| As the popularization of computer, communication by network becomes more and more frequent. Network makes us more convenience and freedom, but the security exists at the same time.Hacker problem and information leak are more danger than virus. Virus is eyeable and cleanable; on the contrary, the result is fearful because hackers always hide their whereabouts.As a network security production, Fire wall is accepted by more people. Network Monitor System using in PC becomes the popular way to protecting the security. Network Monitor System based on method of heading off data packet in Windows platform, but the realization are different. There are two mainly realization level, user level and kernel level. Kernel level technique is TDI filtrate driver, NDIS intermediate driver and NDIS filtrate hook driver, and so on. They all realize by network driver. User level technique includes SPI interface, packet filtrate interface of Windows 2000, etc.The program mainly uses winsock2 SPI to head off packet. Winsock2 is the version 2.0 of windows socket and the latest version is winsock1.1. Version 2.0 has the advantage of SPI interface and can used to realize Qos, URL filtrate and other security monitor function. It is strong and useful.Winsock is the network interface for up level application. It is no need to know the detail of Winsock. SPI interface exists as DLL and works in application layer. The system in this paper used user level packet filtrate technique by SPI interface. SPI has many advantages, such as auto load, ignore detail, etc.We divide the modules by two principles as following:Independency. Try our best to make the relationship of modules be less.Interface concision. Try our best to make the interface between modules concision by avoiding using static variable or function.The system encapsulates the module of packet analysis to one class, and plans to save some information to log, including the domain name, file name, email, user name and password. Because information is included in sending or receiving packet, we can separate them using this class.The system views are encapsulation packet view, log query view, rule setting view and system setting view. The view framework and sub page are realized by CpropertySheet and CpropertyPage.Now, we introduce one stronger network technique. It is the availability technique for winsock2 SPI. This technique is the main content which we can improve the system instead of SPI.The way of improving system is heading off packet in kernel level and one good choice is using NDIS-HOOK technique. The advantages of NDIS-HOOK are as following:The convenience of programming, concision of interface and stability of performance.More agile than winsock2. We can use the useful code and avoid bring excrescent code.Stronger than wonsock2. As a network filtrate driver program, it works in transfer layer, network layer, etc.More security than winsock2. The action of heading off packet works the bottom layers.The simpleness of installation.The principle of NDIS-HOOK is replacing the address of function in NDIS, so the request of NDIS will be operated by our own function and then be transferred the request to system function. It is simple. |
PDF Full Text Request