Abstract: An approach based on the sniffer of TCP/IP communication to interrupt TCP “three-way handshake” connection is presented. The environment of the whole experiment is a section of the Beijing Jiaotong University’s LAN which mainly use RedHat 9.0(Linux), Windows 2000 Server, Windows XP Professional, Windows XP Home, Windows 2003 as the operation system. Two programs under Windows and Linux are respectively made by C and VC++6.0 to test the effect of sniffer and interruption. The result is that the protocol of TCP/IP can’t make sure the security of “three-way handshake” connection. And based on “the sniffer and interruption of TCP/IP communication”, LAN can be managed more effectively.

Key words: Three-way handshake, Interruption, TCP /IP, Sniffer

摘要： 研究TCP/IP网络的监听，“三次握手”建立连接的过程，以及拆断TCP“三次握手”的方法。以RedHat 9.0(Linux)、Windows 2000 Server、Windows XP Professional、Windows XP Home、Windows 2003为主要操作系统的北京交通大学校园网某网段为实验环境，分别在RedHat 9.0和Windows XP 下用C和VC++6.0编程实现对网段内主机TCP/IP通信的监听；在监听到非法内容时，对非法通信的阻断。结果表明现在应用的“TCP/IP协议”无法做到“三次握手”的安全性，在TCP建立连接的过程中无法检测第三方的破坏行为，同时也可以利用这一点更好地管理局域网络。

关键词: 三次握手, 阻断, TCP/IP, 监听

CLC Number: 

• TP393