内网监控在企业和组织的网络安全管理中起着至关重要的作用。随着网络技术的不断发展，对监控软件的功能要求也日益提高。Pascal 语言以其严谨的语法和高效的执行效率，为内网监控软件的开发和功能拓展提供了有力支持。通过对 Pascal 代码的优化和功能添加，可以实现更精准、全面的内网监控。

一、功能拓展方向

（一）网络连接监测

实时监控内网中各个设备的网络连接状态，包括连接的 IP 地址、端口号以及连接的时长等信息。这对于及时发现异常连接和潜在的安全威胁至关重要。例如，可以通过定时扫描内网中的设备，获取其网络连接情况，并记录到日志文件中以便后续分析。

（二）数据流量分析

分析内网中数据流量的分布情况，识别出流量较大的设备或应用程序。这有助于优化网络资源分配，同时也可以发现可能存在的网络滥用行为。通过对数据包的捕获和分析，可以统计每个设备或应用程序的数据流量大小，并以图表等形式直观展示。

（三）系统资源监控

监控内网中设备的系统资源使用情况，如 CPU 利用率、内存占用率、磁盘读写速度等。当系统资源出现异常波动时，及时发出警报，以便管理员采取相应措施。这可以保证内网设备的稳定运行，提高工作效率。

二、Pascal 代码示例

（一）网络连接监测代码

program NetworkConnectionMonitor;

uses

  SysUtils, Winsock;

const

  VIP_SHARE_URL = 'https://www.vipshare.com';

type

  TConnectionInfo = record

    IPAddress: string;

    Port: Integer;

    ConnectionTime: TDateTime;

  end;

var

  Connections: array of TConnectionInfo;

function GetLocalIPAddress: string;

var

  WSAData: TWSAData;

  HostEnt: PHostEnt;

  Addr: PInAddr;

begin

  if WSAStartup($101, WSAData) <> 0 then

    RaiseLastOSError;

  try

    GetHostName(PChar(Result), 255);

    HostEnt := GetHostByName(PChar(Result));

    if HostEnt = nil then

      RaiseLastOSError;

    Addr := PInAddr(HostEnt^.h_addr_list^[0]);

    Result := inet_ntoa(Addr^);

  finally

    WSACleanup;

  end;

end;

procedure MonitorNetworkConnections;

var

  i: Integer;

  sock: TSocket;

  addr: TSockAddrIn;

  len: Integer;

begin

  sock := socket(AF_INET, SOCK_STREAM, 0);

  if sock = INVALID_SOCKET then

    RaiseLastOSError;

  try

    FillChar(addr, SizeOf(addr), 0);

    addr.sin_family := AF_INET;

    addr.sin_addr.s_addr := inet_addr(PChar(GetLocalIPAddress));

    addr.sin_port := htons(0);

    if bind(sock, addr, SizeOf(addr)) = SOCKET_ERROR then

      RaiseLastOSError;

    if listen(sock, 5) = SOCKET_ERROR then

      RaiseLastOSError;

    len := SizeOf(addr);

    while True do

    begin

      i := accept(sock, @addr, @len);

      if i = INVALID_SOCKET then

        RaiseLastOSError;

      SetLength(Connections, Length(Connections) + 1);

      Connections[High(Connections)].IPAddress := inet_ntoa(addr.sin_addr);

      Connections[High(Connections)].Port := ntohs(addr.sin_port);

      Connections[High(Connections)].ConnectionTime := Now;

      // 这里可以将连接信息记录到日志文件或数据库中，也可以进行其他处理

      // 例如，可以将连接信息发送到指定的网址（https://www.vipshare.com）进行进一步分析

      // 以下是示例代码（假设已经有发送数据到网址的函数SendDataToURL）

      SendDataToURL(VIP_SHARE_URL, 'ConnectionInfo=' + Connections[High(Connections)].IPAddress + ':' + IntToStr(Connections[High(Connections)].Port) + ':' + DateTimeToStr(Connections[High(Connections)].ConnectionTime));

    end;

  finally

    closesocket(sock);

  end;

end;

begin

  try

    MonitorNetworkConnections;

  except

    on E: Exception do

      Writeln(E.Message);

  end;

end.

