Design and Implementation of LAN-sensitive Information Interception and Analysis System
The LAN usually hides internal network structure by NAT to share a public IP address in the internal network,and thus it is hard to locate the source host precisely distributing sensitive information for a large-scale information monitoring system by analyzing the intercepted packets.So it is hard to fulfill monitoring work efficiently.This paper puts forward a scheme to intercept and analyze the sensitive information in the LAN environment.It studies the ARP spoofing principle and the sniffer technology based on WINPCAP.The scheme includes 7 modules named NIC capture module,packet filtering module and so on.And it achieves sensitive information filtering and matching by the configured rules,such as keywords URL QQ number and so on.The scheme provides a solution for tracking the source host leaking sensitive information within the LAN.
Network Security Monitor Protocol Analysis ARP Spoof WinPcap TCP/IP
Lin Shaofeng Sun Weifeng Fan Linna Wang Hua
Department of Information Safety Xi'an Communications Institute Xi'an China, 710106 Xi'an Interception center of The state administration of radio film television Xi'an China, 710101
国际会议
太原
英文
785-787
2013-04-06(万方平台首次上网日期,不代表论文的发表时间)