摘要： 针对目前一般的网络行为审计软件都没有MSN文件传输的记录模块的状况，该文根据MSN网络传输协议，通过在网络上抓包对用户聊天内容，对传输的文件进行侦听。应用特有的文件重组算法，通过计算网络数据包的ACK值和SEQ值，对其进行过滤、排序、重组和写入，最后还原出原用户传输的文件等工作，设计与实现了基于MSN协议的网络行为审计系统。该系统可以应用到即时通信、HTTP文件传输和邮件传输等方面。

关键词: 网络审计, MSN协议, 文件重组算法, ACK值, SEQ值

Abstract: Since most network behavior audit software can not record the files sent through MSN, a new network behavior audit system is presented which can intercept instant messages and files sent by MSN users. As MSN file packets are captured, the ACK number and SEQ number are analyzed. Then, the packets are put in order and reassembled to recover the original file. This system can be applied to other network transmission protocol such as HTTP and mail delivery.

Key words: network audit, MSN protocol, file reassembly algorithm, ACK number, SEQ number

中图分类号: 

• TP393