E-mail monitoring system for LAN

Others 2019-06-11 19:56:28 views: null

E-mail monitoring system for LAN

When monitor e-mail, the design has four modes: monitor SMTP and POP3 protocols E-mail; listening SMTP protocol E-mail; POP3 protocol monitor the E-mail; monitor all network traffic.

Program Structure 2.1 system

According to the first monitor, capture network packets, and then analyze the work flow process. System program from bottom to top drive is winPcap, Win32 console program, the GUI graphical user interface, the structure as shown in FIG. Win32 console program which is the core of the system program.

FIG 3 system program structure

2.2 Win32 console program

Win32 console includes five sections, a procedure is Base64.exe BASE64 encoding / decoder; dev.exe detector is a network interface, a network interface detection device name and description; the sn.exe is listening / trapping / filter; listip .exe IP address is listed in the captured packets; pickmail.exe sn.exe of the extracted packet is analyzed, according to SMTP and PoP3 output respectively. The core program is a console program sn.exe. This program has two functions, one is listening and network packet capture of a network interface device and transfers for the specified file. The second is to extract all packets from certain IP packets captured and stored as a file. Use pcap.h header files WinPcap development kit in implementation. The main functions used are pcap_open, pcap_compile, pcap_ sedilter, pcap_Next_ex, pcap_dump. It is the core program captures network packets.

Since the drive is working in WinPcap NDIS layer, it is possible to ensure that the original data capture data link layer, the header information including Ethernet header, the IP header, TCP header, and other protocols. We can derive the MAC address, IP address, etc., and then do further analysis based on that information.

sn.exe to a network device on a computer monitor as an object (capture), you can filter the packets (ie Dump file) that has been captured (or "screening"). That is, we can filter out the information you need from the Dump file. One thing should be noted that although sn.exe filtering parameters can be set, but this time the filter means "screening" is not blocking the filter. pcap_open declared in the header file pcap.h WinPeap development package in, pcap_next_ex and pcap_dmup function to achieve about opening the network device interface, packet capture and Dump file to function. pcap_com_pile and pcap_sedilte implement filtering functions.

WinPcap packet-based network using the library functions can capture the data link layer. However, when the network packet Dump, Win-Pcap library functions in front of each packet of information plus his header information. The header information includes three elements, a total of 16 bytes (each byte 8bit): the length of the time stamp packet capture, capture the length of the packet.

(1) the timestamp

Timestamp accounting for 8 bytes, a total of 64bit. The first four bytes of the entire time is counted from January 1, 1970 at 0:00, the (timing UNIX-like systems) in seconds. After a four-byte smaller time unit.

Length (2) of the Capture

It occupies 4 bytes captured length (co 32bit). After the time stamp indicates the length of the captured. Captured packet length is not always equal to the original length, because there is a possibility that the capture is complete before the capture stopped.

Length (3) packets

The length of the packet occupies four bytes (co 32bit). It represents the original length of the packet.

3 Conclusion

The system is based on WinPcap 3.1 beta4 development. The main function is to monitor network traffic in a shared Ethernet, information extracted from the original e-mail and transfers for files. Can be used in small-scale shared Ethernet monitoring e-mail, to ensure that the situation at the time that no leakage monitor network packets occur. There are certain applications in small and medium enterprises, community organizations, individuals and other security related fields.

Its current function is to monitor, not blocking network traffic. On this basis, can further improve its functions, such as real-time analysis of data packet processing e-mail, user rights management, based on the captured information to identify the client, other types of network packet processing.

Guess you like

Origin blog.csdn.net/qq_44892098/article/details/91360471
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com