Portable internet terminal monitor and its monitoring method
Technical field
The present invention relates to network monitoring device technical field, more particularly to a kind of internet terminal monitor and its
Monitoring method.
Background technique
Universal increasingly wider with wireless network and mobile radio terminal, there are public wireless aps in many cities.
Unfortunately, these AP public multipair greatly is surfed the Internet without limitation.Possess wireless network card or the laptop computer or mobile phone of wifi
Etc. terminals can enjoy a trip to internet on these peripheries AP.In this way, the number with online is more and more, online interior perhaps people
The content that exchanges also will be more and more abundant, increasingly mix, it is more likely that cause to have on internet it is many it is discordant in
Hold and occurs.Wireless aps for these contents, as gateway card in a disclosure, it should there is the obligation being monitored to data,
Make internet more harmonious with it is environmentally friendly, while should grasp bottom is which terminal issues(Or it receives)Discordant content.Mesh
Preceding network monitoring program is mostly the equipment that operation uses x86 framework, is provided to greatly to the purpose of the monitoring of network communication
Network security, these programs and equipment are all for security service.For the technology of network monitoring, foreign countries developed very at
Ripe, the country also has Some Enterprises to research and develop such technology, and product is to develop for server security, for example network is anti-mostly
Wall with flues server, intrusion detection server, security audit server etc..But the packet non-hazardous to network server, it is such
Product simultaneously less takes notice of, especially at home, many flame or character, can only be by server application or website after
Platform is deshielded and is managed.For these sensitive informations, it is necessary to it goes to manage by independent equipment, it need not to mitigate network server
The expense wanted.
Summary of the invention
The object of the invention is in order to a kind of structure for solving the deficiency of the prior art and providing it is simple, it is easy to operate,
And gateway effect can be played in a local network, the portable internet pointedly monitored for the data packet in network
Terminal monitor.
Gateway effect can be played in a local network it is a further object of the present invention to provide a kind of, for the data packet in network
The internet terminal monitoring method pointedly monitored.
The present invention is to realize above-mentioned purpose using following technical solution:A kind of potable internet terminal monitoring
Device, which is characterized in that including a client monitor, CPU mono-, flash memory, Ethernet by being loaded with linux kernel are connect
Mouth, the wireless network card composition with AP function, allow access terminals to access network and are communicated, and start operation by the main program of system
Process, which catch, grabs the network packet that access terminals are uploaded or downloaded, and subprogram is transmitted to main program the data packet caught is caught
Analysis, the data packet that needs are stored after analysis are sent to background server;
One background server is communicated to connect with client monitor, including CPU bis-, memory and display, for receiving prison
The data that visual organ sends over, and received data convert and show.
As a further illustration of the above scheme, the input of the client monitor terminates router, internal interface
Relationship is that the data packet of wireless network card controls kernel by iptables and is forwarded to Ethernet card and is sent to internet;Ethernet card
It receives the data packet from internet and wireless network card is forwarded to by iptables control kernel.
The background server is embedded with data graphical interfaces scan tool.
A kind of internet terminal monitoring method, which is characterized in that it is by the input/output ports point in customer router
Internet terminal monitor and PC server are not established, catch using internet terminal monitor grabbing network packet, be gone forward side by side
Row analysis, the data packet that needs are stored after analysis are sent to the PC server having been turned on and are stored.
It is described internet terminal monitor send data packet to PC server before, be first starting internet terminal monitor
Linux kernel, and load trawl performance, carry out network card configuration after having driven network interface card, complete network interface card with postponing its master of operation
Program, main program starting subprocess runtime subroutine, which catch, grabs network packet, and subprogram is transmitted to the data packet caught is caught
Main program analysis.
Operation service main program after the PC server starting, monitors whether internet terminal monitor sends data to
Server has, and is stored.
The server main program operational process includes receiving data and splitting data procedures, and receiving data procedures is to receive
The data that monitor sends over;Splitting data procedures is received data convert.
