这是网络分析仪，我如何Dnslookup [英] this is a network analyzer how do i Dnslookup

问题描述

Dim I As Short
     Dim thisPacket As String
     Dim SourceIP As String
     Dim DestIp As String
     Dim item As New ListViewItem

     thisPacket = ""
     For I = 0 To e.pPacket.DataSize - 4
         thisPacket = thisPacket & Chr(e.pPacket.Data(I))
     Next
     If e.pPacket.Data(14) = 69 And e.pPacket.Data(23) = 6 Then
         SourceIP = e.pPacket.Data(26) & "." & _
                    e.pPacket.Data(27) & "." & + _
                    e.pPacket.Data(28) & "." & + _
                    e.pPacket.Data(29)
         DestIp = e.pPacket.Data(30) & "." & _
                  e.pPacket.Data(31) & "." & + _
                  e.pPacket.Data(32) & "." & + _
                  e.pPacket.Data(33)
         item.SubItems(0).Text = SourceIP
         item.SubItems.Add(DestIp)
         item.SubItems.Add(e.pPacket.DestMacAddress)

         item.SubItems.Add(Dnslookup)

         item.SubItems.Add(e.pPacket.DestPort)
         item.SubItems.Add(e.pPacket.DataSize)

推荐答案

不是真的:-)

你想让我做什么?源IP或目标IP上的反向DNS?
在这种情况下，您将使用反向的点地址查询DNS服务器，后跟"in-addr.arpa".

http://www.freesoft.org/CIE/Course/Section2/15.htm [ ^ ]

Not really :-)

What do you want to do? a reverse DNS on the source IP or destination IP?
In that case you query your DNS server with the reversed dotted address, followed by ''in-addr.arpa''.

http://www.freesoft.org/CIE/Course/Section2/15.htm[^]

您将在此处找到代码示例 [ ^ ]

让我给老手一些建议:

当您开始这样的重大任务而毫无头绪时，您应该至少对系统进行粗略的设计.一旦进行了粗略的设计，请尝试确定哪些部分对您来说很难(在这种情况下，最困难的部分可能是:从网络上获取数据包，过滤这些数据包并真正分析协议(您知道多少个协议) ，您是否详细了解它们?可以获取RFC的副本吗?)
一旦了解了困难的部分，您至少应该尝试根据自己选择的技术对它们进行原型制作. (忘记这些简单的部分，您知道您仍然可以执行这些操作.)
这个小的原型称为概念证明.这将使您充满信心，可以完成这项工作，并且您的体系结构是健全的.
如果发现不能做硬零件，则应该重新设计，或者更改体系结构，或者选择其他技术来做硬零件.
排序后，您便可以开始实施.您将创建用户界面，将异常处理和恢复添加到原型零件中，并实现所有用例.那是工作的最大部分.区别在于，只有在确定可以完成此工作时，您才做很大的工作.解决这个问题的方法是，在创建用户界面时会付出很大的努力，而当这些界面都变得光鲜亮丽时，您会发现它不起作用，因为您拥有没有数据.您将对计算大为恼火，而且您将学不到任何东西.

现在，我将为您节省一些精力:VB.Net不是用于编写协议分析器的适当语言.当然，您可以在VB.Net或C#中使用用户界面，但要进行数据包捕获，则必须深入到C或C ++，并且该开发的部分内容可能在设备驱动程序级别.即使是最好的C/C ++专家也不会轻易在设备驱动程序级别编写代码.不是因为他们不了解C ++或汇编程序，而是因为这需要对操作系统和输入/输出子系统的内部工作有深入的了解.您的调试器将是一个命令行调试器，它对变量一无所知，并且您将在袖珍计算器上进行虚拟地址转换算术，所有操作都以十六进制表示.如果您不吃饭，不呼吸，不睡觉也不喝电脑，那简直就是废话. (我知道我曾经是操作系统设计师).

相信我，选择更简单的东西，您不会被欺骗的...

You''ll find your code sample here[^]

Let me give some advice from an old hand:

When you start a major undertaking like this, without a clue, you should have at least a rough design of your system. Once you have that rough design, try identifying what parts look difficult to you (in this case, the hard parts will probably be: getting the packets off the network, filtering those packets, and really analysing the protocol (how many protocols do you know, do you know them in detail? can you get copy of the RFC''s?)
Once you know the hard parts, you should at least try prototyping them in the technology of your choice. (Forget about the easy parts, you know that you can do them anyway).
This small prototype is called a proof of concept. It will give you confidence that the job can be done, and that your architecture is sound.
If you find that you cannot do the hard parts, you should revisit your design, maybe change the architecture, or choose other technologies that will allow you to do the hard parts.
Once you''ve got that sorted, you start implementing for real; You do your user interface, add exception handling and recovery to your prototyped parts, and implement all the use cases. That is the biggest part of the job. The difference is that you only do this big part when you''re certain that you can finish it. The way you''re getting about this, you''ll put a lot of effort in making a user interface, and when that''s all polished and shiny, you''ll discover that it does not work, because you have no data. You''ll be pissed off at computing, and you won''t have learned anything.

Now I''ll spare you some of the effort: VB.Net is not the appropriate language for writing a protocol analyser. Sure you can do you user interface in VB.Net, or in C#, but to do packet capturing, you''ll have to dive down to C or C++, and parts of that development will probably be at the device driver level. Writing code at the device driver level is something that even the best C/C++ experts would not undertake lightly. Not because they don''t know C++ or assembler, but because this requires intimate knowledge of the internal workings of the Operating System and the Input/Output subsystem. Your debugger will be a command line debugger which knows nothing about variables, and you''ll do your virtual address translation arithmetic on a pocket calculator, all in hex. It''s crap job if you don''t eat, breathe, sleep and drink computers. (I know I used to be an operating system designer).

Trust me, pick something simpler, you won''t be deceived...

我不知道.你可以给一个代码示例.您将如何进行这项工作?

i don''t know. can you give a code sample. how would you make this work?

这篇关于这是网络分析仪，我如何Dnslookup的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！