哈尔滨工业大学(威海)本科毕业设计(论文)
摘 要
本论文主要研究了使用LIBNIDS网络安全开发包对邮件客户端收发的邮件
的还原。邮件客户端收发邮件时涉及到的协议是SMTP协议和POP3协议。利用
LIBNIDS网络安全开发包对邮件的数据包进行捕获,实现了邮件发件人、收件
人、抄送人、收发日期、邮件主题、邮件内容和邮件的附件名称信息的提取。
在对邮件的各字段进行还原的过程中,对SMTP和POP3进行协议分析,使
用捕获到的SMTP协议和POP3协议邮件的数据包中的内容,分析了邮件的发送
和接收时各字段所在的位置和对应的格式。对于含有汉字的字段,如发件人、
收件人、抄送人、主题、内容和附件名的还原,也利用分析出的邮件各字段数
据格式,设计出汉字还原的方法。
在此基础上,实现了邮件监视端软件的编写,利用互联网信息服务
(IIS)浏览被监视计算机中的邮件日志文件,实现了邮件监控子系统中监视
邮件收发情况的功能。
关键词 网络监控;邮件监控;邮件还原;SMTP;POP3
- I -
哈尔滨工业大学(威海)本科毕业设计(论文)
Abstract
This thesis mainly focused on the restoration for the e-mail client to send or
receive e-mails using the development package of network security LIBNIDS. E-
m a i l c l i e n t t o s e n d a n d r e c e i v e d e - m a i l s r e l a t e d t o S M T P a n d P O P 3 p r o t o c o l .
M a k i n g u s e o f L I B N I D S t o c a p t u r e t h e p a c k e t s o f e - m a i l s , i t’s a c h i e v ed t h e
restoration of main information in e-mails, including the sender, recipient, carbon
copy (cc), date, subject, content and attachment name.
I n t h e p r o c e s s o f r e s t o r i n g e - m a i l s , i t c a r r i e d o u t o n t h e S M T P a n d P O P 3
protocol analysis. With the content of e-mails captured based on SMTP and POP3
protocol, we have analyzed the format for corresponding field in e-mail. While the
f i e l d c o n t a i n s c h a r a c t e r s , s u c h a s s e n d e r , r e c i p i e n t , c c , s u b j e c t , c o n t e n t a n d
attachment name we also analyzed the format for corresponding field and designed
the means to restore Chinese characters.
U s i n g o f t h e I n t e r n e t I n f o r m a t i o n S e r v i c e s ( I I S ) o n t h i s b a s i s ,
it’s achieved the function of monitoring the situation to send and receive e-mails in
the subsystem of e-mail monitoring.
Key words network monitoring e-mail monitoring e-mail restoration SMTP
POP3
- II -
哈尔滨工业大学(威海)本科毕业设计(论文)
目 录
摘 要.....................................................................................................................I
Abstract...............................................................................................................II
第1章 绪论..........................................................................................................1
1.1 课题背景......................................................................................................1
1.2 课题来源、目的和意义...............................................................................1
1.2.1 国外研究现状..........................................................................................1
1.2.2 国内研究现状..........................................................................................2
1.3 主要研究内容..............................................................................................2
1.3.1 邮件监控.................................................................................................2
1.3.2 监控端软件..............................................................................................2
1.4 本文结构......................................................................................................3
第2章 理论基础..................................................................................................4
2.1 引言..............................................................................................................4
2.2 SMTP协议和POP3协议...............................................................................4
2.2.1 SMTP协议简介.......................................................................................4
2.2.2 POP3协议简介........................................................................................6
2.3 LIBNIDS开发包...........................................................................................7
2.3.1 LIBNIDS简介..........................................................................................7
2.3.2 LIBNIDS数据结构..................................................................................9
2.3.3 LIBNIDS基本函数................................................................................11
2.3.4 LIBNIDS的使用....................................................................................11
2.4 BASE64简介..............................................................................................12
2.5 本章小结....................................................................................................13
第3章 邮件监控子系统构成和框架.................................................................14
3.1 引言............................................................................................................14
3.2 模块组成....................................................................................................14
3.3 运行框架....................................................................................................17
3.4 本章小结....................................................................................................17
第4章 基于SMTP和POP3协议的邮件还原......................................................19
4.1 引言............................................................................................................19
- III -
哈尔滨工业大学(威海)本科毕业设计(论文)
4.2 总流程........................................................................................................19
4.3 具体实现....................................................................................................22
4.3.1 提取发件人............................................................................................22
4.3.2 提取收件人............................................................................................23
4.3.3 提取抄送人............................................................................................25
4.3.4 提取主题................................................................................................27
4.3.5 提取日期................................................................................................29
4.3.6 提取内容................................................................................................30
4.3.7 提取附件名............................................................................................32
4.4 邮件还原中的问题及解决办法.................................................................34
4.5 本章小结....................................................................................................35
第5章 监视端的实现........................................................................................36
5.1 引言............................................................................................................36
5.2 监视端框架................................................................................................36
5.3 具体实现....................................................................................................37
5.3.1 数据库...................................................................................................37
5.3.2 IIS设置...................................................................................................38
5.3.3 日志浏览、刷新和保存........................................................................38
5.3.4 添加和删除监视计算机........................................................................40
5.4 软件编写中的问题及解决办法.................................................................41
5.5 本章小结....................................................................................................41
第6章 综合测试................................................................................................42
6.1 引言............................................................................................................42
6.2 准备工作....................................................................................................42
6.3 测试............................................................................................................43
6.3.1 收件人、抄送人、主题、内容是英文情况.........................................43
6.3.2 收件人、抄送人、主题、内容是汉字情况.........................................44
6.3.3 多收件人或抄送人情况........................................................................44
6.3.4 含有多附件情况....................................................................................45
6.3.5 邮件内容超量情况................................................................................45
6.3.6 被监视计算机未启动情况....................................................................47
6.4 本章小结....................................................................................................47
结 论..................................................................................................................48
- IV -