Use the "listening-forward" program to break the network management protocol

zhaozj2021-02-16  143

Reprinted from "Computer World Daily" (Text / Chen Jun)

First, development purpose and principle

---- The company needs to study the internal network management information structure of a variety of Ethernet switches (also known as smart hubs) in the product development process. To this end, a "eavesdrop" program must be written, and the communication network management procedures and switches must be written. The content record is analyzed. I use the MFC Socket class in Visual C 6.0 to successfully implement the above purposes.

---- Currently, standard network management procedures and network devices support network management network devices communicate with standard Simple Network Management Protocol (SNMP). SNMP is a high-level protocol based on UDP / IP. Communication parties are transmitted by various network management information and control information according to SNMP, and can perform event real-time reports or alarms, so that network administrators can easily control the current operation of the network in a timely manner.

---- The range of network management information is very wide, such as network traffic, connection status, etc., due to the different management equipment, manufacturers can also customize network management information of their own products in accordance with relevant international standards. The NMS information is defined in the Management Information Library (MIB), and the entire system is an extensible tree structure. The network management information of one article is packaged in the SNMP protocol package, and then transmits the transfer layer to the UDP package, and then transmits it through the Socket mechanism.

---- The basic principles of this program are: inserted to "bullying" between the network management procedures and the managed equipment, posing as a tube device when communicating with the network management program; pushing the network management program when communicating with the managed equipment The program "None Talks"; this procedure is secretly recorded in order to record the content, and then "upload", will forward the content to the real recipient, so that the conversation will continue, so it is.

Second, programming ideas and specific processes

---- This program does not require a complex graphical interface, so it is only necessary to use Project Wizard to open a MFC application that supports Socket and dialog-based MFC applications. The class named cchatdlg is named cChatdlg, and then use the resource editor to add a button on this dialog, and the text is "listen". All of the received information will be played in a TRACE statement in the Output window of the Visual C integration environment. The purpose of this is to facilitate seeing various data in a timely manner, and of course other methods can be used. In this program, the client refers to the network management program and the Server refers to the switch.

---- Then add two classes to this item, which are derived from CSocket, and can call the ClassWizard tool to generate. CClientSocket is used to receive UDP data from the network management program, and Cserversocket is used to receive UDP data from the switch. These two classes are defined as follows:

Class CClientSocket: Public Csocket {// attributespublic:

// OperationsPublic: cclientsocket (cchatdlg * pdlg); Virtual ~ cclientsocket ();

// Overridespublic: BOOL m_bFirst; CChatDlg * pDlg; // ClassWizard generated virtualfunction overrides // {{AFX_VIRTUAL (CClientSocket) public: virtual void OnReceive (int nErrorCode); //}} AFX_VIRTUAL

// Generated message map functions // {{AFX_MSG (CClientSocket) // NOTE - the ClassWizard willadd and remove member functions here.//}}AFX_MSG// Implementationprotected:}; m_bFirst and pDlg are two custom category member, Its role is shown below.

Class CServersocket: Public Csocket {// AttributeSpublic:

// OperationsPublic: cserversocket (cchatdlg * pdlg); Virtual ~ cserversocket ();

// Overridespublic: cchatdlg * pdlg; // classwizard generated virtual function overrides // {{AFX_VIRTUAL (CSERVERSOCKET) Public: Virtual Void OnRecEive (int NerrorCode); //}} AFX_VIRTUAL

// generated message map functions // {{AFX_MSG (CserverSocket) // Note - The Classwizard Will Addand Remove Member Functions Here. / /} }Afx_msg

// ImplementationProtace:};

Then, add the handle of the button Listen in the CCHATDLG class as follows: void cchatdlg :: OnListen () {pClientSocket = new cclientsocket (this)

if (pClientSocket = NULL!) {if AfxMessageBox ( "Can not create ClientSocket!") (pClientSocket-> Create (SNMP_SOCKET_PORT, SOCK_DGRAM)!); else :: EnableWindow (GetDlgItem (IDC_LISTEN) -> m_hWnd, FALSE);} else {AFXMessageBox ("CAN NOT New ClientSocket!");}} Note: SNMP_Socket_Port should be set to 161.

