CN102394786A - Hand-held network protocol and threat analyzer - Google Patents
Hand-held network protocol and threat analyzer Download PDFInfo
- Publication number
- CN102394786A CN102394786A CN2011104162054A CN201110416205A CN102394786A CN 102394786 A CN102394786 A CN 102394786A CN 2011104162054 A CN2011104162054 A CN 2011104162054A CN 201110416205 A CN201110416205 A CN 201110416205A CN 102394786 A CN102394786 A CN 102394786A
- Authority
- CN
- China
- Prior art keywords
- packet
- network
- module
- hand
- analyzer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a hand-held network protocol and threat analyzer. The analyzer is characterized in that: the analyzer comprises: a box body, a display screen, a small keyboard, a port, a power supply and a mainboard; the display screen, the small keyboard, the port, the power supply and the mainboard are installed relied on the box body; the port is used to connect with an Ethernet to be checked; the display screen is used to display input data and detected result information; the small keyboard is used for manually inputting various kinds of the data; the mainboard comprises: a system module, a data packet capture module and an information analysis module. The invention provides a hand-held network analyzer for a network administrator. The analyzer can analyze rapidly the data packet of the network, the used protocol and flow used by each machine and can monitor APR attack information. By using the analyzer, network maintenance time expenditure can be saved. Costs are low and lots of the analyzer can be developed.
Description
Technical field
The present invention relates in Ethernet, detect the packet information in the network, the location technology of the analysis of agreement and ARP attack source.
Background technology
Current information technology is widely used, and various demands of applications are to the dependence of information network simultaneously, and real-time requires increasingly high.So to the robustness of network, real-time, fail safe is also increasingly high.Employed network application is numerous in each local area network (LAN) at present, and Cyberthreat also day by day increases.The network equipment of present various LANs is made up of the different classes of router of various models, switch and hub basically.And this kind equipment only can provide the simple network information at present.To the analysis of agreement, the monitoring of network traffics is also simple inadequately and directly perceived, and does not provide the information (attacking like the ARP in the network) of some necessary Cyberthreats.And present network manager lacks the procotol in a kind of ability extensive analysis Ethernet, network traffics, the instrument of Cyberthreat.Particularly in case of emergency, if adopt traditional mode of inquiry log from switch or router to come phase-split network information then need the labor time, and the result who obtains is not directly perceived.And because the various network keeper to the difference of the understanding and recoganization of the network information, may obtain wrong answer.This product is exactly for the network manager variety of protocol in a kind of timely phase-split network, the instrument of network traffics and Cyberthreat to be provided.
Summary of the invention
Technical problem to be solved by this invention is for the network manager provides a kind of procotol and threat analysis instrument, so as employed procotol in network manager's understanding in time and the analysis local area network (LAN), the situation of flow and Cyberthreat.
For solving the problems of the technologies described above, the present invention provides a kind of procotol and threat analysis appearance of hand-hold type, it is characterized in that, comprises box body, display screen, miniature keyboard, network interface, power supply, mainboard;
Said display screen, miniature keyboard, network interface, power supply and mainboard rely on said box body to install,
Said network interface is used for being connected with the Ethernet that will check; Said display screen is used to show the input data and shows the object information that detects; Said miniature keyboard is used for the various data of artificial input, and said mainboard comprises system module, packet packet capturing module and information analysis module;
Said system module is used for installing operating system, for packet packet capturing module and information analysis module provide basic-level support;
Said packet packet capturing module is used for collection network bag from the network;
Said information analysis module is used for said collection network bag is unpacked analysis, and the analysis result of customization is shown on the said display screen.
Said information analysis module unpacks the analysis content to said collection network bag and comprises: the source MAC of each packet, target MAC (Media Access Control) address, source IP address, purpose IP address, institute's use agreement and packet size.
The analysis result of said customization comprises:
Arrangement according to source IP address counts the IP address list of data packet number greater than certain threshold value;
Arrangement according to source MAC counts the MAC Address tabulation of data packet number greater than certain threshold value;
Press variety of protocol classifiction statistics bag, and from how to arrange to few;
Add up all IP and the corresponding relation of MAC Address.
