actual programming, you also need to use a Data Structure to represent the IP address data segment header. The following describes the definition of this data structure:
Typedef struct _ IP {Union {BYTE Version; // VersionBYTE HdrLen; // IHL};BYTE ServiceType; // service typeWORD TotalLen; // total lengthWord id; // IDUnion {WORD Flags; // flagWORD FragOff; // segment offset};BYTE TimeToLive; // Life Cycle
network is a small frame (frame) of the transmission of the frames are composed of several parts, different parts to perform different functions. (for example, the first 12 bytes of Ethernet hold the source and destination addresses, which tell the network: where and where the data is coming from.) Other parts of the Ethernet frame hold the actual user data, the TCP/IP header, or the IPX message prime).Frames are molded by a specific network driver a
, workstation A does not capture data belonging to workstation B, but simply ignores the data ). If the network interface of a workstation is in the hybrid mode (the concept of the hybrid mode will be explained later), it can capture all the packets and frames on the network.2. Network Monitoring PrinciplesThe sniffor program is a tool that uses the Ethernet characteristics to set the network adapter (NIC, usually Ethernet Card) to the messy (promiscuous) mode. Once the same card is set to this
From -- http://blog.csdn.net/zhangnn5/article/details/6810347
Reading this articleArticleBefore that, I suppose you already know the TCP/IP protocol, ARP protocol, What Is sniffer, and other basic network knowledge.In a General Lan, there are usually two access methods, one is hub access (The Hub here refers to the general hub ), one is direct access from a vswitch (the vswitch here is a relatively advanc
process.
4. snoop on low-level protocol information:This is a terrible thing. I think, through the underlying information protocol record, for example, record the network interface address, remote network interface ip address, ip route information, and the byte sequential number of tcp connections between two hosts. This information is taken into account by an illegal hacker and will pose great harm to net
○ Collation
This article was written one year ago and was not completed for some reason. Today, I sorted out shadowstar's home and accidentally found this unfinished article. Although it was a year ago, it is still not out of date and should be helpful to anyone who wants to know sniffer. My father said that everything should start and end. Today is the Dragon Boat Festival. I would like to send a message to my loved ones who are far away from each ot
. PasswordI think this is the reason for the vast majority of illegal use of sniffer. sniffer can record the userid and passwd transmitted in plaintext. even if you use encrypted data during network transmission, the data recorded by sniffer may cause intruders to eat meat strings at home and find a way to calculate your algorithm.2. Financial AccountMany users c
BKJIA recommendation: Sniffer security technology from entry to entry
Learning the concept and principles of Sniffer is the foundation of Sniffer security technology. How should we get started with the knowledge of Sniffer security technology? Next let's introduce it to you one by one.
1. What is
small Frame unit on the network. frames are composed of several parts, and different parts perform different functions. (For example, the first 12 bytes of Ethernet are the Source and Destination addresses, which tell the network the source and destination of the data. Other parts of the Ethernet frame store the actual user data, TCP/IP packet header, or IPX packet header ).
The frame is formed by a specific network driver and then sent to the networ
parsing.The last three lines of code are specific applications where we use pcapy for data capture.pcap = pcapy.open_live(dev, 1500, 0, 100)Open_live method The first parameter is the device to be opened, the second parameter is the size of the capture packet, whether the third parameter turns on promiscuous mode, the fourth parameter is the delay time to wait for the packet, and the method returns a Pcapy object.pcap.setfilter(filter)Call the SetFilter method to set the filter.pcap.loop(0, han
Network, system management, or security technicians always encounter one or more problems during network management and maintenance. For example, why does the network transmission performance suddenly decrease? Why can't I open the webpage, but QQ can be launched? Why are some hosts suddenly disconnected? Such network problems need to be solved quickly and effectively, so as to minimize the impact of network problems on normal business of enterprises. Therefore, we need a tool to help us quickly
the network. On the Tools menu, locate the Address Book option and run, and in the Left tool menu in Address Book, you can find a magnifier icon, which is the "Auto Search" button. After you run the Auto Search feature, enter the start IP address and end address of the network in the IP address segment, and the system automatically searches. When the search is complete, a list of machines appears.
2. Save
Sniffer is a technology that uses computer network interfaces to intercept data packets destined for other computers. This technology is widely used in network maintenance and management. It works like a passive sonar, silently receiving various information from the network. Through the analysis of this data, the network administrator can gain an in-depth understanding of the current running status of the network to identify potential problems in the
, the main interface 1 is displayed. The current running status of some machine lists and Sniffer software is displayed. The software menu is displayed, and some shortcut menu is provided below, there is a row of shortcut buttons on the left. The Chinese version of the software is used, so the Chinese version of some words is not too accurate.
1. Obtain the machine list in the Network
After the Sniffer soft
and non-classic communication.
SSH was later developed into F-SSH, providing high-level, military-level encryption of the communication process. It provides the most universal encryption for network communication through TCP/IP. If a site uses a F-SSH, the user name and password are no longer important. Currently, no one has broken through this encryption method. Even Sniffer, the collected information wil
communication.
SSH was later developed into F-SSH, providing high-level, military-level encryption of the communication process. It provides the most universal encryption for network communication through TCP/IP. If a site uses a F-SSH, the user name and password are no longer important. Currently, no one has broken through this encryption method. Even sniffer, the collected information will no longer be
forwarded over Ethernet. Sniffer is a complicated attack method. Generally, only a hacker can use it as long as he understands it and can try it. I often know it through exercises !) For a new network user, even if a sinffer is successfully compiled and run on a host, no useful information is obtained. Because the information traffic on the network is usually quite large, it is very difficult to find the required information if you do not select the
network;(2), get the IP address and MAC address of all active hosts on the network;(3), can be specified to work in a static or passive mode;(4), filter rules can be added from the specified filter rules file;(5), with packet filtering function, in the case of large data flow, so that you can easily get the information needed.(6), can be used to collect the network in the plaintext transmission of the user name and password;(7), the captured data can
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.