|
阅读:1599回复:9
关于如何根据数据包包头来判断是哪一台机器发出来的数据?
有几台客户机和一台服务器。服务器(双网卡)用windows网络共享或IP伪装的功能(这里以网络共享功能讲述),服务器接内部局域网的网卡地址为192.168.0.1,服务器外接互联网的网卡地址为电信局分配的动态动址。。
现在我通过WinPcap在外接互联网的网卡上捕捉了由客户机的向外发出的数据包。这个数据包经过内接局域网的网卡封装过后。我不知如何通过这个数据包包头中得到是哪一台客户机发出的数据包?如何判断这个包是哪个客户机的发出?客户机发出的数据经过网关,网关是按什么方式来封装?? 谢谢! |
|
最新喜欢: aasa2
|
|
沙发#
发布于:2002-12-07 09:50
这应该属于 NAT 的范围,先找点资料看看了解一下
|
|
|
板凳#
发布于:2002-12-07 10:58
有几台客户机和一台服务器。服务器(双网卡)用windows网络共享或IP伪装的功能(这里以网络共享功能讲述),服务器接内部局域网的网卡地址为192.168.0.1,服务器外接互联网的网卡地址为电信局分配的动态动址。。 判定数据包的源IP地址不就行了吗! [编辑 - 12/7/02 by freeshar] |
|
|
|
地板#
发布于:2002-12-07 11:23
判定数据包的源IP地址不就行了吗! 如果数据包已经通过了 NAT 模块,那个 IP 地址已经被修改过了。 |
|
|
地下室#
发布于:2002-12-07 11:43
[quote] 判定数据包的源IP地址不就行了吗! 如果数据包已经通过了 NAT 模块,那个 IP 地址已经被修改过了。 [/quote] 是啊。。经过NAT时原IP地址已经改变了。。我刚才找了一下资料,知道经过NAT的时候,系统会有一个端口映射表(MAC TABLE)记录着原IP地址MAC的相关信息。现在不知有什么方法可以读取这个端口映射表。 |
|
|
5楼#
发布于:2002-12-07 13:08
系统会有一个端口映射表(MAC TABLE)记录着原IP地址MAC的相关信息。现在不知有什么方法可以读取这个端口映射表。 这个应该很难吧!系统的这些数据结构应该都不是公开的。最好还是在数据还没有通过 NAT 模块之前就拿到它们。 |
|
|
6楼#
发布于:2002-12-07 20:52
[quote] 系统会有一个端口映射表(MAC TABLE)记录着原IP地址MAC的相关信息。现在不知有什么方法可以读取这个端口映射表。 这个应该很难吧!系统的这些数据结构应该都不是公开的。最好还是在数据还没有通过 NAT 模块之前就拿到它们。 [/quote] 我在2002 msdn里找到这个,不知是不是指NAT那个端口映射 Platform SDK: Internet Connection Sharing and Internet Connection Firewall Adding and Removing Port Mappings (C++) The following C++ code demonstrates adding and removing port mappings from network connections. First the code adds a port mapping to every shared or firewalled connection on the local computer. The code then enumerates the connections in order to identify those that have port mappings added, and removes the port mappings from those connections. #include \"stdafx.h\" // as in winsock.h #define NAT_PROTOCOL_TCP 6 #define NAT_PROTOCOL_UDP 17 HRESULT DeletePortMapping (INetSharingManager * pNSM, UCHAR ucIPProtocol, short usExternalPort) { // this is done in 2 parts: // 1: enum connections until we get one that we can convert into an INetSharingConfiguration // 2: then, enum portmappings, and delete if we find a match. // PART 1: find a valid connection INetConnection * pNC = NULL; // fill this out for part 2 below INetSharingEveryConnectionCollection * pNSECC = NULL; HRESULT hr = pNSM->get_EnumEveryConnection (&pNSECC); if (!pNSECC) wprintf (L\"failed to get EveryConnectionCollection!\\r\\n\"); else { // enumerate connections IEnumVARIANT * pEV = NULL; IUnknown * pUnk = NULL; hr = pNSECC->get__NewEnum (&pUnk); if (pUnk) { hr = pUnk->QueryInterface (__uuidof(IEnumVARIANT), (void**)&pEV); pUnk->Release(); } if (pEV) { VARIANT v; VariantInit (&v); BOOL bFoundIt = FALSE; while (S_OK == pEV->Next (1, &v, NULL)) { if (V_VT (&v) == VT_UNKNOWN) { V_UNKNOWN (&v)->QueryInterface (__uuidof(INetConnection), (void**)&pNC); if (pNC) { INetConnectionProps * pNCP = NULL; pNSM->get_NetConnectionProps (pNC, &pNCP); if (!pNCP) wprintf (L\"failed to get NetConnectionProps!