CN104754651A - WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection - Google Patents
WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection Download PDFInfo
- Publication number
- CN104754651A CN104754651A CN201310727341.4A CN201310727341A CN104754651A CN 104754651 A CN104754651 A CN 104754651A CN 201310727341 A CN201310727341 A CN 201310727341A CN 104754651 A CN104754651 A CN 104754651A
- Authority
- CN
- China
- Prior art keywords
- pseudo
- target
- described target
- client
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/16—Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a WLAN (Wireless Local Area Network) wireless data capturing method based on pseudo AP (Access Point) induced connection. The method comprises the following steps: S01, acquiring the information of a target AP and a client, and establishing connection with the target AP; and S02, setting a pseudo AP, maintaining an IP (Internet Protocol) address allocated to an induced connection target client allocated by the target AP, interfering with the connection between the induced connection target client and the target AP, inducting the induced connection target client to establish connection with the pseudo AP, and capturing a data packet of the induced connection target client. Through implementation of the method, undetected skipping of the induced connection target client is realized, and the data packet of the induced connection target client is captured and analyzed. The auditing demand specific to the network behaviors of specific personnel during handling of safety affairs, warning situation affairs and the like is well met. The invention further discloses a WLAN wireless data capturing system based on pseudo AP induced connection.
Description
Technical field
The present invention relates to wireless data and catch field, more particularly, relate to a kind of the WLAN wireless data catching method and the system that lure connection based on pseudo-AP.
Background technology
Current, the use of wireless router is more and more general, the public place widespread deployment wireless devices such as airport, restaurant, coffee shop, and based on the needs of safety and alert, it is urgent that the audit demand for the wireless user's network behavior in public place becomes.In reality, because of factors such as complicated site environments, wireless signal becomes very complicated, if the wireless data packet in Direct Acquisition air, packet loss can be very high.Luring the mode of connection (pseudo-AP lures connection to refer to and lures that the client of wireless user jumps to pseudo-AP from true AP into) wireless client by setting up pseudo-AP, greatly can increase the success rate of capture-data bag.
A kind of method and system (number of patent application: patent 201210266892.0) has also been used and lured connection technology of automatic acquisition encryption wireless network keys, first it set up the pseudo-AP with ESSID identical with true AP, then by network interferences or the mode disconnection of wireless user of blocking-up and the connection of true AP, can point out after wireless user goes offline and reconnect, because pseudo-AP can use the network interface card of band high-gain aerial, so, now wireless user is by pseudo-for preferential attachment AP, and input the account of true AP, password, this patent will intercept and capture the account of wireless user's input, password, thus the authentication information of true AP is obtained.The core concept of this patent allows wireless user realize go offline, and Induced wireless user re-enters account, password, and completes intercepting and capturing.
But after prior art existence lures and is unified into merit, while pseudo-AP provides services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, can not meet the demand of safety and alert completely, therefore, the existing connection technology that lures need to improve.
Summary of the invention
The technical problem to be solved in the present invention is, after existing and lure for prior art and be unified into merit, while pseudo-AP provides services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, the defect of the demand of safety and alert can not be met completely, a kind of the WLAN wireless data catching method and the system that lure connection based on pseudo-AP are provided.
The technical solution adopted for the present invention to solve the technical problems is: construct a kind of WLAN wireless data catching method luring connection based on pseudo-AP, comprise the following steps:
The information of S01, acquisition target AP and client also sets up the connection with target AP;
S02, pseudo-AP is set, maintain described target AP and distribute to the IP address luring connection destination client, and described in interference, lure the connection of connection destination client and target AP, lure connection destination client and pseudo-AP to connect described in luring into, described in catching, lure the packet of connection destination client.
Lure based on pseudo-AP in the WLAN wireless data catching method of connection of the present invention, described step S01 comprises following sub-step:
S1, scan described target AP and described client, and obtain the first information of described target AP and the information of described client; Determine to lure connection destination client according to the information of described client;
S2, set up the connection between described target AP according to the first information of described target AP and the connection password that obtains in advance; And obtain the second information of described target AP.
Lure based on pseudo-AP in the WLAN wireless data catching method of connection of the present invention, described step S02 comprises following sub-step:
S3, set up pseudo-AP according to the second information of described target AP, and configuration and open the corresponding function of described pseudo-AP;
Lure the connection of connection destination client and described target AP described in S4, interference, and described in luring into, lure connection destination client and described pseudo-AP to connect;
S5, to be caught by pseudo-AP described in lure the packet of connection destination client, and the described packet of connection destination client that lures to be analyzed.
Lure in the WLAN wireless data catching method of connection based on pseudo-AP of the present invention,
In described step S1, by the first network interface card scanning target AP and client, the first information of described target AP comprises the ESSID of described target AP, the BSSID of described target AP, the production firm of described target AP, the cipher mode of described target AP, the working channel of described target AP, the signal strength signal intensity of described target AP, the number of clients that described target AP connects, the time finding described target AP for the first time and the last at least one found in the described target AP time; First network interface card can be the common network interface card supporting monitor pattern, and namely common network interface card has this function, and the present invention is not limited only to this.
The information of described client comprises at least one in the cipher mode of the MAC Address of described client, ESSID, the BSSID of described target AP of the described target AP connected of the production firm of described client and described client, the working channel of described target AP, the signal strength signal intensity of described client and described target AP;
Second information of described target AP comprises the IP address of described target AP, the mask of described target AP, the gateway of described target AP.