The present invention is using the attainable beneficial effect of above-mentioned technical solution institute:
1, it is S3C2440 by embedded board, system kernel Linux2.6.30, CPU that the present invention, which uses mainly,
(400MHZ), the internet terminal monitor of Ethernet interface composition, the content of network data packet that subnet terminal is issued
It is monitored, monitoring while does not influence the normal communication of user;One is surrounded by the network data within the scope of all monitorings
Select filtering effect, the data packet containing the sensitive information wording being arranged listened to can be uploaded to background server into
Capable storage of putting on record, places on record, in case searching;At low cost, equipment essence is small, and easy to carry and installation is particularly suitable for public transport subway
The relatively narrow public place in equal spaces, relative to other large scale equipments, specificity is stronger, does not influence networking speed, Er Qieneng
Consume it is very low, it is more energy saving with it is environmentally friendly.
2, relative to other AP, the detection function of network packet is increased, and specified service can be stored data into
Device;The boot sequence at client and server end does not influence successively to communicate;Client is detached from server, can equally open AP function
Energy.
Detailed description of the invention
Fig. 1 is the working principle of the invention schematic diagram;
Fig. 2 is client monitor and background server attachment structure schematic diagram of the invention;
Fig. 3 is work flow diagram of the invention;
Fig. 4 is client monitor general structure schematic diagram of the invention.
Description of symbols:1, client monitor 1-1, mono- 1-3 of wiring board 1-2, CPU, flash memory
1-4, Ethernet interface 1-5, wireless network card 2, bis- 2-2 of background server 2-1, CPU, memory 2-3, display.
Specific embodiment
Technical solution of the present invention is described in further detail in conjunction with the embodiments as follows.
As Figure 1-Figure 4, a kind of Portable internet terminal monitor of the present invention, including a client monitor 1, by
Wiring board 1-1, mono- 1-2 of CPU for being loaded with linux kernel, flash memory 1-3, Ethernet interface 1-4, with the wireless of AP function
Network interface card 1-5 composition allows access terminals to access network and is communicated, and catch grabbing by the main program starting operation subprocess of system
Access terminals upload or the network packet of downloading, and subprogram is transmitted to main program analysis, handle after analysis the data packet caught is caught
The data packet for needing to store is sent to background server 2, and catching here grabs data procedures using increasing income under Linux
Tcpdump network data packet sniffer tool, the data packet transmitted in network can be intercepted and captured completely and provide analysis, caught and grab by it
Port is set as wireless network card, and monitoring can be realized by either still netting interior communication to the access of internet;Main program is responsible for
Data are analyzed and sent to server;One background server 2 is communicated to connect with client monitor, including bis- 2-1 of CPU, memory
2-2 and display 2-3, the data sended over for receiving monitor, and received data convert and show;Server end
Carry ubuntu10.10 system(Optional other systems can support gtk2.0).The wherein input termination of client monitor
Router, internal interface relationship are that the data packet of wireless network card is forwarded to Ethernet card transmission by iptables control kernel
To internet;Ethernet card receives the data packet from internet and is forwarded to wireless network card by iptables control kernel.
Background server is embedded with data graphical interfaces scan tool, for checking that data are grabbed in specified catching.
A kind of monitoring method corresponding with the internet terminal device, it is by the input/output ports in customer router
Internet terminal monitor and PC server are established respectively, catch using internet terminal monitor and are grabbed network packet, and
It is analyzed, the data packet that needs are stored after analysis is sent to the PC server having been turned on and is stored.
As shown in figure 3, internet terminal monitor:The driving such as linux kernel load network interface card, driving after hardware electrifying startup
Carry out network card configuration after playing network interface card, complete network interface card with postponing operation main program, main program start subprocess runtime subroutine into
Row, which is caught, grabs network packet, and subprogram is transmitted to main program analysis, the data that needs are stored after analysis the data packet caught is caught
Packet is sent to service routine and is stored.Specifically by the content in main program analysis Tcpdump_data structural body, if number
It according to keyword is not contained, then abandons, if organizing bunchiness form to be sent to server containing crucial son.
Server PC:Operation service program after server starting, monitors whether internet terminal monitor has transmission data
To server, have, is stored.
Server main program operational process includes receiving data and splitting data procedures, and receiving data procedures is to receive monitoring
The data that device sends over;Received data convert into Tcpdump_data categorical variable, then splitting data procedures is
Store MySQL database.
What has been described above is only a preferred embodiment of the present invention, it is noted that for those of ordinary skill in the art
For, without departing from the concept of the premise of the invention, various modifications and improvements can be made, these belong to the present invention
Protection scope.