The analysis result of said customization also comprises: statistics has the IP and the MAC Address of multiple corresponding relation, and wherein classifies the quantity of sending the ARP protocol package as illegal ARP information greater than the IP or the MAC Address of certain threshold value.
The operating system of said system module is linux operating system.
Said packet packet capturing module is a tcpdump packet packet capturing module.
Beneficial effect:
The present invention can provide the network manager a kind of hand-hold type network analyzer, and the enough rapid analyses of this analyzer go out output packet, institute's use agreement and every flow that machine uses, and monitoring APR attacks information.The present invention saves the spending of network operation time, and is with low cost, convenient deployment in a large number.
Description of drawings
Below in conjunction with accompanying drawing and embodiment technical scheme of the present invention is further specified.
Fig. 1 is a surface structure sketch map of the present invention.
Fig. 2 is the work sketch map of mainboard of the present invention.
Fig. 3 is workflow states figure of the present invention.
Embodiment
As shown in Figure 1, the procotol of hand-hold type of the present invention and threat analysis appearance, the visible box body 1 of outward appearance, display screen 3, miniature keyboard 4, RJ45 network interface 2, power supply, mainboard are installed in the box body; RJ45 network interface 2 is connected with the Ethernet that will check, and display screen 2 shows input data and the object information that shows detection, and miniature keyboard 3 is used for the various data of artificial input, and power supply adopts rechargeable cell.
As shown in Figure 2, mainboard 11 comprises system module 5, packet packet capturing module 6 and information analysis module 7.Linux operating system is installed, for packet packet capturing module 6 and information analysis module 7 provide basic-level support on the system module 5; Packet packet capturing module 6 connects switches 8 through netting twine 10, collection network bag from the network, and switch 8 connects routers 9 through netting twine 10.7 pairs of collection network bags of information analysis module unpack analysis.
The mode of operation of packet packet capturing module 6 is divided into main frame type analysis pattern and two kinds of patterns of network-type analytical model.
1. main frame type analysis pattern
Main frame type analysis pattern is selected in hand-hold type analyzer start back, and imports IP available address in this local area network (LAN), couples together through the RJ45 mouth of twisted-pair feeder handheld formula analyzer and switch in the network that will check then.At this moment the packet in the network that is obtained is collected and analyzed to the hand-hold type analyzer through being modeled to a main frame.
2. network-type analytical model
The network-type analytical model is selected in hand-hold type analyzer start back, and imports IP available address in this local area network (LAN), couples together through the RJ45 mouth of twisted-pair feeder handheld formula analyzer and switch in the network that will check then.The port of needs inspections, be generally the exchanger core outlet, data image to the switch ports themselves that handheld device inserted.At this moment the hand-hold type analyzer data of coming through mirror image are come the phase-split network situation.
As shown in Figure 3,, the hand-hold type analyzer can analyze after receiving enough packets through inner analysis software, reduce all IP packets.Add up the source MAC in each packet then, target MAC (Media Access Control) address, source IP address, purpose IP address, packet institute use agreement, packet size.
Arrangement according to source IP address counts the IP address list of data packet number greater than certain threshold value;
Arrangement according to source MAC counts the MAC Address tabulation of data packet number greater than certain threshold value;
Press variety of protocol classifiction statistics bag, and from how to arrange to few;
Add up all IP and the corresponding relation of MAC Address.
Statistics has the IP and the MAC Address of multiple corresponding relation, and wherein classifies the quantity of sending the ARP protocol package as illegal ARP information greater than the IP or the MAC Address of certain threshold value.
Be presented at required result displayed report on the display screen at last.
The method for using of the procotol of brief description hand-hold type of the present invention and threat analysis appearance and step.
1. open the hand-hold type analyzer, select mode of operation (host mode or network schemer);
2. according to analyzer menu prompt input IP address information.
3. connect in the Ethernet like the needs inspection with netting twine handheld formula analyzer according to selected mode of operation.
3. analyze needed report according to packet information collected from Ethernet.
4. report is presented in the display screen of hand-hold type analyzer.
