Design and Implementation of LAN-Sensitive Information Interception and Analysis System

Abstract

The LAN usually hides internal network structure by NAT to share a public IP address in the internal network, and thus it is hard to locate the source host precisely distributing sensitive information for a large-scale information monitoring system by analyzing the intercepted packets. So it is hard to fulfill monitoring work efficiently. This paper puts forward a scheme to intercept and analyze the sensitive information in the LAN environment. It studies the ARP spoofing principle and the sniffer technology based on WINPCAP. The scheme includes 7 modules named NIC capture module, packet filtering module and so on. And it achieves sensitive information filtering and matching by the configured rules, such as "keywords", "URL", "QQ number" and so on. The scheme provides a solution for tracking the source host leaking sensitive information within the LAN.