Design And Realization Of Enterprise LAN Monitor Software

In recent years, with the enterprise information continues to accelerate the pace of construction, the sharp increase in the number of computers, enterprise network maintenance costs is growing. In particular, after the popularity of the Internet, but also poses some new problems, such as the recent epidemic of malicious software, BT download the tools and so on, to the enterprise network management has brought new burdens. Although in these areas, many firewall products have a certain solution, but basically are based on stand-alone mode, and rarely use centralized management model, so that although a certain extent, solve the problem, but did not reduce the maintenance of workload.This study design should be able to focus directly on the management of a software system to make it a one-time installation, can automatically update the MAC address database, automatic monitoring of ARP traffic for each MAC to monitor network traffic and other functions. Enterprise network management platform focused on this set, which will greatly reduce the burden of network management staff.This article focuses on analysis and research functions of the core of the firewall - Windows network packet filtering technology, to achieve the interception of the underlying protocol data packets; the use of Windows, DDK development kit can be relatively easy to achieve-driven development. In addition, detailed analysis of the ARP protocol spoofing the principle that only a clear period of cheating commonly known means and principles of its implementation can be targeted to resolve this problem.Specific works of this article are as follows:1. Introduce the development background, the research significance and full study of the specific work arrangements;2. In the analysis, research B / S and C / S model respective strengths and weaknesses based on the actual situation of this request, determine the use of C / S model as a software architecture model;3. Research Windows operating to achieve key technical network data packet filtering to determine the use of the middle layer of filtering technology, and describes the middle layer-driven implementation process;A brief introduction in the Windows operating system for network packet filtering technology means. NDIS Intermediate driver using the method and describes use it to develop network-driven implementation of methods and processes, and specifically describes the middle layer we have adopted the working principle of driving as well as the development process.4. To determine the specific client application functionality to be achieved and the specific implementation methods;Around the client application functionality to be achieved by a detailed study of the Windows Web development techniques, application layer and driver layer communication technologies, the process of binding MAC address and related technology to protect the method, the client application, the main features implemented are as follows:The network and manage client communications;With the driver layer I / O communications, to collect network information;From the management side to read MAC address information, to bind;Implementation process, protection against malicious end, out of the management.To achieve the client start automatically.5. In the study of the client's implementation method based on the design and implementation of management-side applications, it has the following functions:Maintain real-time communications with the client to gather client communications information;Provision of the relevant parameters, and passed to the client;Set the bind IP and MAC address and passed to the client.Management-side program interfaces.6. Write client-side software, simulation tests carried out a post-test. Describes the commonly used testing methods and a variety of methods to address the problems, develop a detailed testing program; because of a network application, difficult to test for the application of this simulation has developed a test program, 11 did a functional test, system test, functional and stress tests, etc.; as to the actual data validation, the system pass the tests.Innovations of this article are to achieve centralized management of network firewalls. Many related products previously only achieved a concentration of updates and no real centralized management capabilities, we will end all of the settings in the management of complete operation of the client can view real-time service to the client, the client completely controlled by the service management side. Enterprise computer to increase the number of acute poly-business management has become a burden, and only achieved a centralized management can be reduced to a minimum to maintain.The main difficulty lies in this network of drivers and driver development, and application layer communication, this is the core technology of this article, in particular, driving demand for operational efficiency is very high, since all the data flowing through the network card will have been driven middle-tier, middle tier Drive a direct impact on the efficiency of the entire operating system, all the network application layer program response time, so the efficiency of the paper even more than the realized functions. In addition, the network application is the most difficult test. Because the network is difficult to truly simulate the situation out, while Web applications are not allowed to interrupt a long time, and once the data packets over the response time will be automatically disconnected. The drive is working in Ring0 level, the event of a memory leak; it would cause the collapse of the system, so testing is particularly important. We have developed a simple simulation of client application software used to simulate a client to run tests to achieve, but also achieved a stress test.To make this work more practical, we have done a lot of work, regardless of from the engineering research in the functional design, put in the massive energy. During the design phase done a lot of research and learned what enterprise network management needs of utility functions, what problems to solve; to achieve centralized management of the network, traffic real-time statistical and other functions. Largely resolved the issue of BT software, speed limits, the maximum reduction in the ARP to deceive the impact on the local area network, the ultimate goal is to reduce the workload of the administrator to maintain.This work are very practical, it has a strong centralized management and real-time characteristics of its operation, the more efficient use of the underlying implementation technology-driven development, etc., to achieve the underlying packet interception.