Lure in the WLAN wireless data catching method of connection based on pseudo-AP of the present invention,
Described step S3 comprises following sub-step:
S31, set up described pseudo-AP by the second network interface card and the 3rd network interface card; Second network interface card can be the common network interface card supporting managed pattern, and described 3rd network interface card can be the common network interface card supporting master pattern, and namely common network interface card has the function of above-mentioned second network interface card, the 3rd network interface card, and the present invention is not limited only to this;
S32, the ESSID of pseudo-AP, the cipher mode of described pseudo-AP identical with the cipher mode of the ESSID of described target AP, described target AP is set;
S33, configure the routing table of described pseudo-AP, and open the function of the routing forwarding of described pseudo-AP;
S34, open the nat feature of described pseudo-AP by described second network card configuration; And open the ARP proxy function of described pseudo-AP and the dhcp server functionality of described pseudo-AP by described 3rd network card configuration.
Lure in the WLAN wireless data catching method of connection based on pseudo-AP of the present invention,
Described step S4 comprises following sub-step:
Lure the connection between connection destination client and described target AP described in S41, the 4th network interface card interference, described in making, lure connection destination client to rescan network environment; 4th network interface card can be the common network interface card supporting monitor pattern, and namely common network interface card has this function, and the present invention is not limited only to this;
S42, lure into described in lure connection destination client and described pseudo-AP connect.
Implement the WLAN wireless data catching method luring connection based on pseudo-AP of the present invention, there is following beneficial effect: the WLAN wireless data catching method luring connection based on pseudo-AP provided by the embodiment of the present invention, can effectively solve after prior art exists and lure and be unified into merit, while providing services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, the defect of the demand of safety and alert can not be met completely, the present invention utilizes the information of target AP to set up pseudo-AP, target AP can be maintained and distribute to the IP address luring connection destination client, make to lure the IP address of connection destination client to change, achieve and lure the nothing of connection destination client to discover redirect, and catch and analyze the packet luring connection destination client, the present invention has well adapted to the audit demand processed for the network behavior of specific people in the affairs such as safety and alert.
The present invention also provides a kind of WLAN wireless data capture systems luring connection based on pseudo-AP, comprises with lower module:
Data obtaining module, for obtaining the information of target AP and client and setting up the connection with target AP;
Pseudo-AP sets up module, for arranging pseudo-AP, maintaining described target AP and distributing to the IP address luring connection destination client, and luring the connection of connection destination client and target AP described in interference, lure connection destination client and pseudo-AP to connect described in luring into, described in catching, lure the packet of connection destination client.
Lure based on pseudo-AP in the WLAN wireless data capture systems of connection of the present invention, described data obtaining module comprises following submodule:
The first information obtains submodule, for scanning described target AP and described client, and obtains the first information of described target AP and the information of described client; Determine to lure connection destination client according to the information of described client;
Second acquisition of information submodule, for setting up the connection between described target AP according to the first information of described target AP and the connection password that obtains in advance; And obtain the second information of described target AP.
Lure in the WLAN wireless data capture systems of connection based on pseudo-AP of the present invention, described pseudo-AP sets up module and comprises following submodule:
Pseudo-AP sets up submodule, sets up pseudo-AP for the second information according to described target AP, and configures and open the corresponding function of described pseudo-AP;
Pseudo-AP disturbs submodule, described in disturbing, lure the connection joining destination client and described target AP, and lures connection destination client and described pseudo-AP to connect described in luring into;
Data packet analysis submodule, lures the packet joining destination client described in being obtained by pseudo-AP, and analyzes the described packet of connection destination client that lures.
Lure in the WLAN wireless data capture systems of connection based on pseudo-AP of the present invention,
The described first information obtains in submodule, by the first network interface card scanning target AP and client, the first information of described target AP comprises the ESSID of described target AP, the BSSID of described target AP, the production firm of described target AP, the cipher mode of described target AP, the working channel of described target AP, the signal strength signal intensity of described target AP, the number of clients that described target AP connects, the time finding described target AP for the first time and the last at least one found in the described target AP time;
The information of described client comprises at least one in the cipher mode of the MAC Address of described client, ESSID, the BSSID of described target AP of the described target AP connected of the production firm of described client and described client, the signal strength signal intensity of described client and described target AP;
Second information of described target AP comprises the IP address of described target AP, the mask of described target AP, the gateway of described target AP.
Lure in the WLAN wireless data capture systems of connection based on pseudo-AP of the present invention,
Described pseudo-AP sets up submodule and comprises with lower unit:
Pseudo-AP sets up unit, for setting up described pseudo-AP by the second network interface card and the 3rd network interface card;
ESSID and cipher mode setting unit, for arranging the ESSID of the pseudo-AP identical with the cipher mode of the ESSID of described target AP, described target AP, the cipher mode of described pseudo-AP;
Route setting unit, for configuring the routing table of described pseudo-AP, and opens the function of the routing forwarding of described pseudo-AP;
Function setting unit, for opening the nat feature of described pseudo-AP by described second network card configuration; And for opening the ARP proxy function of described pseudo-AP and the dhcp server functionality of described pseudo-AP by described 3rd network card configuration.
Lure in the WLAN wireless data capture systems of connection based on pseudo-AP of the present invention,
Described pseudo-AP disturbs submodule to comprise with lower unit:
Interference units, for the connection by luring described in the 4th network interface card interference between connection destination client and described target AP, lures connection destination client to rescan network environment described in making;
Pseudo-AP connection establishment unit, lures connection destination client and described pseudo-AP to connect described in luring into.
