【作者】 石玫；

【导师】 李祥和；

【作者基本信息】 解放军信息工程大学 ， 通信与信息系统， 2007， 硕士

【摘要】 网络拓扑自主发现技术是网络攻防研究的重点内容之一,它是向对方网络入侵的铺垫,是制定攻击策略的关键。现今网络的发展趋势为;安全性日益增高,拓扑连接更加复杂、组成更趋于异构,这使得原有的拓扑算法不再适用。本文结合课题要求,针对实际网络环境,将网络拓扑发现进行分层研究,论文主要完成的工作有;1.给出了一种改进的基于网际控制报文协议的逻辑拓扑发现方法,它可以对不支持简单网络管理协议或通信口令未知的网络进行逻辑拓扑发现。2.给出了一种基于生成树协议的物理拓扑发现算法,它可以对包含哑交换机、存在冗余连接的复杂子网进行物理拓扑发现。3.设计了逻辑和物理两种拓扑数据文件用来存储发现信息,它可以替代数据库进行拓扑信息的存取,使得拓扑发现程序的移植更为直接和隐秘,数据的操作更为简单。4.给出双线程异步ping、穿透防火墙的tracert等技术用来提高算法运行速度和发现深度。5.采用了一种化整为零的方法来解决由于一次拓扑发现范围过大而导致发现时间过长、流量过多,从而引发网络报警的问题。试验仿真结果证明;两种算法对网络的拓扑发现结果均与实际情况一致;数据文件的使用使得拓扑信息存取便捷,文件合并结果准确可靠。更多还原

【Abstract】 Automatic network topology discovery technology is one of the most important parts in the study of network attack and defense. It is the prelude of in-breaking remote network, and the key to set down the attacking strategy. Nowadays, the states of the network development are increasing enhancive attention to network security, increasing complex of topologic link and inclining to isomery in compositing, which cause those old topology discovery algorithms no longer apply to. In this paper, according to task’s requirement and aiming to the real network, we divide the network topology into two layers for studying. The main work done by this paper is:1. We propose an improved algorithm based on ICMP. It can be applied to nonsupport-SNMP or unknown-SNMP-community-string network for logical topology discovery.2. We propose an algorithm based on Spanning Tree Protocol. It can be applied to complex subnet contains numb switch and redundant link for physical topology discovery.3. We design logical and physical data file to store topology discovery info, which makes it not only directly and secretly to transplant topology discovery program, but also be convenient to handle the data.4. We use two-thread-asynchronous ping and penetrate-firewall tracert to increase discover speed and depth.5. We adopt a "divide whole into segments" way to solve the problems come from one big-range topology discovery. The problems it brings are long-time discovery and large communication flows, which will cause the network to alarm.The results of the two topology discovery algorithms in real network are both in accord with actual case; the use of data file makes accessing topo-info fast and merging multiple topology discovery results reliable, which proves the algorithms.更多还原