SNMP 消息分析程序设计.doc

实验七 SNMP 消息分析程序设计（二）消息分析一、 实验目的设计并实现SNMP 消息分析程序中的消息分析功能，对SNMP PDU 结构及基本编码规则和SNMP 协议有更深的理解和掌握二、 实验环境操作系统：Windows XP 操作系统编程语言：C+或C#编程环境：Visual C+ 6.0 或者Visual Studio .net运行环境：Windows XP三、 实验内容完成对捕获的SNMP 消息的分析。完成相应功能的函数，首先列出所获取的消息供用户选择，然后对该消息进行网络层和传输层的分析，判断其是否以UDP 作为传输协议并且是SNMP 消息，最后通过对SNMP 消息内各个字段的依次分析来得到分析结果，并将其显示出来分析功能处理过程大致分为如下几步：1）首先给出所捕获的消息列表，用户在列表中选择相应的消息l 所捕获的消息列表内容从实验六中得到，消息列表可以在命令行环境下显示，通过输入序号进行选择；也可以使用图形界面，通过鼠标点击或键盘输入选择。2）对所选择的消息进行解析，提取出其中的IP 地址、端口号等相关数据，并据此判断该消息是否是SNMP 消息（通过判断端口号是否是161 或162 实现）3）对SNMP 消息按照SNMPv1 协议规定的格式对各字段进行分析l 首先，根据规定的格式跳过SNMP 消息中一些不需要显示的基础字段，如Tag 字段等解析SNMP 消息的版本、共同体及PDU 类型字段如果PDU 类型是GetRequest、SetRequest、GetNextRequest、GetResponse这几种类型中的一种，则对其内容进行详细解析，包括对RequestID、ErrorStatus 和ErrorIndex 等字段的解析；对变量绑定字段，根据变量类型及其格式对数据进行解析，并将解析结果显示出来。此部分功能函数的设计参考流程图如下所示。 4、 程序框架和实现说明1）在Program类中定义程序入口，代码如下所示：namespace Sniffor static class Program / / 应用程序的主入口点。 / STAThread static void Main() Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new 监视器(); public static class num public static int c = 1; 2）在包类中定义一些常量和方法和协议的枚举类型，代码如下所示：namespace Sniffor public class 包 private int id;/序号 private byte grapRaw;/数据包的原始字节流 private DateTime grapTime;/抓取时间 /*IP首部的声明*/ private int version;/协议的版本号，IPV4 为4 private int headerLength;/首部长度 private Precedence precedence;/优先级 private Delay delay;/延迟参数 private Throughput throughput;/吞吐量参数 private Reliability reliability;/可靠性参数 private int totalLength;/IP数据包的总长 private int identification;/标识 private int timeToLive;/生存时间 private ProtocolType protocol;/协议 private byte checkSum;/校验和 private IPAddress packetFromAddr;/源地址 private IPAddress packetToAddr;/目的地址 /*/ private int packetFromPort;/源端口 private int packetToPort;/目的端口 / / 初始化IP数据包 / / public 包(byte raw) /无效的数据包抛错 if (raw = null | raw.Length 4;/版本 headerLength = (raw0 & 0x0F) * 4;/首部长度 if (grapRaw0 & 0x0F) 5); /优先级 delay = (Delay)(raw1 & 0x10) 4);/延迟参数 throughput = (Throughput)(raw1 & 0x8) 3);/吞吐量参数 reliability = (Reliability)(raw1 & 0x4) 2);/可靠性参数 totalLength = raw2 * 256 + raw3;/总长度 if (totalLength != raw.Length) throw new ArgumentException(); / 无效的数据包大小 identification = raw4 * 256 + raw5;/标识 timeToLive = raw8;/生存时间 if (Enum.IsDefined(typeof(ProtocolType), (int)raw9)/判断值在不在枚举 protocol = (ProtocolType)raw9;/协议 / protocol = ProtocolType.Udp; else protocol = ProtocolType.Other; checkSum = new byte2; checkSum0 = raw11; checkSum1 = raw10; packetFromAddr = new IPAddress(BitConverter.ToUInt32(raw, 12);/源IP packetToAddr = new IPAddress(BitConverter.ToUInt32(raw, 16);/目的IP /*/ if (protocol = ProtocolType.Tcp | protocol = ProtocolType.Udp) packetFromPort = rawheaderLength * 256 + rawheaderLength + 1;/（跳过IP头部）源端口 packetToPort = rawheaderLength + 2 * 256 + rawheaderLength + 3;/（跳过IP头部）目的端口 else packetFromPort = -1; packetToPort = -1; / / 取得数据包的原始字节流 / protected byte Raw get return grapRaw; / / 取得数据包的序号 / public int ID get return id; / / 取得捕获时间 / public DateTime Time get return grapTime; / / 取得协议的版本号 / public int Version get return