Implement the WLAN wireless data capture systems luring connection based on pseudo-AP of the present invention, there is following beneficial effect: the WLAN wireless data capture systems luring connection based on pseudo-AP provided by the embodiment of the present invention, can effectively solve after prior art exists and lure and be unified into merit, while providing services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, the defect of the demand of safety and alert can not be met completely, the present invention utilizes the information of target AP to set up pseudo-AP, target AP can be maintained and distribute to the IP address luring connection destination client, make to lure the IP address of connection destination client to change, achieve and lure the nothing of connection destination client to discover redirect, and catch and analyze the packet luring connection destination client, the present invention has well adapted to the audit demand processed for the network behavior of specific people in the affairs such as safety and alert.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the WLAN wireless data catching method flow chart luring connection based on pseudo-AP that a preferred embodiment of the present invention provides;
Fig. 2 is the sub-process figure of the step S01 shown in Fig. 1;
Fig. 3 is the sub-process figure of the step S02 shown in Fig. 1;
Fig. 4 is the sub-process figure of the step S3 shown in Fig. 3;
Fig. 5 is the sub-process figure of the step S4 shown in Fig. 3;
Fig. 6 is the structured flowchart luring the WLAN wireless data capture systems of connection based on pseudo-AP that a preferred embodiment of the present invention provides;
Fig. 7 is the structured flowchart of the data obtaining module shown in Fig. 6;
Fig. 8 is the structured flowchart that pseudo-AP described in Fig. 6 sets up module;
Fig. 9 is the structured flowchart that the pseudo-AP shown in Fig. 8 sets up submodule;
Figure 10 is the structured flowchart of the pseudo-AP connexon module shown in Fig. 8;
Figure 11 be the embodiment of the present invention provide lure pseudo-AP in the WLAN wireless data catching method of connection to lure the network topology structure schematic diagram before being unified into merit based on pseudo-AP;
Figure 12 be the embodiment of the present invention provide lure pseudo-AP in the WLAN wireless data catching method of connection to lure the network topology structure schematic diagram after being unified into merit based on pseudo-AP.
Embodiment
After solving in prior art and luring and be unified into merit, while providing services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives the defect that AP there occurs redirect, innovative point of the present invention is: utilize the information of target AP to set up pseudo-AP, and target AP can be maintained and distribute to the IP address luring connection destination client, make to lure the IP address of connection destination client to change.
In order to there be understanding clearly to technical characteristic of the present invention, object and effect, now contrast accompanying drawing and describe the specific embodiment of the present invention in detail, following embodiment and accompanying drawing, be only and understand the present invention better, do not do any restriction to the present invention.
As shown in Figure 1, what provide in the embodiment of the present invention a kind ofly lures based on pseudo-AP in the WLAN wireless data catching method of connection, said method comprising the steps of:
The information of S01, acquisition target AP and client also sets up the connection with target AP;
S02, pseudo-AP is set, maintain described target AP and distribute to the IP address luring connection destination client, and described in interference, lure the connection of connection destination client and target AP, lure connection destination client and pseudo-AP to connect described in luring into, described in catching, lure the packet of connection destination client.
The embodiment of the present invention can be that PC and four of linux supports that the common wireless network card of Master pattern, Monitor pattern, Managed pattern realizes by an operating system.Four cards of throwing the net can be connected with described PC by USB interface.
Implement the WLAN wireless data catching method luring connection based on pseudo-AP that the embodiment of the present invention provides, there is following beneficial effect: the WLAN wireless data catching method luring connection based on pseudo-AP provided by the embodiment of the present invention, can effectively solve after prior art exists and lure and be unified into merit, while providing services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, the defect of the demand of safety and alert can not be met completely, the present invention utilizes the information of target AP to set up pseudo-AP, and maintain target AP distribute to lure connection destination client IP address, make to lure the IP address of connection destination client to change, achieve and lure the nothing of connection destination client to discover redirect, and catch and analyze the packet luring connection destination client, the present invention has well adapted to the audit demand processed for the network behavior of specific people in the affairs such as safety and alert.
Preferably, as shown in Figure 2, what provide in the embodiment of the present invention lures in the WLAN wireless data catching method of connection based on pseudo-AP,
S1, scanning target AP and client, and obtain the first information of described target AP and the information of described client; Determine to lure connection destination client according to the information of described client; AP is wireless access node, mainly provides services on the Internet to the wireless stations in access point coverage.Here target AP can be the AP provided services on the Internet to the public in public place.Here client can be to be connected in described target AP multiple notebook computer or smart mobile phone or panel computer.Connection destination client is lured to be the client needing to carry out it network behavior audit.
S2, set up the connection between the second network interface card and described target AP according to the first information of described target AP and the connection password that obtains in advance; And obtain the second information of described target AP; Some is not arranged to the target AP of password; password is sky; password is that empty situation is also contained within the situation of the connection password obtained in advance; for the target AP being provided with password; can be obtained by direct access inquiry staff, how obtain the password not protection content of the present invention of target AP.
Preferably, as shown in Figure 3, what provide in the embodiment of the present invention lures in the WLAN wireless data catching method of connection based on pseudo-AP, and described step S02 comprises following sub-step:
S3, set up pseudo-AP according to the second information of described target AP, and configuration and open the corresponding function of described pseudo-AP; Described pseudo-AP has the antenna of the gain higher than described target AP, and the corresponding function configuring and open described pseudo-AP lures the IP address of connection destination client not change described in making.
Lure the connection of connection destination client and described target AP described in S4, interference, and described in luring into, lure connection destination client and described pseudo-AP to connect;
S5, to be caught by pseudo-AP described in lure the packet of connection destination client, and the described packet of connection destination client that lures to be analyzed.