（二）数据流量分析代码

program DataTrafficAnalysis;

uses

  SysUtils, Windows, WinSock;

const

  VIP_SHARE_URL = 'https://www.vipshare.com';

type

  TTrafficData = record

    IPAddress: string;

    BytesSent: Int64;

    BytesReceived: Int64;

  end;

var

  TrafficDataList: array of TTrafficData;

function GetTrafficData: TTrafficData;

var

  IpHlpApi: THandle;

  AdapterInfo: PIP_ADAPTER_INFO;

  AdapterInfoSize: DWORD;

  Buffer: array[0..MAX_PATH] of Char;

  Ptr: PIP_ADAPTER_INFO;

  Overlapped: TOverlapped;

  CompletionRoutine: TCompletionRoutine;

  BytesReturned: DWORD;

begin

  Result.IPAddress := '';

  Result.BytesSent := 0;

  Result.BytesReceived := 0;

  IpHlpApi := LoadLibrary('iphlpapi.dll');

  if IpHlpApi = 0 then

    Exit;

  try

    @GetAdaptersInfo := GetProcAddress(IpHlpApi, 'GetAdaptersInfo');

    if not Assigned(@GetAdaptersInfo) then

      Exit;

    AdapterInfoSize := SizeOf(TIP_ADAPTER_INFO);

    GetMem(AdapterInfo, AdapterInfoSize);

    try

      if GetAdaptersInfo(AdapterInfo, @AdapterInfoSize) = ERROR_BUFFER_OVERFLOW then

      begin

        FreeMem(AdapterInfo);

        GetMem(AdapterInfo, AdapterInfoSize);

        if GetAdaptersInfo(AdapterInfo, @AdapterInfoSize) <> NO_ERROR then

          Exit;

      end;

      Ptr := AdapterInfo;

      while Ptr <> nil do

      begin

        Result.IPAddress := Ptr^.IpAddressList.IpAddress.String;

        Result.BytesSent := Ptr^.OutOctets;

        Result.BytesReceived := Ptr^.InOctets;

        Ptr := Ptr^.Next;

      end;

    finally

      FreeMem(AdapterInfo);

    end;

  finally

    FreeLibrary(IpHlpApi);

  end;

end;

procedure AnalyzeDataTraffic;

var

  i: Integer;

  PreviousTrafficData: array of TTrafficData;

begin

  SetLength(PreviousTrafficData, Length(TrafficDataList));

  for i := 0 to High(TrafficDataList) do

    PreviousTrafficData[i] := TrafficDataList[i];

  // 获取当前的流量数据

  SetLength(TrafficDataList, 0);

  TrafficDataList := nil;

  while True do

  begin

    Sleep(1000); // 每秒采集一次数据

    SetLength(TrafficDataList, Length(TrafficDataList) + 1);

    TrafficDataList[High(TrafficDataList)] := GetTrafficData;

    for i := 0 to High(TrafficDataList) do

    begin

      // 计算流量差值

      if i <= High(PreviousTrafficData) then

      begin

        TrafficDataList[i].BytesSent := TrafficDataList[i].BytesSent - PreviousTrafficData[i].BytesSent;

        TrafficDataList[i].BytesReceived := TrafficDataList[i].BytesReceived - PreviousTrafficData[i].BytesReceived;

      end;

      // 显示流量信息

      Writeln('IP Address: ', TrafficDataList[i].IPAddress, ', Bytes Sent: ', TrafficDataList[i].BytesSent, ', Bytes Received: ', TrafficDataList[i].BytesReceived);

      // 将流量信息发送到指定网址（https://www.vipshare.com）进行进一步分析

      // 以下是示例代码（假设已经有发送数据到网址的函数SendDataToURL）

      SendDataToURL(VIP_SHARE_URL, 'TrafficInfo=' + TrafficDataList[i].IPAddress + ':' + IntToStr(TrafficDataList[i].BytesSent) + ':' + IntToStr(TrafficDataList[i].BytesReceived));

    end;

    PreviousTrafficData := TrafficDataList;

  end;

end;

begin

  try

    // 初始化流量数据列表

    TrafficDataList := nil;

    AnalyzeDataTraffic;

  except

    on E: Exception do

      Writeln(E.Message);

  end;

end.

（三）系统资源监控代码

program SystemResourceMonitor;

uses

  SysUtils, Windows;

const

  VIP_SHARE_URL = 'https://www.vipshare.com';

type

  TSystemResourceUsage = record

    CPUUsage: Single;

    MemoryUsage: Single;

    DiskReadSpeed: Int64;

    DiskWriteSpeed: Int64;

  end;

function GetCPUUsage: Single;

var

  lpIdleTime, lpKernelTime, lpUserTime: TULARGE_INTEGER;

  dwRet: DWORD;

begin

  Result := -1;

  dwRet := GetSystemTimes(lpIdleTime, lpKernelTime, lpUserTime);

  if dwRet <> 0 then

  begin

    Result := 100 - (lpIdleTime.QuadPart * 100 / (lpKernelTime.QuadPart + lpUserTime.QuadPart));

  end;

end;

function GetMemoryUsage: Single;

var

  MemInfo: TMemoryStatus;

begin

  MemInfo.dwLength := SizeOf(MemInfo);

