这学期上了入侵检测实验,因为一开始就打算做这个包分析系统,结果拖延症再发,现在开始一边学php一边做入侵检测(为了保证进度,我会不定期更新文章督促自己)。
我做的这个程序主要是仿snort这个入侵检测系统,这学期开始,我在老师的帮助下看了一些资料,主要是包含了学长用C#做的毕业设计以及两本书《Snort2.0 入侵检测》以及《Snort轻量级入侵检测系统全攻略》。(这两本资料都比较老了,对于学习还是很有用的)
Winpcap、各种协议不多介绍,但是做这个之前一定要看看数据包的结构。
1.数据包的结构
ip
udp
tcp
仿照数据包结构建立相应的类,以及分析Jpcap数据包类
打开Jpcap api-IPPacket class
分析IPPacket类方法(IP数据包格式)
getVersion-获得IP版本号
public int getVersion()
Get the IP version code.
getIPHeaderLength-获得Ip头部的字节大小
public int getIPHeaderLength()
Fetch the IP header length in bytes.
getHeaderLength-获得Ip头部的长度
public int getHeaderLength()
Fetch the packet IP header length.
Overrides:
getHeaderLength in class EthernetPacket
getLength-获得IP报文的长度
public int getLength()
Fetch the IP length in bytes.
getId-获取数据包的id
public int getId()
Fetch the unique ID of this IP datagram. The ID normally increments by one each time a datagram is sent by a host.
getFragmentFlags-获取分片标识
public int getFragmentFlags()
Fetch fragmentation flags.
getFragmentOffset-获取分片偏移量
public int getFragmentOffset()
Fetch fragmentation offset.
getTimeToLive
public int getTimeToLive()-获取存活时间
Fetch the time to live. TTL sets the upper limit on the number of routers through which this IP datagram is allowed to pass.
getIPProtocol
public int getIPProtocol()-获取ip协议类型
Fetch the code indicating the type of protocol embedded in the IP datagram. @see IPProtocols.
getProtocol
public int getProtocol()-获取数据包协议
Fetch the code indicating the type of protocol embedded in the IP datagram. @see IPProtocols.
Overrides:
getProtocol in class EthernetPacket
getIPChecksum-获取Ip校验和
public int getIPChecksum()
Fetch the header checksum.
getChecksum-获取头部校验和
public int getChecksum()
Fetch the header checksum.
getSourceAddress-获取源地址
public java.lang.String getSourceAddress()
Fetch the IP address of the host where the packet originated from.
getSourceAddressBytes-获取源地址(字节数组形式)
public byte[] getSourceAddressBytes()
Fetch the source address as a byte array.
getSourceAddressAsLong-获取目的地址
public long getSourceAddressAsLong()
Fetch the source address as a long.
getDestinationAddress
getIPHeader-获取Ip头部字节数组
public byte[] getIPHeader()
Fetch the IP header a byte array.
getIPData-获取Ip数据的字节数组
public byte[] getIPData()
Fetch the IP data as a byte array.
getData
...IPPacket类IPFields接口
IP_VER_LEN-IP-协议以及头部长度
public static final int IP_VER_LEN
Width of the IP version and header length field in bytes.
See Also:
Constant Field Values
IP_TOS_LEN-tos(前三位表示优先级,后6位表示类型)
public static final int IP_TOS_LEN
Width of the TOS field in bytes.
See Also:
Constant Field Values
IP_LEN_LEN-ip头长度
public static final int IP_LEN_LEN
Width of the header length field in bytes.
See Also:
Constant Field Values
IP_ID_LEN-id长度
public static final int IP_ID_LEN
Width of the ID field in bytes.
See Also:
Constant Field Values
IP_FRAG_LEN-分片长度
public static final int IP_FRAG_LEN
Width of the fragmentation bits and offset field in bytes.
See Also:
Constant Field Values
IP_TTL_LEN-ttl
public static final int IP_TTL_LEN
Width of the TTL field in bytes.
See Also:
Constant Field Values
IP_CODE_LEN-ip协议长度
public static final int IP_CODE_LEN
Width of the IP protocol code in bytes.
See Also:
Constant Field Values
IP_CSUM_LEN-ip校验和长度
public static final int IP_CSUM_LEN
Width of the IP checksum in bytes.
See Also:
Constant Field Values
IP_VER_POS-ip协议和头长度的位置
public static final int IP_VER_POS
Position of the version code and header length within the IP header.
See Also:
Constant Field Values
IP_TOS_POS-tos位置
public static final int IP_TOS_POS
Position of the type of service code within the IP header.
See Also:
Constant Field Values
IP_LEN_POS-ip头位置
public static final int IP_LEN_POS
Position of the length within the IP header.
See Also:
Constant Field Values
IP_ID_POS-id位置
public static final int IP_ID_POS
Position of the packet ID within the IP header.
See Also:
Constant Field Values
IP_FRAG_POS-分片位置
public static final int IP_FRAG_POS
Position of the flag bits and fragment offset within the IP header.
See Also:
Constant Field Values
IP_TTL_POS-ttl位置
public static final int IP_TTL_POS
Position of the ttl within the IP header.
See Also:
Constant Field Values
IP_CODE_POS-code位置
public static final int IP_CODE_POS
Position of the IP protocol code within the IP header.
See Also:
Constant Field Values
IP_CSUM_POS-校验和位置
public static final int IP_CSUM_POS
Position of the checksum within the IP header.
See Also:
Constant Field Values
IP_SRC_POS-源地址位置
public static final int IP_SRC_POS
Position of the source IP address within the IP header.