Preferably, what provide in the embodiment of the present invention lures in the WLAN wireless data catching method of connection based on pseudo-AP,
In described step S1, by the first network interface card scanning target AP and client, the first information of described target AP comprises the ESSID(ServiceSetIdentifier of described target AP; Service area alias), the application of Ad-hocLAN that the BSSID(mono-kind of described target AP is special, also referred to as BasicServiceSet (BSS), the BSS title that a group computer settings is identical, can have a group of one's own.Each BSS can be endowed a BSSID, and its to be a length be binary identification symbol of 48, is used for identifying different BSS.Its major advantage be it can as filtration with), the production firm of described target AP, the cipher mode of described target AP, the working channel of described target AP, the signal strength signal intensity of described target AP, the number of clients that described target AP connects, first time find the time of described target AP and the last at least one found in the described target AP time; First network interface card can be the common network interface card supporting monitor pattern, and namely common network interface card has this function, and the present invention is not limited only to this.
The information of described client comprises at least one in the cipher mode of the MAC Address of described client, ESSID, the BSSID of described target AP of the described target AP connected of the production firm of described client and described client, the working channel of described target AP, the signal strength signal intensity of described client and described target AP;
Second information of described target AP comprises the IP address of described target AP, the mask of described target AP, the gateway of described target AP.
Preferably, as shown in Figure 4, what provide in the embodiment of the present invention lures in the WLAN wireless data catching method of connection based on pseudo-AP,
Described step S3 comprises following sub-step:
S31, set up described pseudo-AP by the second network interface card and the 3rd network interface card; Second network interface card can be the common network interface card supporting managed pattern, and described 3rd network interface card can be the common network interface card supporting master pattern, and namely common network interface card has the function of above-mentioned second network interface card, the 3rd network interface card, and the present invention does not limit the model of network interface card.
S32, the ESSID of pseudo-AP, the cipher mode of described pseudo-AP identical with the cipher mode of the ESSID of described target AP, described target AP is set; ESSID, the cipher mode of described target AP and described pseudo-AP are all identical, lure the user of connection destination client not easily to discover and there occurs redirect described in being conducive to.
S33, configure the routing table of described pseudo-AP, and open the function of the routing forwarding of described pseudo-AP; Namely also pseudo-AP contrasts in itself and routing table according to the object IP of packet, according to the instruction of route table items by Packet Generation to the next network equipment or client.
S34, open the nat feature of described pseudo-AP by described second network card configuration; And open the ARP proxy function of described pseudo-AP and the dhcp server functionality of described pseudo-AP by described 3rd network card configuration.NAT refers to that privately owned (reservation) address spaces is the switch technology of legitimate ip address by one; it is widely used in all kinds Internet access way and various types of network; NAT can solve the problem of shortage of ip address; but also effectively can avoid the attack from network-external; hide and the computer of protecting network inside, to configure here and the function of opening NAT is IP information in order to hiding pseudo-AP in-house network.Configure and open ARP function can make pseudo-AP described target AP and described lure join between destination client transparent, lure described in making connection destination client imperceptible lure connection destination client connect be pseudo-AP; DHCP (DHCP; DynamicHostConfigurationProtocol) udp protocol work is used, mainly contain two purposes: to internal network or Internet service provider's automatic IP address allocation, to user or internal network keeper as the means all computers being made to central management, configure and open DHCP function and described target AP can be made to distribute to lure the IP address of connection destination client to remain unchanged.
Preferably, as shown in Figure 5, what provide in the embodiment of the present invention lures in the WLAN wireless data catching method of connection based on pseudo-AP,
Described step S4 comprises following sub-step:
The connection between connection destination client and described target AP is lured, to make to lure connection destination client to rescan network environment described in S41, the 4th network interface card interference; Lure the connection of connection destination client and described target AP to be interfered due to described, be even blocked, described in lure and join destination client and will rescan network environment.4th network interface card can be the common network interface card supporting monitor pattern, and namely common network interface card has this function, and the present invention is not limited only to this.
S42, lure into described in lure connection destination client and described pseudo-AP connect; Because the ESSID of described pseudo-AP is identical with described target AP with cipher mode, and install the antenna of high-gain additional, so described in lure pseudo-AP described in connection destination client preferential attachment, and because the described IP address of connection destination client that lures does not change, user will be difficult to discover wireless network and there occurs redirect.
As shown in Figure 6, the embodiment of the present invention also provides a kind of and lures in the WLAN wireless data capture systems of connection based on pseudo-AP,
Comprise with lower module:
Data obtaining module 01, for obtaining the information of target AP and client and setting up the connection with target AP;
Pseudo-AP sets up module 02, for arranging pseudo-AP, maintaining described target AP and distributing to the IP address luring connection destination client, and luring the connection of connection destination client and target AP described in interference, lure connection destination client and pseudo-AP to connect described in luring into, described in catching, lure the packet of connection destination client.
The embodiment of the present invention can be that PC and four of linux supports that the common wireless network card of Master pattern, Monitor pattern, Managed pattern realizes by an operating system.Four cards of throwing the net can be connected with described PC by USB interface.
Implement the WLAN wireless data capture systems luring connection based on pseudo-AP that the embodiment of the present invention provides, there is following beneficial effect: the WLAN wireless data capture systems luring connection based on pseudo-AP provided by the embodiment of the present invention, can effectively solve after prior art exists and lure and be unified into merit, while providing services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, the defect of the demand of safety and alert can not be met completely, the present invention utilizes the information of target AP to set up pseudo-AP, and maintain target AP distribute to lure connection destination client IP address, make to lure the IP address of connection destination client to change, achieve and lure the nothing of connection destination client to discover redirect, and catch and analyze the packet luring connection destination client, the present invention has well adapted to the audit demand processed for the network behavior of specific people in the affairs such as safety and alert.
