Study, Implementation And Application Of Application-Layer Based Network Monitor & Control System

The prosperous development of the Internet brings more and more impact to our life, work and study, giving great convenience to us. But at the same time, it also raises many issues: the hackers furiously intrude many kinds of hosts; more and more kinds of viruses spread and bring great harm; illegal information violating the laws and the standpoint of the Party and the government can be seen everywhere. Most of current network minitor systems are based on network layer and transport layer, so it's unable to detect and control illegal information carried in application layer. It's important to study and develop application layer based network monitor and control system.Firstly, in this paper, after comprehensively understanding of TCP/IP protocol some technologies, methods and algorithms of developing application layer based network monitor and control system are discussed. These include: the methods of how to collect network data, including the parallel method and cascade method working at data link layer, WinSock replacing method and WinSock functions replacing method working at transport layer; each protocol layer resolusion or recovery techniques, including data recovery from link layer to network layer, from network layer to transport layer, transport layer to application layer; the methods of how to control network communication with each kind of network data collecting method, and so on.Then, some key issues for development are addressed, including how to select develop processes and develop tools, how to design software architecture, how to design software interface, how to select high efficient algorithm. Based on these techniques and principles the parallel network monitor and control function library Netlnfo and cascade network monitor and control function library NetlnfoTb are developed.Using NetlnfoTb, a standpoint judging network and monitor system implemented. The greatest features are standpoint judging and control capability, including check the standpoint of the texts that transferred in application layer; if a text violates the standpoint of the Party and the government, the system can carry out many kinds of actions such as save, warn, display, audit, block, replace according to the policy that can be configured by users. In addition, the system can control network communication according to information ofapplication layer such as URL, From, To, information of transport layer such as source IP address, source port, destination IP address and destination port of TCP connections.