version; / / 取得首部长度 / public int HeaderLength get return headerLength; / /取得优先级 / public Precedence thePrecedence get return precedence; / / 取得延迟参数 / public Delay theDelay get return delay; / / 取得吞吐量参数 / public Throughput theThroughput get return throughput; / / 取得可靠性参数 / public Reliability theReliability get return reliability; / / 取得IP数据包的总长 / public int TotalLength get return totalLength; / / 取得IP数据包的标识 / public int Identification get return identification; / / 取得IP数据包的生成时间 / public int TimeToLive get return timeToLive; / / 取得IP数据包的协议类型 / public ProtocolType Protocol get return protocol; / / 取得IP数据包的校验和. / public byte Checksum get return checkSum; / / 取得IP的源地址 / public IPAddress SourceAddress get return packetFromAddr; / /取得IP数据包的目标地址. / public IPAddress DestinationAddress get return packetToAddr; / / 取得源端口 / public int SourcePort get return packetFromPort; / / 取得目的端口 / public int DestinationPort get return packetToPort; / / IP+端口号，表示源地址 / public string Source get if (packetFromPort != -1) return SourceAddress.ToString() + : + packetFromPort.ToString(); else return SourceAddress.ToString(); / / IP+端口号，表示目的地址 / public string Destination get if (packetToPort != -1) return DestinationAddress.ToString() + : + packetToPort.ToString(); else return DestinationAddress.ToString(); / / 格式化数据部分 / / public string getData() StringBuilder strBuil = new StringBuilder(Raw.Length); for (int i = 20; i Raw.Length; i += 16) for (int k = i; k i + 16; k+) if (k Raw.Length) strBuil.Append(Rawk.ToString(X2) + );/将每个字节转化为十六进制 return strBuil.ToString(); / / 枚举优先级参数，存在于IP头部区分服务字段 / public enum Precedence Routine = 0, Priority = 1, Immediate = 2, Flash = 3, FlashOverride = 4, CRITICECP = 5, InternetworkControl = 6, NetworkControl = 7 / / 枚举延迟参数，存在于IP头部区分服务字段 / public enum Delay NormalDelay = 0, LowDelay = 1 / / 枚举吞吐量参数，存在于IP头部区分服务字段 / public enum Throughput NormalThroughput = 0, HighThroughput = 1 / / 枚举可靠性参数，存在于IP头部区分服务字段 / public enum Reliability NormalReliability = 0, HighReliability = 1 / / 枚举协议类型 / public enum ProtocolType Ggp = 3, Icmp = 1, Idp = 22, Igmp = 2, IP = 4, ND = 77, Pup = 12, Tcp = 6, Udp = 17, Other = -1 3）在包监视器类中引入dll并初始化，开始监测数据，异步回调函数完成抓取数据，代码如下所示：namespace Sniffor / / 数据包监测类 / class 包监视器 private Socket monitorSocket;/监测套接字 private IPAddress monitorIp;/监测的ip private byte monitorBuffer;/监测缓冲区 private const int IOC_VENDOR = 0x18000000; private const int IOC_IN = -2147483648; /unchecked(int)0x80000000); or -2147483648; private const int SIO_RCVALL = IOC_IN | IOC_VENDOR | 1; /0x98000001 or IOC_IN | IOC_VENDOR | 1; / / 初始化 / / 需要监测数据包的IP public 包监视器(IPAddress monitorIp) this.monitorIp = monitorIp; monitorBuffer = new byte65535; / / 引入dll并初始化 / DllImport(advapi32.dll) private extern static int AllocateAndInitializeSid(byte pIdentifierAuthority, byte nSubAuthorityCount, int dwSubAuthority0, int dwSubAuthority1, int dwSubAuthority2, int dwSubAuthority3, int dwSubAuthority4, int dwSubAuthority5, int dwSubAuthority6, int dwSubAuthority7, out IntPtr