Preferably, as shown in Figure 7, what provide in the embodiment of the present invention lures in the WLAN wireless data capture systems of connection based on pseudo-AP; Described data obtaining module 01 comprises following submodule:
The first information obtains submodule 1, for scanning target AP and client, and obtains the first information of described target AP and the information of described client; Determine to lure connection destination client according to the information of described client; AP is wireless access node, mainly provides services on the Internet to the wireless stations in access point coverage.Here target AP can be the AP provided services on the Internet to the public in public place.Here client can be to be connected in described target AP multiple notebook computer or smart mobile phone or panel computer.Connection destination client is lured to be the client needing to carry out it network behavior audit.
Second acquisition of information submodule 2, for according to the first information of described target AP and and the connection password that obtains in advance set up connection between described target AP; And obtain the second information of described target AP; Some is not arranged to the target AP of password; password is sky; password is that empty situation is also contained within the situation of the connection password obtained in advance; for the target AP being provided with password; can be obtained by direct access inquiry staff, how obtain the password not protection content of the present invention of target AP.Set up the connection between the second network interface card and described target AP.
Preferably, as shown in Figure 8, what provide in the embodiment of the present invention lures in the WLAN wireless data capture systems of connection based on pseudo-AP; Described pseudo-AP sets up module 02 and comprises following submodule:
Pseudo-AP sets up submodule 3, sets up pseudo-AP for the second information according to described target AP, and configures and open the corresponding function of described pseudo-AP; Described pseudo-AP has the antenna of the gain higher than described target AP, and the corresponding function configuring and open described pseudo-AP lures the IP address of connection destination client not change described in making.
Pseudo-AP disturbs submodule 4, described in disturbing, lure the connection joining destination client and described target AP, and lures connection destination client and described pseudo-AP to connect described in luring into;
Data packet analysis submodule 5, lures the packet joining destination client described in being obtained by pseudo-AP, and analyzes the described packet of connection destination client that lures.
Preferably, luring in the WLAN wireless data capture systems of connection based on pseudo-AP described in the embodiment of the present invention, the described first information obtains in submodule 1, by the first network interface card scanning target AP and client, the first information of described target AP comprises the ESSID of described target AP, the BSSID of described target AP, the production firm of described target AP, the cipher mode of described target AP, the working channel of described target AP, the signal strength signal intensity of described target AP, the number of clients that described target AP connects, first time finds the time of described target AP and the last at least one found in the described target AP time, first network interface card can be the common network interface card supporting monitor pattern, and namely common network interface card has this function, and the present invention is not limited only to this.
The information of described client comprises at least one in the cipher mode of the MAC Address of described client, ESSID, the BSSID of described target AP of the described target AP connected of the production firm of described client and described client, the working channel of described target AP, the signal strength signal intensity of described client and described target AP;
Second information of described target AP comprises the IP address of described target AP, the mask of described target AP, the gateway of described target AP.
Preferably, as shown in Figure 9, luring in the WLAN wireless data capture systems of connection based on pseudo-AP described in the embodiment of the present invention, described pseudo-AP sets up submodule 3 and comprises with lower unit:
Pseudo-AP sets up unit 31, for setting up described pseudo-AP by the second network interface card and the 3rd network interface card; Second network interface card can be the common network interface card supporting managed pattern, and described 3rd network interface card can be the common network interface card supporting master pattern, and namely common network interface card has the function of above-mentioned second network interface card, the 3rd network interface card, and the present invention does not limit the model of network interface card.
ESSID and cipher mode setting unit 32, for arranging the ESSID of the pseudo-AP identical with the cipher mode of the ESSID of described target AP, described target AP, the cipher mode of described pseudo-AP; ESSID, the cipher mode of described target AP and described pseudo-AP are all identical, lure the user of connection destination client not easily to discover and there occurs redirect described in being conducive to.
Route setting unit 33, for configuring the routing table of described pseudo-AP, and opens the function of the routing forwarding of described pseudo-AP; Namely also pseudo-AP contrasts in itself and routing table according to the object IP of packet, according to the instruction of route table items by Packet Generation to the next network equipment or client.
Function setting unit 34, for opening the nat feature of described pseudo-AP by described second network card configuration; And for opening the ARP proxy function of described pseudo-AP and the dhcp server functionality of described pseudo-AP by described 3rd network card configuration.NAT (network address translation; NetworkAddressTranslation) refer to that privately owned (reservation) address spaces is the switch technology of legitimate ip address by one; it is widely used in all kinds Internet access way and various types of network; NAT can solve the problem of shortage of ip address; but also effectively can avoid the attack from network-external; hide and the computer of protecting network inside, to configure here and the function of opening NAT is IP information in order to hiding pseudo-AP in-house network.Configure and open ARP function can make pseudo-AP described target AP and described lure join between destination client transparent, lure described in making connection destination client imperceptible lure connection destination client connect be pseudo-AP; DHCP (DHCP; DynamicHostConfigurationProtocol) udp protocol work is used, mainly contain two purposes: to internal network or Internet service provider's automatic IP address allocation, to user or internal network keeper as the means all computers being made to central management, configure and open DHCP function and described target AP can be made to distribute to lure the IP address of connection destination client to remain unchanged.
