    Security Monitoring Project mode, in general, are around the following four ways to run: Here we are coming to you about the operational characteristics of this in four ways:


    1.Gateway mode: the principle is the other computer as the gateway (set being supervised computer default gateway point to this machine), respectively, can be used as a single card and dual card even more card, the original PROXY mode currently basically eliminated generally no longer using the most commonly used is the NAT store and forward; simple way a bit like a router work; control strong, but because of the way store and forward function somewhat lost; nothing more than efficiency better; defects if the gateway is dead, the whole network was paralyzed;


    2. Bridge mode: the principle of dual-card made of a transparent bridge, the bridge is in layer 2, so it can be simple to understand as the bridge for a network cable, so the function is almost no loss; of WINPCAP itself does not support this mode; this mode can be said is the best, even if the bridge is broken, as long as the simplicity to be a jumper on it, the bridge is transparent to the network cable can be seen, even if the bridge is broken can be understood as a network cable bad-for-one; to support the multi-VLAN, wireless, 1000 M Wan M, as well as VPN, more exports and so almost all of the network, the reason is very simple, transparent bridge that is understood as it is a cable;


    3. the bypass mode: the principle is to use the ARP technology to create a virtual gateway, only suitable for small networks, and the environment can not be restricted bypass mode; restriction or supervision of the routing or firewall installed on your computer ARP firewall will lead can not be bypass success, because your side is prohibited bypass while it is being bypassed, so self-contradictory; at the same time, such as within the network at the same time bypass will lead to confusion and intermittent network; but as long as the premise of the approach is the most simple to deploy and facilitate the installation settings;


    4. Observers mode: Principles bypass monitoring, and machine listening as the edge of the phone of two people, so the efficiency is very low, the model requires a shared hub or switch mirror; but such old-fashioned shared HUB will affect the network export function; such as the use of the mirror mode, on the one hand, the need to invest to support two-way mirror switch equipment, the other hand, the need for professional people to set the mirror switch, some switches in the blocking process will cause the switch to obstruction or reduce network function; fundamental topic is the very function lost; observers Patterns for defects resulting in UDP blocking can not be perfect realization also severe loss of network bandwidth, while not like traffic restrictions and other benign multifunctional; In general, the loss of at least 40% the network function; WINPCAP is the mode, precisely because of this predicament regardless of function function simply determines the generated defects.