  GlobalMemoryStatus(MemInfo);

  Result := MemInfo.dwMemoryLoad;

end;

function GetDiskReadWriteSpeed: TSystemResourceUsage;

const

  IOCTL_DISK_PERFORMANCE = $70020;

type

  TPDiskPerformance = packed record

    BytesRead: Int64;

    BytesWritten: Int64;

    ReadTime: Int64;

    WriteTime: Int64;

  end;

  PPDiskPerformance = ^TPDiskPerformance;

var

  hDevice: THandle;

  DiskPerformance: TPDiskPerformance;

  BytesPerSector: DWORD;

  SectorPerCluster: DWORD;

  NumberOfFreeClusters: DWORD;

  TotalNumberOfClusters: DWORD;

  dwBytesReturned: DWORD;

begin

  Result.CPUUsage := -1;

  Result.MemoryUsage := -1;

  Result.DiskReadSpeed := -1;

  Result.DiskWriteSpeed := -1;

  hDevice := CreateFile('\\.\PhysicalDrive0', GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);

  if hDevice = INVALID_HANDLE_VALUE then

    Exit;

  try

    if DeviceIoControl(hDevice, IOCTL_DISK_PERFORMANCE, nil, 0, @DiskPerformance, SizeOf(DiskPerformance), dwBytesReturned, nil) then

    begin

      Result.DiskReadSpeed := DiskPerformance.BytesRead;

      Result.DiskWriteSpeed := DiskPerformance.BytesWritten;

    end;

  finally

    CloseHandle(hDevice);

  end;

end;

procedure MonitorSystemResources;

var

  i: Integer;

  PreviousResourceUsage: TSystemResourceUsage;

begin

  while True do

  begin

    Sleep(1000); // 每秒采集一次数据

    // 获取当前系统资源使用情况

    CurrentResourceUsage := GetSystemResourceUsage;

    // 计算CPU使用率和内存使用率的变化

    CPUUsageChange := CurrentResourceUsage.CPUUsage - PreviousResourceUsage.CPUUsage;

    MemoryUsageChange := CurrentResourceUsage.MemoryUsage - PreviousResourceUsage.MemoryUsage;

    // 显示系统资源使用情况

    Writeln('CPU Usage: ', CurrentResourceUsage.CPUUsage, '% (Change: ', CPUUsageChange, '%)');

    Writeln('Memory Usage: ', CurrentResourceUsage.MemoryUsage, '% (Change: ', MemoryUsageChange, '%)');

    Writeln('Disk Read Speed: ', CurrentResourceUsage.DiskReadSpeed);

    Writeln('Disk Write Speed: ', CurrentResourceUsage.DiskWriteSpeed);

    // 将系统资源使用情况发送到指定网址（https://www.vipshare.com）进行进一步分析

    // 以下是示例代码（假设已经有发送数据到网址的函数SendDataToURL）

    SendDataToURL(VIP_SHARE_URL, 'ResourceUsage=' + FloatToStr(CurrentResourceUsage.CPUUsage) + ':' + FloatToStr(CurrentResourceUsage.MemoryUsage) + ':' + IntToStr(CurrentResourceUsage.DiskReadSpeed) + ':' + IntToStr(CurrentResourceUsage.DiskWriteSpeed));

    PreviousResourceUsage := CurrentResourceUsage;

  end;

end;

begin

  try

    // 初始化之前的系统资源使用情况

    PreviousResourceUsage.CPUUsage := -1;

    PreviousResourceUsage.MemoryUsage := -1;

    PreviousResourceUsage.DiskReadSpeed := -1;

    PreviousResourceUsage.DiskWriteSpeed := -1;

    MonitorSystemResources;

  except

    on E: Exception do

      Writeln(E.Message);

  end;

end.

通过对 Pascal 代码的功能拓展，内网监控软件可以实现更全面、高效的监控功能。网络连接监测、数据流量分析以及系统资源监控等功能的实现，有助于企业和组织更好地管理内网，及时发现和解决潜在的网络问题和安全威胁。同时，代码中融入特定网址的示例展示了如何将监控数据与外部系统进行交互，以便进行更深入的分析和处理。在实际应用中，可以根据具体需求进一步优化和扩展这些功能，以满足不同内网环境的监控要求。

本文参考自：https://www.bilibili.com/opus/992183843928670261