Preferably, as shown in Figure 10, luring in the WLAN wireless data capture systems of connection described in the embodiment of the present invention based on pseudo-AP, described pseudo-AP disturbs submodule 4 to comprise with lower unit:
Interference units 41, for the connection by luring described in the 4th network interface card interference between connection destination client and described target AP, lures connection destination client to rescan network environment described in making; Lure the connection of connection destination client and described target AP to be interfered due to described, be even blocked, described in lure and join destination client and will rescan network environment.4th network interface card can be the common network interface card supporting monitor pattern, and namely common network interface card has this function, and the present invention is not limited only to this.
Pseudo-AP connection establishment unit 42, lures connection destination client and described pseudo-AP to connect described in luring into; Because the ESSID of described pseudo-AP is identical with described target AP with cipher mode, and install the antenna of high-gain additional, so described in lure pseudo-AP described in connection destination client preferential attachment, and because the described IP address of connection destination client that lures does not change, user will be difficult to discover wireless network and there occurs redirect.
Do further explain below in conjunction with Figure 11,12 couples of the present invention:
As shown in figure 11, Figure 11 is the network topology structure schematic diagram before pseudo-AP sets up, subscription client also can be directly route by the true AP of true AP(, be equivalent to the target AP in the embodiment of the present invention) be connected to internet, the IP address of described true AP is 192.168.1.1, and the IP address distributing to subscription client (be equivalent to luring in the embodiment of the present invention and join destination client) is 192.168.1.2.First by luring the scanning network interface card (being equivalent to the first network interface card in the embodiment of the present invention) in contact system (luring contact all mistakes operating system to be that the computer of linux and four support that the common wireless network card of Master pattern, Monitor pattern, Managed pattern realizes), the information of true AP and client is collected.The information of true AP comprises ESSID, BSSID, true AP production firm, cipher mode, working channel, signal strength signal intensity, the number of clients that this true AP connects and true AP first time discovery time and last discovery time.The information of client comprise MAC Address, production firm, connect ESSID and the BSSID of true AP, working channel, signal strength signal intensity and cipher mode.
Lure the true AP information that the connection network interface card (being equivalent to the second network interface card in the embodiment of the present invention) in contact system obtains according to scanning, and the connection password of the true AP to be obtained by other means is (as airport WIFI password, can be obtained by inquired work personnel), then be connected to true AP, and obtain the information such as IP address, mask, gateway by connecting network interface card.
According to the information such as IP address, gateway obtained from true AP, by connecting network interface card, soft AP network interface card (being equivalent to the second network interface card in the embodiment of the present invention, the 3rd network interface card) two throws the net card, sets up pseudo-AP system.Pseudo-AP system has ESSID identical with true AP, cipher mode, and have the AP of stronger signal, and the client that can confuse thinks that itself and true AP are in same ESS.Revise routing table simultaneously, open the function of routing forwarding, then configure NAT, ARP proxy and unlatching dhcp server functionality, to ensure that the nothing of client discovers redirect.
The attack network interface card (being equivalent to the 4th network interface card in the embodiment of the present invention) in contact system is lured to start to disturb the connection between client and true AP, client is made to rescan network environment, because pseudo-AP system applies the antenna of high-gain, and have the ESSID identical with true AP, so client will be connected on the stronger pseudo-AP of signal automatically.Jumping in pseudo-AP process from true AP, the IP address of client remains constant, and client is difficult to discover occurred change.Lure the network topology structure after being unified into merit as shown in figure 12, open DHCP service and ARP proxy by wlan1, NAT service is opened by wlan0.Its routing table is as shown in table 1 below:
| Destination | Gateway | Mask | Interface |
| 192.168.1.1 | * | 255.255.255.255 | wlan0 |
| 192.168.1.0 | * | 255.255.255.0 | wlan1 |
| default | 192.168.1.1 | 0.0.0.0 | wlan0 |
Table 1
Lure the packet of connection destination client described in being caught by pseudo-AP, and the described packet of connection destination client that lures is analyzed.
In sum, implement the WLAN wireless data catching method or the system that lure connection based on pseudo-AP of the present invention, there is following beneficial effect: the WLAN wireless data catching method or the system that lure connection based on pseudo-AP that are provided by the embodiment of the present invention, can effectively solve after prior art exists and lure and be unified into merit, while providing services on the Internet to wireless user, the IP address of wireless user can change, wireless user easily perceives AP and there occurs redirect, the defect of the demand of the affairs of process safety and alert can not be met completely, the present invention utilizes the first information of target AP and the second information to set up pseudo-AP, and configure and open the corresponding function of described pseudo-AP, therefore this pseudo-AP has the ESSID identical with target AP and cipher mode, and target AP can be maintained and distribute to the IP address luring connection destination client, make to lure the IP address of connection destination client to change, achieve and lure the nothing of connection destination client to discover redirect, and catch and analyze the packet luring connection destination client, the present invention has well adapted to the audit demand processed for the network behavior of specific people in the affairs such as safety and alert.
By reference to the accompanying drawings embodiments of the invention are described above; but the present invention is not limited to above-mentioned embodiment; above-mentioned embodiment is only schematic; instead of it is restrictive; those of ordinary skill in the art is under enlightenment of the present invention; do not departing under the ambit that present inventive concept and claim protect, also can make a lot of form, these all belong within protection of the present invention.
Claims (12)
1. lure a WLAN wireless data catching method for connection based on pseudo-AP, it is characterized in that, comprise the following steps:
The information of S01, acquisition target AP and client also sets up the connection with target AP;
S02, pseudo-AP is set, maintain described target AP and distribute to the IP address luring connection destination client, and described in interference, lure the connection of connection destination client and target AP, lure connection destination client and pseudo-AP to connect described in luring into, described in catching, lure the packet of connection destination client.
