| Along with the network development and popularization, network openness , sharing and interconnection are expanding. Because network interconnection generally uses tcp/ip agreement and tcp/ip is an industry standard agreement bunch, at the beginning of this agreement bunch of making, there is not much consideration to the secure questions, so the agreement has many security loopholes and network is easily to be attacked by hackers. As one of the tcp/ip members, arp also has many security loopholes. Arp spoof monitoring is one of the hacker's attack methods. So it is necessity to know about this attack method and raise our own security consciousness, we should positively adopts effective security policy to safeguard network security. The main purpose of this thesis is exposing loopholes in arp protocol, using them to monitor network and defending this monitoring attack, and based on this, this thesis constructed a model.This thesis has first analyzed one of hacker's attack methods-network monitoring technology and its current status, and introduced the monitoring, the protection and detection method of shared network and switch network, and the elementary knowledge of network security. Next, this thesis has carried on the analysis to the data packet capture mechanism, introduced winpcap packet capture architecture under windows environment in detail and the correlation function. Then, the thesis carried on an detailed analysis to the arp agreement, including its function analysis, loophole analysis and working principle analysis. and based on this, carried on the detailed analysis to arp spoof monitoring technology. Finally, I constructed a concrete model.The model can monitor most datas through the ethernet stably and has some practical values. Through the model, you may understand hacker's action principle of this kind of attack, thus you can effectively performs to protect and detect this kind of attack. |
PDF Full Text Request