Then, add the virtual function onRecke in CClientSocket: Void CclientSocket :: OnRecket :: OnRecEid (NerrorCode); NERRORCODE

Unsigned char TMP [// maxTmpsize is a custom macro, which can be 1024; INT i; int

Uint ClientPort; CString ClientAddress;

IF (m_bfirst) {m_bfirst = false;

Recnum = ReceiveFrom (TMP, MaxTmpsize, ClientAddress, Clientport);

IF (Recnum> 0) {Trace ("Received from Client,% D Bytes: / N", Recnum); for (i = 0; i

Trace ("/ n / n");

pDlg-> CreateServerSocket (ClientAddress, ClientPort); pDlg-> Send (true, tmp, RecNum);} elseAfxMessageBox ( "Error:! fail to Receive fromclient the first time");} else {RecNum = Receive (tmp, MAXTMPSIZE) ; if (recnum> 0) {Trace ("Received from Client,% D Bytes: / N", Recnum); for (i = 0; i

Trace ("/ n / n");

PDLG-> Send (True, TMP, Recnum);} elseafxMessageBox ("Error: Fail to Receive from Client!);

IF (Recnum <= 0) {AFXMessageBox ("Error: Fail to Receive from Client!); Return;}} ---- This program is probably: If this program receives UDP packages from the network management program for the first time It is necessary to record its Socket port number and IP address, which is one of the most critical places in this program. The reason is that the network management communication is generally generally issued by the network management program first issued a SNMP request package, so it is necessary to respond to the network management program; another purpose is to obtain the Socket port number and IP address of the prior unknown network management program listening. Then let CCHATDLG thus creating Cserversocket. The Send function of CCHATDLG will then be called to transfer the received UDP packet to the switch and displayed the received data in the Output window.

---- The contents of the CCHATDLG's Send and CreateServersocket functions in the upper program are as follows:

Void cchatdlg :: CreateServersocket (CSTRING Address, uint port) {m_clientaddress = address; m_clientport = port;

PServersocket = New Cserverse (this);

IF (PServersocket! = null) {if (! pserversocket-> create (m_clientport, sock_dgram) AFXMessageBox ("Can not create serversocket!");} elseafxMessageBox ("can not new serversocket!");}

void CChatDlg :: Send (BOOL ToServer, unsigned char * buf, int buf_len) {if (ToServer) {if (pServerSocket! = NULL) {if (pServerSocket-> SendTo (buf, buf_len, SNMP_SOCKET_PORT, m_ServerAddress) == SOCKET_ERROR) AfxMessageBox ( "Error:! fail to send data toserver");}} else {if (! pClientSocket = NULL) {if (pClientSocket-> SendTo (buf, buf_len, m_ClientPort, m_ClientAddress) == SOCKET_ERROR) AfxMessageBox ( "Error: Fail to send Data to Client! ");}}} ---- Note: m_serveraddress is the IP address of the switch, which is set in advancedlg's OnInitDialog function or elsewhere. ---- Finally, to process the received UDP packet from the switch, display the data in the Output window, and then call the CCHATDLG's Send function to forward it to the network management program. This is implemented in the CserveReceive virtual function:

Void CServersocket :: OnReceive (int Nerror) {CSocket :: OnRecEive (NerrorCode);

Unsigned char TMP [MaxTmpsize]; int I; int recnum

Recnum = Receive (TMP, MAXTMPSIZE);

IF (Recnum> 0) {Trace ("Received from Server,% D Bytes: / N", Recnum);

For (i = 0; i

Trace ("/ n / n");

PDLG-> Send (false, tmp, recnum);} else {i = getLastError (); trace ("Recnum =% D, getLastError () =% D / N", Recnum, i); afxMessageBox ("Error: fail TO Receive from Server! ");}} ---- The above is the main functional part of this program, with some variables not explained in detail due to space reasons, but does not affect the understanding of the program.

Third, the operation process

---- Install this program and network management program on both machines, connect them up, first run this program, click the Listen button, and then run the network management program. When the average network management program is running, you need to set the address of the IP of the tube device. At this time, set it to the IP address of the machine in this program, allowing the network management program to send all SNMP packages to this program.

---- Two procedures should be able to run correctly (if not, you may have to repeat the above process several times.), You can see that the data source source is constantly displayed, this is a real record of the network management process! When the amount of data is sufficient, end this program, you can see the prompt information that "disconnects" on the network management program is displayed. You can then copy the data in the Output window to a text file, and analyze in detail according to SNMP's format and coding rules, the NMS protocol will slowly crack it. ---- The above program is compiled under Visual C 6.0 and is running successful, and the practical effect is very good.

转载请注明原文地址:https://www.9cbs.com/read-8726.html

New Post(0)