2. the WLAN wireless data catching method luring connection based on pseudo-AP according to claim 1, it is characterized in that, described step S01 comprises following sub-step:
S1, scan described target AP and described client, and obtain the first information of described target AP and the information of described client; Determine to lure connection destination client according to the information of described client;
S2, set up the connection between described target AP according to the first information of described target AP and the connection password that obtains in advance; And obtain the second information of described target AP.
3. the WLAN wireless data catching method luring connection based on pseudo-AP according to claim 2, it is characterized in that, described step S02 comprises following sub-step:
S3, set up pseudo-AP according to the second information of described target AP, and configuration and open the corresponding function of described pseudo-AP;
Lure the connection of connection destination client and described target AP described in S4, interference, and described in luring into, lure connection destination client and described pseudo-AP to connect;
S5, to be caught by pseudo-AP described in lure the packet of connection destination client, and the described packet of connection destination client that lures to be analyzed.
4. the WLAN wireless data catching method luring connection based on pseudo-AP according to claim 3, is characterized in that,
In described step S1, by the first network interface card scanning target AP and client, the first information of described target AP comprises the ESSID of described target AP, the BSSID of described target AP, the production firm of described target AP, the cipher mode of described target AP, the working channel of described target AP, the signal strength signal intensity of described target AP, the number of clients that described target AP connects, the time finding described target AP for the first time and the last at least one found in the described target AP time;
The information of described client comprises at least one in the cipher mode of the MAC Address of described client, ESSID, the BSSID of described target AP of the described target AP connected of the production firm of described client and described client, the working channel of described target AP, the signal strength signal intensity of described client and described target AP;
Second information of described target AP comprises the IP address of described target AP, the mask of described target AP, the gateway of described target AP.
5. the WLAN wireless data catching method luring connection based on pseudo-AP according to claim 4, is characterized in that,
Described step S3 comprises following sub-step:
S31, set up described pseudo-AP by the second network interface card and the 3rd network interface card;
S32, the ESSID of pseudo-AP, the cipher mode of described pseudo-AP identical with the cipher mode of the ESSID of described target AP, described target AP is set;
S33, configure the routing table of described pseudo-AP, and open the function of the routing forwarding of described pseudo-AP;
S34, open the nat feature of described pseudo-AP by described second network card configuration; And open the ARP proxy function of described pseudo-AP and the dhcp server functionality of described pseudo-AP by described 3rd network card configuration.
6. the WLAN wireless data catching method luring connection based on pseudo-AP according to claim 5, is characterized in that,
Described step S4 comprises following sub-step:
Lure the connection between connection destination client and described target AP described in S41, the 4th network interface card interference, described in making, lure connection destination client to rescan network environment;
S42, lure into described in lure connection destination client and described pseudo-AP connect.
7. lure a WLAN wireless data capture systems for connection based on pseudo-AP, it is characterized in that, comprise with lower module:
Data obtaining module, for obtaining the information of target AP and client and setting up the connection with target AP;
Pseudo-AP sets up module, for arranging pseudo-AP, maintaining described target AP and distributing to the IP address luring connection destination client, and luring the connection of connection destination client and target AP described in interference, lure connection destination client and pseudo-AP to connect described in luring into, described in catching, lure the packet of connection destination client.
8. the WLAN wireless data capture systems luring connection based on pseudo-AP according to claim 7, it is characterized in that, described data obtaining module comprises following submodule:
The first information obtains submodule, for scanning described target AP and described client, and obtains the first information of described target AP and the information of described client; Determine to lure connection destination client according to the information of described client;
Second acquisition of information submodule, for setting up the connection between described target AP according to the first information of described target AP and the connection password that obtains in advance; And obtain the second information of described target AP.
9. the WLAN wireless data capture systems luring connection based on pseudo-AP according to claim 8, is characterized in that, described pseudo-AP sets up module and comprises following submodule:
Pseudo-AP sets up submodule, sets up pseudo-AP for the second information according to described target AP, and configures and open the corresponding function of described pseudo-AP;
Pseudo-AP disturbs submodule, described in disturbing, lure the connection joining destination client and described target AP, and lures connection destination client and described pseudo-AP to connect described in luring into;
Data packet analysis submodule, lures the packet joining destination client described in being obtained by pseudo-AP, and analyzes the described packet of connection destination client that lures.
10. the WLAN wireless data capture systems luring connection based on pseudo-AP according to claim 9, is characterized in that,
The described first information obtains in submodule, by the first network interface card scanning target AP and client, the first information of described target AP comprises the ESSID of described target AP, the BSSID of described target AP, the production firm of described target AP, the cipher mode of described target AP, the working channel of described target AP, the signal strength signal intensity of described target AP, the number of clients that described target AP connects, the time finding described target AP for the first time and the last at least one found in the described target AP time;
The information of described client comprises at least one in the cipher mode of the MAC Address of described client, ESSID, the BSSID of described target AP of the described target AP connected of the production firm of described client and described client, the signal strength signal intensity of described client and described target AP;
Second information of described target AP comprises the IP address of described target AP, the mask of described target AP, the gateway of described target AP.