See Also:
Constant Field Values
IP_DST_POS-目的地址位置
public static final int IP_DST_POS
Position of the destination IP address within a packet.
See Also:
Constant Field Values
IP_HEADER_LEN-ip头长度
public static final int IP_HEADER_LEN
Length in bytes of an IP header, excluding options.
See Also:
Constant Field Values
定义自己的TCP、UDP、IP数据包类
package a_20;
public class IPCapPacket {
public final int IpType=1;
String versionAndlength;
String typeOfService;
String totalLength;
String idetifier;
String flagsAndOffser;
String timeToLive;
String protocol;
String checksum;
String sourceAddress;
String destinationAddress;
public IPCapPacket() {
}
public IPCapPacket(String versionAndlength, String typeOfService,
String totalLength, String idetifier, String flagsAndOffser,
String timeToLive, String protocol, String checksum,
String sourceAddress, String destinationAddress) {
super();
this.versionAndlength = versionAndlength;
this.typeOfService = typeOfService;
this.totalLength = totalLength;
this.idetifier = idetifier;
this.flagsAndOffser = flagsAndOffser;
this.timeToLive = timeToLive;
this.protocol = protocol;
this.checksum = checksum;
this.sourceAddress = sourceAddress;
this.destinationAddress = destinationAddress;
}
public String getVersionAndlength() {
return versionAndlength;
}
public void setVersionAndlength(String versionAndlength) {
this.versionAndlength = versionAndlength;
}
public String getTypeOfService() {
return typeOfService;
}
public void setTypeOfService(String typeOfService) {
this.typeOfService = typeOfService;
}
public String getTotalLength() {
return totalLength;
}
public void setTotalLength(String totalLength) {
this.totalLength = totalLength;
}
public String getIdetifier() {
return idetifier;
}
public void setIdetifier(String idetifier) {
this.idetifier = idetifier;
}
public String getFlagsAndOffser() {
return flagsAndOffser;
}
public void setFlagsAndOffser(String flagsAndOffser) {
this.flagsAndOffser = flagsAndOffser;
}
public String getTimeToLive() {
return timeToLive;
}
public void setTimeToLive(String timeToLive) {
this.timeToLive = timeToLive;
}
public String getProtocol() {
return protocol;
}
public void setProtocol(String protocol) {
this.protocol = protocol;
}
public String getChecksum() {
return checksum;
}
public void setChecksum(String checksum) {
this.checksum = checksum;
}
public String getSourceAddress() {
return sourceAddress;
}
public void setSourceAddress(String sourceAddress) {
this.sourceAddress = sourceAddress;
}
public String getDestinationAddress() {
return destinationAddress;
}
public void setDestinationAddress(String destinationAddress) {
this.destinationAddress = destinationAddress;
}
@Override
public String toString() {
// TODO Auto-generated method stub
return "协议" + versionAndlength + typeOfService + totalLength
+ idetifier + flagsAndOffser + timeToLive + protocol + checksum
+ sourceAddress + destinationAddress;
}
}package a_20;
public class TCPCapPacket extends IPCapPacket{
public final int TcpType=2;
private String sourcePort;
private String destinationPort;
//序列号
private String serialNumber;
//确认号
private String confrimNumber;
//窗口大小
private String windowSize;
//校验和
private String tcpCheckSum;
//紧急指针
private String urgentPointer;
public TCPCapPacket(){}
public String getSourcePort() {
return sourcePort;
}
public void setSourcePort(String sourcePort) {
this.sourcePort = sourcePort;
}
public String getDestinationPort() {
return destinationPort;
}
public void setDestinationPort(String destinationPort) {
this.destinationPort = destinationPort;
}
public String getSerialNumber() {
return serialNumber;
}
public void setSerialNumber(String serialNumber) {
this.serialNumber = serialNumber;
}
public String getConfrimNumber() {
return confrimNumber;
}
public void setConfrimNumber(String confrimNumber) {
this.confrimNumber = confrimNumber;
}
public String getWindowSize() {
return windowSize;
}
public void setWindowSize(String windowSize) {
this.windowSize = windowSize;
}
public String getTcpCheckSum() {
return tcpCheckSum;
}
public void setTcpCheckSum(String tcpCheckSum) {
this.tcpCheckSum = tcpCheckSum;
}
public String getUrgentPointer() {
return urgentPointer;
}
public void setUrgentPointer(String urgentPointer) {
this.urgentPointer = urgentPointer;
}
@Override
public String toString() {
// TODO Auto-generated method stub
return sourceAddress+sourcePort+destinationAddress+destinationPort+serialNumber+confrimNumber
+windowSize+checksum+urgentPointer;
}
}
package a_20;
public class UDPCapPacket extends IPCapPacket {
public final int UdpType=3;
private String sourcePort;
private String destinationPort;
// udp长度
private int udpLength;
// udp校验和
private String checkSum;
public UDPCapPacket(){}
public String getSourcePort() {
return sourcePort;
}
public void setSourcePort(String sourcePort) {
this.sourcePort = sourcePort;
}
public String getDestinationPort() {
return destinationPort;
}
public void setDestinationPort(String destinationPort) {
this.destinationPort = destinationPort;
}
public int getUdpLength() {
return udpLength;
}
public void setUdpLength(int udpLength) {
this.udpLength = udpLength;
}
public String getCheckSum() {
return checkSum;
}
public void setCheckSum(String checkSum) {
this.checkSum = checkSum;
}
@Override
public String toString() {
// TODO Auto-generated method stub
return sourcePort + destinationPort + udpLength + checkSum;
}
}