Research On Switched Network Sniffing Based On ARP Technique And Its Application In Military Network

With the rapid development of information technology, information technology is changing the trajectory of the world’s military development.Information technology is widely used in grass-roots army. But now, grass-roots army of computer network security technology is relatively backward, there was theft of confidential information, the risk of network failure is difficult to quickly determine.As one of the technologies to solve network security problems, network sniffing is significant for the determination of the failures of the military network, the network information managements and the source of attackBased on the technologies such as network monitoring, ARP protocol, data packet capture, and the combination of the topology for the LAN of the military base, a network monitoring method is proposed in this thesis for the user’s data by using ARP (Address Resolution Protocol) spoofing technology, it is also used to design and develop a sniffing system for the LAN (Local Area Network) of the grassroots military units. The main work of this thesis includes the following four aspects:1. Based on the analysis of the capture mechanism for the network packet, implementation and vulnerability of the ARP protocol, a network monitoring method is proposed for the user’s data by using ARP spoofing technology, which redirect data packets to the sniff host before they are sent to the gateway.2. Based on the special attributes of different application protocols of TCP/IP protocol family, an algorithm for the construction of various types of message object is proposed.. Filtering algorithm is developed according to the type of Ethernet frame header. It is used to performs protocol analysis for the data packets, and intercepts useful information.3. By using Visual C++6.0development tools and WinPcap driver development kits, a switched LAN sniffer is developed for the grassroots military units, and it achieves network sniffing under swithed network environment.4. Tests are performed for the switched LAN sniffer in grassroots military units. Each functional module for the sniffer is tested in detail, and the corresponding test results is obtained.