The Research Of Bypass Network Behavior Monitoring System

In recent years,with the rapid development of network technology,the Internet has become an indispensable part in our study,work,and living.The works of university teachers,learning and entertainment of students can not be separated from the Internet.The Internet to advocate free and open to the people in work and life,at the same time convenient to all kinds of bad information a breeding ground.How to achieve an effective monitoring system of network behavior to ensure that colleges and universities the healthy development of the network environment has become an important topic at present.This paper does research on the network behavior bypass monitoring system.Main tasks are following:①This paper analyzes a variety of packet capture technologies on Windows operating system;It draws a comparison on several packet capture technologies;It briefly introduces NDIS drivers;It studies more deeply on the working principles and developing technologies on the NDIS intermediate driver layer.②This paper introduces the basic principle of protocol analysis technology and protocol stack hierarchies;It analyzes the situation of data going through the protocol stack when they are sent or received;It studies respectively serial and parallel processing model of working mechanisms.③In this paper,session hijacking technology basing on the TCP session connection is introduced;The TCP connecting establishment and abnormal termination is described;A more detailed discussion of calculation methods of the IP datagram packets checksum and TCP packets checksum,the realization of the corresponding algorithm is given;The measure of calculating TCP sequence number is discussed thoroughly,and the formula is deduced through experiments;three kinds of possible scheme of blocking TCP data transmission are brought forward and analyzed,finally a feasible one is worked out.④This paper introduces the technology of session hijacking to network behavior bypass monitoring system,It completes a network behavior bypass monitoring system through writing a program working on NDIS intermediate driver layer and user-level process;It takes a test to the realization of system,test results show that the system can more successful in blocking access to illegal websites TCP connection,monitoring network behavior bypass.