pSid); DllImport(advapi32.dll) private extern static int CheckTokenMembership(IntPtr TokenHandle, IntPtr SidToCheck, ref int IsMember); DllImport(advapi32.dll) private extern static IntPtr FreeSid(IntPtr pSid); / / 开始监测 / public void begainMonitor() if (monitorSocket = null) try monitorSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);/初始化套接字原始套接字 monitorSocket.Bind(new IPEndPoint(this.monitorIp, 8888);/与端点绑定 monitorSocket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, 1);/设置套接字选项 monitorSocket.IOControl(SIO_RCVALL, BitConverter.GetBytes(int)1), null); /设置网卡为低级别操作模式 /开始异步捕获数据包，并注册回调函数 monitorSocket.BeginReceive(monitorBuffer, 0, monitorBuffer.Length, SocketFlags.None, new AsyncCallback(didReceivePacket), null); catch monitorSocket = null; throw new SocketException(); / / 异步回调函数完成抓取数据 / / private void didReceivePacket(IAsyncResult ar) try int receivedLength = monitorSocket.EndReceive(ar);/返回接收数据的长度 try if (monitorSocket != null) byte packet = new bytereceivedLength; Array.Copy(monitorBuffer, 0, packet, 0, receivedLength);/讲数据拷贝到packet onNewPacket(new 包(packet); catch /当遇到无效的数据包时继续捕获 monitorSocket.BeginReceive(monitorBuffer, 0, monitorBuffer.Length, SocketFlags.None, new AsyncCallback(didReceivePacket), null); catch / / 时间触发接口 / / public void onNewPacket(包 packet) if (newPacket != null) newPacket(this, packet);/触发事件 / / 委托 / / 抓取实例 / 数据包实例 public delegate void newPacketEventHandler(包监视器 pM, 包 p); / / 将委托和事件关联 / public event newPacketEventHandler newPacket; / / 停止监测 / public void Stop() if (monitorSocket != null) monitorSocket.Close(); monitorSocket = null; 4）在包详情类中显示出捕获到包的属性，代码如下所示：namespace Sniffor public partial class 包详情 : Form private 包 packet;/显示的数据包 public 包详情(包 packet) InitializeComponent(); this.packet = packet;/初始化数据包 private void packetDetail_Load(object sender, EventArgs e) /*-*/ txtData.Text = packet.getData(); string s = txtData.Text.ToString(); string sArray = s.Split( ); string dataType=;/数据类型字段 string dataLength = ;/数据长度字段 string versionNumber = ;/版本号字段 string communityName = ;/团体名字段 string pduType = ;/PDU类型 string pduLength = ;/PDU长度 string requestId = ;/Request-id字段 string errorStatue = ;/Error-Statue字段 string errorIndex = ;/Error-Index字段 string OID = ;/OID字段 if (sArray8 = 30) dataType = SNMP; else dataType = Others; if (dataType = SNMP) dataLength = 0x + sArray9.ToString(); /02 01 00表示snmp版本号为1 if (sArray10 = 02 & sArray11 = 01 & sArray12 = 00) versionNumber = SNMPv1; else versionNumber = Others; if (sArray13 = 04 & sArray14 = 06 & sArray15 = 70 & sArray16 = 75 & sArray17 = 62 & sArray18 = 6C & sArray19 = 69 & sArray20 = 63) communityName = public; /PDU五种类型：0get-request;1get-next-request;2get-response;3set-request;4trap if (sArray21 = A0) pduType = Get-Request; else if (sArray21 = A1) pduType = Get-Next-Request; else if (sArray21 = A2) pduType = Get-Response; else if (sArray21 = A3) pduType = Set-Request; else if (sArray21 = A4) pduType = Trap; /PDU长度 pduLength = 0x + sArray22.ToString(); /Request-ID request