\\r\\n\"); else { // check properties for firewalled or shared connection DWORD dwCharacteristics = 0; pNCP->get_Characteristics (&dwCharacteristics); if (dwCharacteristics & (NCCF_SHARED | NCCF_FIREWALLED)) { NETCON_MEDIATYPE MediaType = NCM_NONE; pNCP->get_MediaType (&MediaType); if ((MediaType != NCM_SHAREDACCESSHOST_LAN) && (MediaType != NCM_SHAREDACCESSHOST_RAS) ){ // got a shared/firewalled connection bFoundIt = TRUE; } } pNCP->Release(); } if (bFoundIt == FALSE) { pNC->Release(); pNC = NULL; } } } VariantClear (&v); if (bFoundIt == TRUE) break; } pEV->Release(); } pNSECC->Release(); } if (pNC == NULL) { wprintf (L\"failed to find a valid connection!\\r\\n\"); return E_FAIL; } INetSharingConfiguration * pNSC = NULL; hr = pNSM->get_INetSharingConfigurationForINetConnection (pNC, &pNSC); pNC->Release(); // don\'t need this anymore if (!pNSC) { wprintf (L\"can\'t make INetSharingConfiguration object!\\r\\n\"); return hr; } // PART 2: enum port mappings, deleting match, if any INetSharingPortMappingCollection * pNSPMC = NULL; hr = pNSC->get_EnumPortMappings (ICSSC_DEFAULT, &pNSPMC); if (!pNSPMC) wprintf (L\"can\'t get PortMapping collection!\\r\\n\"); else { // this is the interface to be filled out by the code below INetSharingPortMapping * pNSPM = NULL; IEnumVARIANT * pEV = NULL; IUnknown * pUnk = NULL; hr = pNSPMC->get__NewEnum (&pUnk); if (pUnk) { hr = pUnk->QueryInterface (__uuidof(IEnumVARIANT), (void**)&pEV); pUnk->Release(); } if (pEV) { VARIANT v; VariantInit (&v); BOOL bFoundIt = FALSE; while (S_OK == pEV->Next (1, &v, NULL)) { if (V_VT (&v) == VT_DISPATCH) { V_DISPATCH (&v)->QueryInterface (__uuidof(INetSharingPortMapping), (void**)&pNSPM); if (pNSPM) { INetSharingPortMappingProps * pNSPMP = NULL; hr = pNSPM->get_Properties (&pNSPMP); if (pNSPMP) { UCHAR uc = 0; pNSPMP->get_IPProtocol (&uc); long usExternal = 0; pNSPMP->get_ExternalPort (&usExternal); if ((uc == ucIPProtocol) && (usExternal == usExternalPort)) bFoundIt = TRUE; pNSPMP->Release(); } if (bFoundIt == FALSE) { // hang onto reference to pNSPM iff found (used below) pNSPM->Release(); pNSPM = NULL; } } } VariantClear (&v); if (bFoundIt == TRUE) break; // bail out if we\'ve found one } pEV->Release(); } if (pNSPM) { hr = pNSPM->Delete(); // or pNSC->RemovePortMapping (pNSPM); wprintf (L\"just deleted a port mapping!\\r\\n\"); pNSPM->Release(); } pNSPMC->Release(); } pNSC->Release(); return hr; } HRESULT AddAsymmetricPortMapping (INetSharingConfiguration * pNSC) { HRESULT hr = S_OK; VARIANT_BOOL vb1 = VARIANT_FALSE; VARIANT_BOOL vb2 = VARIANT_FALSE; pNSC->get_SharingEnabled (&vb1); pNSC->get_InternetFirewallEnabled (&vb2); if ((vb1 == VARIANT_FALSE) && (vb2 == VARIANT_FALSE)) wprintf (L\"sharing and/or firewall not enabled on this connection!\\r\\n\"); else { INetSharingPortMapping * pNSPM = NULL; hr = pNSC->AddPortMapping (L\"Ben\'s Port Mapping\", NAT_PROTOCOL_TCP, 555, 444, 0, L\"192.168.0.2\", ICSTT_IPADDRESS, &pNSPM); if (pNSPM) { wprintf (L\"just added NAT_PROTOCOL_TCP, 555, 444!\\r\\n\"); hr = pNSPM->Enable(); wprintf (L\"just enabled port mapping!\\r\\n\"); pNSPM->Release(); } else wprintf (L\"failed to add asymmetric port mapping!