Design And Implementation Of Personal Firewall Based On Packet Capture

Because the Internet flies to develop and the network applied universality, the computer network has already become the part of people living, but the network safe affairs also increasing continuously. In network safe solutions, based and collocateor firewall are a very valid methods.However the firewall product of market is enterprise class gateway much at present, mainly resovle the safe problem that enterprise inner part and internet,but neglected the threat form internal.Aim at this kind of thing, this text designs and part carried out personal firewall software of Windows operate system, it can carry on surveillance to the data pack which delivers personal calculator and the network, set in advance of rule to judge whether let the data pack pass, resolve the safe problem faced by personal customer.This text was study total structure and excellence of layering structure, analyzing the mechanism of application layer and core layer,Overcome the single layer weakness for filtering, Adopt the technique of NDIS HOOK and WinSock 2 SPI at application layer and core layer up carry on a network data, NDIS's driving the work principle that the procedure intercepts and seizes a network data to wrap is the memory which hangs a function document after adding to carry operate system to reflect the base address of elephant, carry out to the TCP/IP of send out and receive function to hang an operation, intercept and seize all to wrap thoroughly,raised the safe function of system.The system adopts a mold piece software design thought during design system,From total can divide to three mold pieces:The interface design an upper application program,the kernel layer design drives program,the user layer design DLL program,designed to provide of connect,detailed design the structure which controls rule and daily record document, end carry out use control rule to apply program, net neighbor and ICMP(PING) to filter, daily record and search, packet real time watch on and system setting etc. function, combine carried on function test and properties test, system can relatively stabilizeand run with accuracy and did a further outlook to the work of aftertime.