Use the "listening-forward" program to break the network management protocol
Shenzhen Mingsan Industrial Co., Ltd. chenjun
First, development purpose and principle
The company needs to study the internal network management information structure of a variety of Ethernet switches (also known as smart hubs) in the product development process. To this end, a "eavesdrop" program must be written, and the communication content of the network management program and the switch will be recorded. analysis. I use the MFC Socket class in Visual C 6.0 to successfully implement the above purposes.
Currently, there are mostly used standard Simple Network Management Protocol (SNMP) between network managers and network devices that support network management. SNMP is a high-level protocol based on UDP / IP. Communication parties are transmitted by various network management information and control information according to SNMP, and can perform event real-time reports or alarms, so that network administrators can easily control the current operation of the network in a timely manner.
The range of network management information is very wide, such as network traffic, connection status, etc., due to the different management equipment, manufacturers can customize network management information of their own products in accordance with relevant international standards. The NMS information is defined in the Management Information Library (MIB), and the entire system is an extensible tree structure. The network management information of one article is packaged in the SNMP protocol package, and then transmits the transfer layer to the UDP package, and then transmits it through the Socket mechanism.
The basic principle of this program is to plug into "bullying between the network management program and the tube equipment", posing as the network management program communication; _ _ _ _ _ _ _ _ _ _ _ _ _ None words, don't talk "; this procedure is in an orderly manner to record the content of the conversation, and then" upload ", will forward the content to the real recipient, so that the conversation will continue, so loop.
Second, programming ideas and specific processes
This program does not require a complex graphical interface, so it is only necessary to use Project Wizard to open a MFC application that supports socket and dialog-based MFC applications. The class named cchatdlg is named cChatdlg, and then use the resource editor to add a button on this dialog, and the text is "listen". All of the received information will be played in a TRACE statement in the Output window of the Visual C integration environment. The purpose of this is to facilitate seeing various data in a timely manner, and of course other methods can be used. In this program, the client refers to the network management program and the Server refers to the switch.
Then add two classes to this item, which are derived from CSocket, which can call the ClassWizard tool to generate. CClientSocket is used to receive UDP data from the network management program, and Cserversocket is used to receive UDP data from the switch. These two classes are defined as follows:
Class CClientSocket: Public Csocket
{
// attributes
PUBLIC:
// Operations
PUBLIC:
CClientSocket (CCHATDLG * PDLG);
Virtual ~ cclientsocket ();
// Overrides
PUBLIC:
BOOL M_BFIRST;
CCHATDLG * PDLG;
// ClassWizard generated virtual
Function overrides
// {{AFX_VIRTUAL (CClientSocket)
PUBLIC:
Virtual Void OnRecEive (Int NerrorCode);
//}} AFX_VIRTUAL
// generated message map functions
// {{AFX_MSG (CClientSocket)
// Note - The classwizard will add and remove member functions here./ /} }Afx_msg
// Implementation
protected:
}
M_bfirst and PDLG are customized two categories, which are described below.
Class Cserversocket: Public Csocket
{
// attributes
PUBLIC:
// Operations
PUBLIC:
Cserversocket (CCHATDLG * PDLG);
Virtual ~ cserversocket ();
// Overrides
PUBLIC: CCHATDLG * PDLG;
// ClassWizard Generated Virtual Function Overrides
// {{AFX_VIRTUAL (CSERVERSOCKET)
PUBLIC:
Virtual Void OnRecEive (Int NerrorCode);
//}} AFX_VIRTUAL
// generated message map functions
// {{AFX_MSG (CserverseSocket)
// Note - The ClassWizard Will Add and Remove Member functions here.