\\r\\n\"); } return hr; } HRESULT DoTheWork (INetSharingManager * pNSM) { // add a port mapping to every firewalled or shared connection INetSharingEveryConnectionCollection * pNSECC = NULL; HRESULT hr = pNSM->get_EnumEveryConnection (&pNSECC); if (!pNSECC) wprintf (L\"failed to get EveryConnectionCollection!\\r\\n\"); else { // enumerate connections IEnumVARIANT * pEV = NULL; IUnknown * pUnk = NULL; hr = pNSECC->get__NewEnum (&pUnk); if (pUnk) { hr = pUnk->QueryInterface (__uuidof(IEnumVARIANT), (void**)&pEV); pUnk->Release(); } if (pEV) { VARIANT v; VariantInit (&v); while (S_OK == pEV->Next (1, &v, NULL)) { if (V_VT (&v) == VT_UNKNOWN) { INetConnection * pNC = NULL; V_UNKNOWN (&v)->QueryInterface (__uuidof(INetConnection), (void**)&pNC); if (pNC) { INetConnectionProps * pNCP = NULL; pNSM->get_NetConnectionProps (pNC, &pNCP); if (!pNCP) wprintf (L\"failed to get NetConnectionProps!\\r\\n\"); else { // check properties for firewalled or shared connection DWORD dwCharacteristics = 0; pNCP->get_Characteristics (&dwCharacteristics); if (dwCharacteristics & (NCCF_SHARED | NCCF_FIREWALLED)) { NETCON_MEDIATYPE MediaType = NCM_NONE; pNCP->get_MediaType (&MediaType); if ((MediaType != NCM_SHAREDACCESSHOST_LAN) && (MediaType != NCM_SHAREDACCESSHOST_RAS) ){ // got a shared/firewalled connection INetSharingConfiguration * pNSC = NULL; hr = pNSM->get_INetSharingConfigurationForINetConnection (pNC, &pNSC); if (!pNSC) wprintf (L\"can\'t make INetSharingConfiguration object!\\r\\n\"); else { hr = AddAsymmetricPortMapping (pNSC); pNSC->Release(); } } } pNCP->Release(); } pNC->Release(); } } VariantClear (&v); } pEV->Release(); } pNSECC->Release(); } return hr; } int main(int argc, char* argv[]) { CoInitialize (NULL); // init security to enum RAS connections CoInitializeSecurity (NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL); INetSharingManager * pNSM = NULL; HRESULT hr = ::CoCreateInstance (__uuidof(NetSharingManager), NULL, CLSCTX_ALL, __uuidof(INetSharingManager), (void**)&pNSM); if (!pNSM) wprintf (L\"failed to create NetSharingManager object\\r\\n\"); else { // in case it exists already DeletePortMapping (pNSM, NAT_PROTOCOL_TCP, 555); // add a port mapping to every shared or firewalled connection. hr = DoTheWork (pNSM); // do other work here. // when you\'re done, // clean up port mapping DeletePortMapping (pNSM, NAT_PROTOCOL_TCP, 555); pNSM->Release(); } CoUninitialize (); return (int)hr; } |
|
|
7楼#
发布于:2002-12-07 20:54
[quote] 系统会有一个端口映射表(MAC TABLE)记录着原IP地址MAC的相关信息。现在不知有什么方法可以读取这个端口映射表。 这个应该很难吧!系统的这些数据结构应该都不是公开的。最好还是在数据还没有通过 NAT 模块之前就拿到它们。 [/quote] 如果在NAT之前拿到它们,我的程序就要处理很多不相关的数据包。。。。我只是想记录上网的数据包。 |
|
|
8楼#
发布于:2002-12-08 10:29
[quote] [quote] 系统会有一个端口映射表(MAC TABLE)记录着原IP地址MAC的相关信息。现在不知有什么方法可以读取这个端口映射表。 这个应该很难吧!系统的这些数据结构应该都不是公开的。最好还是在数据还没有通过 NAT 模块之前就拿到它们。 [/quote] 如果在NAT之前拿到它们,我的程序就要处理很多不相关的数据包。。。。我只是想记录上网的数据包。 [/quote] 你能够截获包那就行了塞, 分析内网卡上的数据包塞。 不过NAT至少在MINIPORT之上。 你要比他低才行 [编辑 - 12/10/02 by activei] |
|
|
|
9楼#
发布于:2002-12-10 15:21
直接在NAT之前抓包,其实上网包很好过滤啊,上网的数据包的目标IP肯定是外网的。直接做个判断,外网的包才抓,不就行了,又简单。又方便 |
|
|