It should be noted last that; Above embodiment is only unrestricted in order to technical scheme of the present invention to be described; Although with reference to preferred embodiment the present invention is specified, those of ordinary skill in the art should be appreciated that and can make amendment or be equal to replacement technical scheme of the present invention; And not breaking away from the spirit and the scope of technical scheme of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (7)
1. the procotol of a hand-hold type and threat analysis appearance is characterized in that, comprise box body, display screen, miniature keyboard, network interface, power supply, mainboard;
Said display screen, miniature keyboard, network interface, power supply and mainboard rely on said box body to install,
Said network interface is used for being connected with the Ethernet that will check; Said display screen is used to show the input data and shows the object information that detects; Said miniature keyboard is used for the various data of artificial input, and said mainboard comprises system module, packet packet capturing module and information analysis module;
Said system module is used for installing operating system, for packet packet capturing module and information analysis module provide basic-level support;
Said packet packet capturing module is used for collection network bag from the network;
Said information analysis module is used for said collection network bag is unpacked analysis, and the analysis result of customization is shown on the said display screen.
2. the procotol of hand-hold type according to claim 1 and threat analysis appearance; It is characterized in that; Said information analysis module unpacks the analysis content to said collection network bag and comprises: the source MAC of each packet, target MAC (Media Access Control) address, source IP address; Purpose IP address, institute's use agreement and packet size.
3. the procotol of hand-hold type according to claim 2 and threat analysis appearance is characterized in that, the analysis result of said customization comprises:
Arrangement according to source IP address counts the IP address list of data packet number greater than certain threshold value;
Arrangement according to source MAC counts the MAC Address tabulation of data packet number greater than certain threshold value;
Press variety of protocol classifiction statistics bag, and from how to arrange to few;
Add up all IP and the corresponding relation of MAC Address.
4. the procotol of hand-hold type according to claim 3 and threat analysis appearance; It is characterized in that; The analysis result of said customization also comprises: statistics has the IP and the MAC Address of multiple corresponding relation, and wherein classifies the quantity of sending the ARP protocol package as illegal ARP information greater than the IP or the MAC Address of certain threshold value.
5. according to the procotol and the threat analysis appearance of one of claim 1-4 described hand-hold type, it is characterized in that the operating system of said system module is linux operating system.
6. according to the procotol and the threat analysis appearance of one of claim 1-4 described hand-hold type, it is characterized in that said packet packet capturing module is a tcpdump packet packet capturing module.
7. the procotol of hand-hold type according to claim 5 and threat analysis appearance is characterized in that, said packet packet capturing module is a tcpdump packet packet capturing module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104162054A CN102394786A (en) | 2011-12-14 | 2011-12-14 | Hand-held network protocol and threat analyzer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104162054A CN102394786A (en) | 2011-12-14 | 2011-12-14 | Hand-held network protocol and threat analyzer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102394786A true CN102394786A (en) | 2012-03-28 |
Family
ID=45861996
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104162054A Pending CN102394786A (en) | 2011-12-14 | 2011-12-14 | Hand-held network protocol and threat analyzer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102394786A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027549A (en) * | 2016-06-30 | 2016-10-12 | 大连楼兰科技股份有限公司 | Early warning method and device for address resolution protocol (ARP) flooding attacks in local area network |
| CN109561097A (en) * | 2018-12-17 | 2019-04-02 | 泰康保险集团股份有限公司 | Structured query language injects security flaw detection method, device, equipment and storage medium |
| CN111756775A (en) * | 2020-07-27 | 2020-10-09 | 四川神琥科技有限公司 | Handheld gigabit network analyzer and application method thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072147A (en) * | 2007-06-20 | 2007-11-14 | 重庆邮电大学 | Industrial Ethernet protocol analysisand field tester |
