WFilter Inside Technologies

From WFilter Documents and Tutorials
Jump to: navigation, search


1 What is WFilter?

WFilter is an internet monitoring and filtering software program that can help organizations to monitor and manage employees Internet behaviors in their networks. WFilter is available as a standalone product for Microsoft Windows, while it can also work with Microsoft ISA Server with full compatibility.

WFilter is a sniffer. All functions are based on network packets analysing. The main technologies of WFilter are the "Passby Filtering Technology" and the "Protocol Identify Technology". WFilter uses "Protocol Identify Technology" to recognise network applications and protocols, and uses "Passby Filtering Technology" to block unauthorized traffic.

1.1 Protocol Identify Technology

"Protocol Identify" depends on network traffic analysing. WFilter does not indentify a protocol by ip address or port, but by digital signature matching. WFilter has a protocol signature database which is maintained by IMFirewall Software R&D team. When a new connection comes, WFilter will try to search the protocol database to get the protocol name. And common protocols even can be completedly parsed to get the content on transfering. To see a list of protocols supported by WFilter, please check the Protocols Supported by WFilter.

1.2 Passby Filtering Technology

In "pass-by mode", WFilter uses "Passby Filtering Technology" to block Internet connections. A TCP connection can easily be destroyed by some fake packets. When unauthorized connections are detected, WFilter will send 1-2 packets to kill these tcp connections. That is called "Passby Filtering".

Benefits of using "Passby Filtering":

  • If the Monitoring/Filtering machine goes down, the Internet connection stays alive.
  • The computer can be taken down with no adverse affect on the network Internet connection, except that there's no monitoring or blocking.
  • Does not hold Internet-bound packets, so it does not delay connection to Internet website.
  • Eliminates unnecessary Internet requests, improving network performance.

The disadvantage of "Passby Filtering" is that it can not block UDP traffic, nor shaping bandwidth. To block udp traffic, you need to block certain ports in your router/firewall.

If you want a "pass-through filtering" solution to allocate and shape bandwidth, please check our WFilter NGF.

1.3 Links

Personal tools