//}} AFX_MSG
// Implementation
protected:
}
Then, add the handle of the button Listen in the CCHATDLG class as follows:
void cchatdlg :: online ()
{
PCLIENTSOCKET = New CclientSocket (this);
IF (PCLIENTSOCKET! = NULL)
{
IF (! pClientSocket-> Create (snmp_socket_port, sock_dgram))
AfxMessageBox ("Can Not Create Clientsocket!");
Else
:: EnableWindow (Getdlgitem (IDC_Listen) -> M_HWND, FALSE);
}
Else
{
AfxMessageBox ("Can NOT New Clientsocket!");
}
}
Note: SNMP_Socket_Port should be set to 161. Then, add the virtual function onreceive in CClientSocket:
Void CClientSocket :: OnReceive (int NerrorCode)
{
CSocket :: OnRecEive (NerrorCode);
UNSIGNED Char TMP [MAXTMPSIZE];
// maxTmpSize is a custom macro, which can be 1024;
INT I;
Int recnum;
Uint clientport;
CSTRING ClientAddress;
IF (m_bfirst)
{
m_bfirst = false;
Recnum = ReceiveFrom (TMP, MaxTmpsize, ClientAddress, Clientport);
IF (Recnum> 0)
{
Trace ("Received from Client,% D Bytes: / N", Recnum);
For (i = 0; i { IF (i% 10 == 0) Trace ("/ n% 5d,", TMP [I]); Else Trace ("% 5D,", TMP [i]); } Trace ("/ n / n"); PDLG-> CREATSERVERSOCKET (ClientAddress, clientport); PDLG-> Send (TRUE, TMP, RECNUM); } Else AfxMessageBox ("Error: Fail to Receive from Clittle Time!"); } Else { Recnum = Receive (TMP, MAXTMPSIZE); IF (Recnum> 0) { Trace ("Received from Client,% D Bytes: / N", Recnum); For (i = 0; i { IF (i% 10 == 0) Trace ("/ n% 5d,", TMP [I]); Else Trace ("% 5D,", TMP [i]); } Trace ("/ n / n"); PDLG-> Send (TRUE, TMP, RECNUM); } Else AfxMessageBox ("Error: Fail to Receive from Clom CLIT!"); } IF (Recnum <= 0) { AfxMessageBox ("Error: Fail to Receive from Clom CLIT!"); Return; } } The probably meaning of this segment: If this program receives the UDP package from the network management program for the first time, it is to record its Socket port number and IP address, which is one of the most critical places in this program. The reason is that the network management communication is generally generally issued by the network management program first issued a SNMP request package, so it is necessary to respond to the network management program; another purpose is to obtain the Socket port number and IP address of the prior unknown network management program listening. Then let CCHATDLG thus creating Cserversocket. The Send function of CCHATDLG will then be called to transfer the received UDP packet to the switch and displayed the received data in the Output window. The content of CCHATDLG's Send and CreateServersocket functions in the upper program: Void cchatdlg :: CreateServersocket (CSTRING Address, Uint Port) { m_clientaddress = address; m_clientport = port; PServersocket = New Cserverse (this); IF (PServersocket! = null) { IF (! pserversocket-> create (m_clientport, sock_dgram)) AfxMessageBox ("Can Not Create Serversocket!"); } Else AfxMessageBox ("Can NOT New Serversocket!"); } Void cchatdlg :: Send (Bool Teserver, Unsigned Char * BUF, INT BUF_LEN) { IF (TOSERVER) { IF (PServersocket! = null) { IF (PServersocket-> Sendto (BUF, BUF_LEN, SNMP_SOCKET_PORT, M_SERVERVERADDRESS) == Socket_ERROR) AfxMessageBox ("Error: Fail to Send Data To Server!"); } } Else { IF (PCLIENTSOCKET! = NULL) { IF (PClientSocket-> Sendto (BUF, BUF_LEN, M_CLIENTPORT, M_CLIENTDRESS) == Socket_ERROR) AfxMessageBox ("Error: Fail to Send Data To Client!"); } } } Note: m_serveraddress is the IP address of the switch, which is set in advancedlg OnInitDialog function or elsewhere. Finally, to process the received UDP packet from the switch, display it in the Output window, and then call the CCHATDLG's Send function forward to the network management program. This is implemented in the CserveReceive virtual function: Void CServersocket :: OnReceive (int NerrorCode) { CSocket :: OnRecEive (NerrorCode); UNSIGNED Char TMP [MAXTMPSIZE]; INT I; Int recnum; Recnum = Receive (TMP, MAXTMPSIZE); IF (Recnum> 0) { Trace ("Received from Server,% D Bytes: / N", Recnum); For (i = 0; i { IF (i% 10 == 0) Trace ("/ n% 5d,", TMP [I]); Else Trace ("% 5D,", TMP [i]); } Trace ("/ n / n"); PDLG-> Send (False, TMP, Recnum); } Else { i = getLastError (); Trace ("RECNUM =% D, getLastError () =% D / N", Recnum, I); AfxMessageBox ("Error: Fail to Receive from Server!"); } } The above is the main functional part of this program, some of which have not been explained in detail due to space reasons, but does not affect the understanding of the program. Third, the operation process The two machines are installed on both machines and network management procedures, connect them to the switch, first run this program, point the Listen button, and then run the network management program. When the average network management program is running, you need to set the address of the IP of the tube device. At this time, set it to the IP address of the machine in this program, allowing the network management program to send all SNMP packages to this program. Then the two procedures should be able to run correctly (if not, it may be repeated several times.), In the Output window, you can see that the data source is constantly displayed, this is really a real record of the network management process! When the amount of data is sufficient, end this program, you can see the prompt information that "disconnects" on the network management program is displayed. You can then copy the data in the Output window to a text file, and analyze in detail according to SNMP's format and coding rules, the NMS protocol will slowly crack it. The above program is compiled under Visual C 6.0 and is running successful, and the practical effect is very good.