microsoft Windows ๋ฅผ ฐธกฐ•˜๊ธฐ ๋ฐ”๋ž€๋‹ค.

โ€ป œˆ๋„šฐ †Œผ“ ”„๋กœ๊ทธ๋ž˜๋ฐ„ œ„•ด„œ๋Š” œˆ† ๋ผด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ๊ฐ™ด linking •ด•ผ•˜๋ฉฐ, WSActrl „ ‚ฌšฉ•˜๊ธฐ œ„•ด„œ๋Š” winsock2 ๋ผด๋ธŒ๋Ÿฌ๋ฆฌธ ws2_32.lib ๋ฅผ ฌ•จ•ด•ผ•œ๋‹ค. 
~cpp
#include <mstcpip.h>
โ€ป 'SIO_RCVALL' : undeclared identifier —๋Ÿฌ๊ฐ€ ๋œฐ ๊ฒฝšฐ— •„๋ž˜ ฝ”๋“œ๋ฅผ ถ”๊ฐ€ •œ๋‹ค. 
~cpp
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)

2. Sample Code 

~cpp
int _cdecl main(int argc, char **argv)
{
    SOCKET        s;
    WSADATA       wsd;
    SOCKADDR_IN   if0;
    int           ret,
                  count;
    unsigned int  optval;
    DWORD         dwBytesRet,
                  dwFlags,
                  nproc;
    char          rcvbuf[MAX_IP_SIZE];
    WSABUF        wbuf;

    // Load Winsock
    //
    if (WSAStartup(MAKEWORD(2,2), &wsd) != 0)
    {
        printf("WSAStartup() failed: %d\n", GetLastError());
        return -1;
    }
    // Parse the command line
    //
    ValidateArgs(argc, argv);
    if (bFilter)
    {
        printf("Source Port: %d\n", usSourcePort);
        printf("Dest   Port: %d\n", usDestPort);
    }
    // Create a raw socket for receiving IP datagrams
    //
    s = WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, NULL, 0, WSA_FLAG_OVERLAPPED);
    if (s == INVALID_SOCKET)
    {
        printf("WSASocket() failed: %d\n", WSAGetLastError());
        return -1;
    }
    // Get an interface to read IP packets on
    //
    if (GetInterface(s, &if0, dwInterface) != 0)
    {
        printf("Unable to obtain an interface\n");
        return -1;
    }
    printf("Binding to IF: %s\n", inet_ntoa(if0.sin_addr));
    //
    // This socket MUST be bound before calling the ioctl
    //
    if0.sin_family = AF_INET;
    if0.sin_port = htons(0);

    if (bind(s, (SOCKADDR *)&if0, sizeof(if0)) == SOCKET_ERROR)
    {
        printf("bind() failed: %d\n", WSAGetLastError());
        return -1;
    }
    //
    // Set the SIO_RCVALLxxx ioctl
    //
    optval = 1;
    if (WSAIoctl(s, SIO_RCVALL, &optval, sizeof(optval),
            NULL, 0, &dwBytesRet, NULL, NULL) == SOCKET_ERROR)
    {
        printf("WSAIotcl(%d) failed; %d\n", dwIoControlCode,
            WSAGetLastError());
        return -1;
    }
    // Start receiving IP datagrams until interrupted
    // 
    count = 0;
    while (1)
    {
        wbuf.len = MAX_IP_SIZE;
        wbuf.buf = rcvbuf;
        dwFlags  = 0;

        ret = WSARecv(s, &wbuf, 1, &dwBytesRet, &dwFlags, NULL, NULL);
        if (ret == SOCKET_ERROR)
        {
            printf("WSARecv() failed: %d\n", WSAGetLastError());
            return -1;
        }
        // Decode the IP header
        //
    }
    // Cleanup
    //
    closesocket(s);
    WSACleanup();
    return 0;
}
ƒ๊ธฐ™€ ๊ฐ™ด ๊ธฐกด˜ „œ๋ฒ„ ”„๋กœ๊ทธ๋žจ๊ณผ ๋‹ค๋ฅธ  € ๋ณ„๋กœ —†๋‹ค. (Listen๊ณผ accept๊ฐ€ —†๋„š”. WSAIoctrl—„œ ๋‹ค ฒ˜๋ฆฌ•˜๋Š”๊ง€...) ๋‹จง€ †Œผ“„ ioctrl ๋กœ กฐ ••ด„œ ip ˆ˜ค€—„œ ˜ฌ๋ผ˜ค๋Š” Œจ‚ท„ ๊ธฐกด๊ณผ ๋‹ค๋ฅด๊ฒŒ ฒ˜๋ฆฌ•  ๋ฟด๋‹ค.
SIO_RCVALL „ †ต•ด„œ NIC๋ฅผ †ต•ด ˜ฌ๋ผ˜ค๋Š” ๋ชจ๋“  Œจ‚ท˜ บกณ๊ฐ€ ๊ฐ€๋Šฅ•˜๋‹ค. NIC๋ฅผ †ต•ด ๋‚˜๊ฐ€๋Š” Œจ‚ท„ บกณ•˜ง€ ๋ชป•˜๋Š” ๋“ฏ •˜๋‹ค.