| CN101556609A (en) * | 2009-05-19 | 2009-10-14 | 杭州信杨通信技术有限公司 | Customer behavior analysis and service system based on web contents |
| CN101621430A (en) * | 2009-07-31 | 2010-01-06 | 南京拓为电力科技发展有限公司 | Portable electric power communication protocol detector and detection method thereof |
| CN101741847A (en) * | 2009-12-22 | 2010-06-16 | 北京锐安科技有限公司 | Detecting method of DDOS (distributed denial of service) attacks |
| CN102045366A (en) * | 2011-01-05 | 2011-05-04 | 上海北塔软件股份有限公司 | Method for actively discovering network attacked by viruses |
-
2011
- 2011-12-14 CN CN2011104162054A patent/CN102394786A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072147A (en) * | 2007-06-20 | 2007-11-14 | 重庆邮电大学 | Industrial Ethernet protocol analysisand field tester |
| CN101556609A (en) * | 2009-05-19 | 2009-10-14 | 杭州信杨通信技术有限公司 | Customer behavior analysis and service system based on web contents |
| CN101621430A (en) * | 2009-07-31 | 2010-01-06 | 南京拓为电力科技发展有限公司 | Portable electric power communication protocol detector and detection method thereof |
| CN101741847A (en) * | 2009-12-22 | 2010-06-16 | 北京锐安科技有限公司 | Detecting method of DDOS (distributed denial of service) attacks |
| CN102045366A (en) * | 2011-01-05 | 2011-05-04 | 上海北塔软件股份有限公司 | Method for actively discovering network attacked by viruses |
Non-Patent Citations (1)
| Title |
|---|
| 屈猛: ""IPv4与IPv6双栈模式下网络数据监测与协议分析"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027549A (en) * | 2016-06-30 | 2016-10-12 | 大连楼兰科技股份有限公司 | Early warning method and device for address resolution protocol (ARP) flooding attacks in local area network |
| CN109561097A (en) * | 2018-12-17 | 2019-04-02 | 泰康保险集团股份有限公司 | Structured query language injects security flaw detection method, device, equipment and storage medium |
| CN109561097B (en) * | 2018-12-17 | 2021-05-25 | 泰康保险集团股份有限公司 | Method, device, equipment and storage medium for detecting security vulnerability injection of structured query language |
| CN111756775A (en) * | 2020-07-27 | 2020-10-09 | 四川神琥科技有限公司 | Handheld gigabit network analyzer and application method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106209870B (en) | A kind of Network Intrusion Detection System for distributed industrial control system | |
| CN102082690B (en) | Passive finding equipment and method of network topology | |
| CN111371640B (en) | SDN controller-based traffic collection analysis method and system | |
| CN108429637B (en) | System and method for dynamically detecting process layer network topology of intelligent substation | |
| CN106603507A (en) | Method and system for automatically completing network security self checking | |
| CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
| CN107154940A (en) | A kind of Internet of Things vulnerability scanning system and scan method | |
| CN101399710B (en) | Detection method and system for protocol format exception | |
| US20170006082A1 (en) | Software Defined Networking (SDN) Orchestration by Abstraction | |
| CN102594814A (en) | Terminal-based network access control system | |
| CN107222462A (en) | A kind of LAN internals attack being automatically positioned of source, partition method | |
| CN1725709A (en) | Method of linking network equipment and invading detection system | |
| CN101567884A (en) | Method for detecting network theft Trojan | |
| CN104778042A (en) | Stream data processing method based on event stream processing and plug-in type development framework | |
| CN103152341A (en) | Virtuality and reality combined network security situation awareness simulation method and system | |
| CN100493065C (en) | Method for using immediate information software by data detection network address switching equipment | |
| CN110266519A (en) | A kind of method, system, storage medium and equipment perceiving substation network topology | |
| CN102394786A (en) | Hand-held network protocol and threat analyzer | |
| CN104618246A (en) | Network topology discovery method for XEN virtualization environment | |
| CN106572103A (en) | Hidden port detection method based on SDN network architecture | |
| CN103944775A (en) | Network traffic collection analysis and display output method | |
| CN103414640B (en) | A kind of method of the capacity of extended wireless controller equiment mac address forwarding table | |
| CN105162639A (en) | Virtual network fault positioning device based on Kernel-based virtual machine (KVM) | |
| CN107608752A (en) | The threat information response examined oneself based on virtual machine and method of disposal and system | |
| CN104135403B (en) | A kind of distributed environment Monitoring Data transfer check method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120328 |