The Design And Implementation Of Packet Filter And Monitor Based On NDIS

With the continuous development of the Internet,people around the world are connecting with each other through this huge network.While the computer network makes people's life and work more convenient,it also has certain security problems,which may cause the loss,damage,leakage of computer data caused by accidental or malicious attacks on the computer.Therefore,it is necessary to design and implement a system that can acquire packets from the network card driver and intercept the specified IP.The system designed in this paper mainly realizes the acquisition and interception of all data packets through the local network card,as well as the analysis and display of them and monitoring.For the security of the computer,the specified IP can be intercepted.In order to facilitate us to understand the network traffic situation in the local,by counting the number of data packets and using the line charts to display it intuitively.The system structure is mainly divided into kernel state and user state.Kernel state is mainly realize a NDIS intermediate driver,which get and intercept the all data packets from local NIC driver.The user state program can obtain data packets acquired in kernel state from the buffer,parsed and displayed them.Users can also enter IP in the text box,select disable or enable.This instruction is passed to the kernel driver and the corresponding action is performed and the disabled IP will be saved to the database.In addition,a line chart can be used to display the current network traffic situation in real time.The user state interface uses MFC framework and has better man-machine interaction.The system is developed in the Windows 10 environment.Kernel driver in the kernel state has strong portability.It can run on different platforms according to different compilations.The whole system has completed the capture of all packets passing through the local network card,analysis and display,traffic monitoring and intercepted the disabled IP and configured the disabled IP and stored them to database.After testing,the system can achieve the expected goals,effectively protect the network security of PC.