•„๋งˆ๋„ listen, accept ๊ฐ€ Œจ‚ท •„„ฐ๋ง„ •˜๋Š” ๊ฒƒœผ๋กœ ๋ณดด๋Š”๋ฐ dst ƒ๊ด€—†ด ๋ฌดกฐ๊ฒ application ๊นŒง€ ˜ฌ๋ผ˜ค๋‹ˆ๊น •„š”—†๋Š” ๊ฒƒด •„๋‹๊นŒ? ๊ทธ๋Ÿฐ ƒ๊ฐ•˜๊ณ  žˆŒ. -_- - eternalbleu

3. ฐธ๊ณ 

  • MFC ๊ฐ ๋ฐด„ƒ€ž… ฌ๊ธฐ
Type Size
bool 1 byte
char, unsigned char, signed char 1 byte
short, unsigned short 2 bytes
int, unsigned int 4 bytes
__intn 1, 2, 4, or 8 bytes depending on the value of n. __intn is Microsoft-specific.
long, unsigned long 4 bytes
float 4 bytes
double 8 bytes
long double1 8 bytes
long long Equivalent to __int64.

4. ๋ฐด„ฐ ๋ณ€™˜

const char* szIpAddr to DWORD ipvalue
inet_addr() :

Unsigned short interger ๋ณ€™˜ (2๋ฐ”ดŠธ ฒด๊ณ„)
htons() : host-to-network ๋ฐ”ดŠธ ๋ณ€™˜
ntohs() : network-to-host ๋ฐ”ดŠธ ๋ณ€™˜

Unsigned long interger ๋ณ€™˜ (4๋ฐ”ดŠธ ฒด๊ณ„)
htonl() : host-to-network ๋ฐ”ดŠธ ๋ณ€™˜
ntohl() : network-to-host ๋ฐ”ดŠธ ๋ณ€™˜

5. ถ”ฒœ ๊ฐœ๋ฐœ ๊ณผ •

(1) ฝ˜†”๋กœ บกณ๊ธฐ, •„„ฐ, ปจ…Œด๋„ˆ ด๋ž˜Šค๋ฅผ ๊ตฌ„•œ๋‹ค.
•„„ฐ๊ธฐ๋Š” ๊ฐ€๋Šฅ•˜๋ฉด propery ๋ฅผ „ ••ด„œ ๋™ž‘•˜๋„๋ก ๊ตฌ„•œ๋‹ค.
(2) MFC, VB ๋“„ ดšฉ•ด„œ GUI ๋ถ€๋ถ„„ ง ๋‹ค. (•ต‹ฌ€ ๋ฆฌฌŠธ ๋ชจ๋“ˆ ž‘„)
ปจ…Œด๋„ˆ™€ ๋ฆฌŠคŠธ ปจŠธ๋กค„ ˜ต €๋ฒ„ Œจ„œผ๋กœ —ฐ๊ฒฐ•  ๊ฒƒ„ —ผ๋‘— ๋‘”๋‹ค.
บกณ๊ธฐ˜ ๋™ž‘œผ๋กœ ธ•œ UI ๋”œ๋ ˆด ˜„ƒ„ ๋ง‰๊ธฐœ„•ด„œ “ฐ๋ ˆ๋“œ๋ฅผ ดšฉ.
(3) ๋งŒ๋“ค–ด„ front-end, back-end ๋ฅผ †ต•ฉ•œ๋‹ค.
๋ฆฌฌŠธ ๋ชจ๋“ˆ„ ๋ฆฌŠคŠธ ปจŠธ๋กค๊ณผ ˜ต €๋ฒ„ Œจ„˜น€ ด๋ฒคŠธ ๋“œ๋ฆฌ๋ธœผ๋กœ —ฐ๋™

6. postscript

ผ๋‹จ บกณ๊ธฐ๋งŒ ™„„•˜๋‹ˆ ๊ทธ•ผ๋ง๋กœ ผ‚ฌฒœ๋ฆฌ๋กœ ’€๋ฆฌ๋Š”๋ฐ -_-; ๊ท€ฐจ๋‹ˆฆ˜ด ๋ฐœ๋™•˜๋Š”๊ตฌ๋งŒ.. ฟจ๋Ÿญ - eternalbleu
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2021-02-07 05:23:00
Processing time 0.0184 sec