The 11. WLAN wireless data capture systems luring connection based on pseudo-AP according to claim 10, is characterized in that,
Described pseudo-AP sets up submodule and comprises with lower unit:
Pseudo-AP sets up unit, for setting up described pseudo-AP by the second network interface card and the 3rd network interface card;
ESSID and cipher mode setting unit, for arranging the ESSID of the pseudo-AP identical with the cipher mode of the ESSID of described target AP, described target AP, the cipher mode of described pseudo-AP;
Route setting unit, for configuring the routing table of described pseudo-AP, and opens the function of the routing forwarding of described pseudo-AP;
Function setting unit, for opening the nat feature of described pseudo-AP by described second network card configuration; And for opening the ARP proxy function of described pseudo-AP and the dhcp server functionality of described pseudo-AP by described 3rd network card configuration.
The 12. WLAN wireless data capture systems luring connection based on pseudo-AP according to claim 11, is characterized in that,
Described pseudo-AP disturbs submodule, comprises with lower unit:
Interference units, for the connection by luring described in the 4th network interface card interference between connection destination client and described target AP, lures connection destination client to rescan network environment described in making;
Pseudo-AP connection establishment unit, lures connection destination client and described pseudo-AP to connect described in luring into.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310727341.4A CN104754651A (en) | 2013-12-25 | 2013-12-25 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310727341.4A CN104754651A (en) | 2013-12-25 | 2013-12-25 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104754651A true CN104754651A (en) | 2015-07-01 |
Family
ID=53593607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310727341.4A Pending CN104754651A (en) | 2013-12-25 | 2013-12-25 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104754651A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105472700A (en) * | 2015-12-24 | 2016-04-06 | 努比亚技术有限公司 | Apparatus and method for acquiring information of devices connected to wireless access point |
| CN110012471A (en) * | 2019-03-04 | 2019-07-12 | 武汉纺织大学 | A kind of wireless network data Packet analyzing method based on pseudo- hot spot |
| CN112788127A (en) * | 2020-12-31 | 2021-05-11 | 神州顶联科技有限公司 | Personnel positioning system and method based on campus wireless network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1650642A (en) * | 2002-03-29 | 2005-08-03 | 空气磁体公司 | Detecting a counterfeit access point in a wireless local area network |
| CN101496364A (en) * | 2005-07-28 | 2009-07-29 | 讯宝科技公司 | Rogue AP roaming prevention |
| CN102014378A (en) * | 2010-11-29 | 2011-04-13 | 北京星网锐捷网络技术有限公司 | Method and system for detecting rogue access point device and access point device |
| CN102781002A (en) * | 2012-07-30 | 2012-11-14 | 深圳市易聆科信息技术有限公司 | Method and system for automatically obtaining key of encrypted wireless network |
-
2013
- 2013-12-25 CN CN201310727341.4A patent/CN104754651A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1650642A (en) * | 2002-03-29 | 2005-08-03 | 空气磁体公司 | Detecting a counterfeit access point in a wireless local area network |
| CN101496364A (en) * | 2005-07-28 | 2009-07-29 | 讯宝科技公司 | Rogue AP roaming prevention |
| CN102014378A (en) * | 2010-11-29 | 2011-04-13 | 北京星网锐捷网络技术有限公司 | Method and system for detecting rogue access point device and access point device |
| CN102781002A (en) * | 2012-07-30 | 2012-11-14 | 深圳市易聆科信息技术有限公司 | Method and system for automatically obtaining key of encrypted wireless network |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105472700A (en) * | 2015-12-24 | 2016-04-06 | 努比亚技术有限公司 | Apparatus and method for acquiring information of devices connected to wireless access point |
| CN110012471A (en) * | 2019-03-04 | 2019-07-12 | 武汉纺织大学 | A kind of wireless network data Packet analyzing method based on pseudo- hot spot |
| CN112788127A (en) * | 2020-12-31 | 2021-05-11 | 神州顶联科技有限公司 | Personnel positioning system and method based on campus wireless network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9240976B1 (en) | Systems and methods for providing network security monitoring | |
| US20060193300A1 (en) | Method and apparatus for monitoring multiple network segments in local area networks for compliance with wireless security policy | |
| US8380819B2 (en) | Method to allow seamless connectivity for wireless devices in DHCP snooping/dynamic ARP inspection/IP source guard enabled unified network | |
| US10897489B2 (en) | Managing content casting | |
| US8665871B2 (en) | Dynamic VLAN IP network entry | |
| EP3698526B1 (en) | Managing content casting | |
| US20200162517A1 (en) | Method and apparatus to have entitlement follow the end device in network | |
| Yu et al. | A survey of virtual LAN usage in campus networks | |
| US20150040194A1 (en) | Monitoring of smart mobile devices in the wireless access networks | |
| CN106559292A (en) | A kind of broad band access method and device | |
| CN107241454B (en) | A kind of method, apparatus that realizing address administration, aaa server and SDN controller | |
| CN101841815A (en) | Cluster controlling method based on wireless router and network system | |
| CN103648109B (en) | A kind of wireless distributed repeater system and method | |
| US10523453B2 (en) | Managing content casting | |
| CN106255106A (en) | A kind of wireless network connecting method and device | |
| US11985110B2 (en) | Distribution of stateless security functions | |
| CN105635335B (en) | Social resources cut-in method, apparatus and system | |
| CN106255089A (en) | A kind of method and apparatus of radio three layer roaming | |
| CN104754651A (en) | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection | |
| CN112019563B (en) | Video data forwarding and transmitting system and method | |
| EP3836487A1 (en) | Internet access behavior management system, device and method | |
| CN103516820A (en) | Port forwarding method and apparatus based on MAC address | |
| CN109495978B (en) | Data transmission method and device | |
| CN107124307B (en) | Management VLAN (virtual local area network) switching method and device | |
| US9025494B1 (en) | IPv6 network device discovery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150701 |
|
| RJ01 | Rejection of invention patent application after publication |