| Network interception and analysis, which is one of the important waysused in network security. Unix and Linux usually provide networkinterception function, which allows user's program to transfer originalnetwork flux data not processed by high level protocol program through theoperation system. But in windows environment, for its own encapsulation,it is difficult to program for the low level of the network, which badlyrestrict network inspect, and the exploder of security tools in windowsenvironment. WinPcap is a free and open exploder package of original code,which is package capture application system. Now there are many productsof ethernet network based on libpcap and winpcap. But it can not realizethe data interception under exchanging ethernet network. Though dsniffpackages developed by DugSong comprise a arp spoof module which realizeinterception under ethernet network, it is too cockamamie in decode and datashow. And they all have the problem that the data package captured repeatly.In this article the fundamentals of switched network interception isanalyzed, and recommends the details of ARP spoof. Based on ARP spoof amethod is introduced that can monitor the Telnet and FTP action of usersand record it. In the last the correlative questions of displaying andrecording in network interception are discussed, also a solution schemeis set forth. A program useing C in Linux gcc condition is given at the end. |
PDF Full Text Request