CN105721245A - Network data sniffing realization method based on rapid connection protocol - Google Patents
Network data sniffing realization method based on rapid connection protocol Download PDFInfo
- Publication number
- CN105721245A CN105721245A CN201610074065.XA CN201610074065A CN105721245A CN 105721245 A CN105721245 A CN 105721245A CN 201610074065 A CN201610074065 A CN 201610074065A CN 105721245 A CN105721245 A CN 105721245A
- Authority
- CN
- China
- Prior art keywords
- data
- frame
- subpackage
- sniff
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
Abstract
The invention relates to the technique of network data capturing, and discloses a network data sniffing realization method based on a rapid connection protocol. In a complex open network environment, sensitive packages can be sniffed out rapidly and accurately and can be analyzed into corresponding data accurately. According to the method, after a sniffing device sniffs sensitive data, multi-group receiving is carried out according to the subpackage sequences of the data; namely, same data is received in a multi-group receiving mode until all subpackages are received completely; then verification is carried out; and the verification comprises following steps of taking out the data in the same subpackage sequences, comparing every two subpackages, if the numerical values are inconsistent, discarding all data in the subpackage sequences, if the numerical values are consistent, continuing to verify until the data of all subpackage sequences is verified completely, and outputting the target data received this time, wherein the target data is sent by a sending end.
Description
Technical field
The present invention relates to network data capturing technology, be specifically related to a kind of realize method based on the network data sniff connecting agreement soon.
Background technology
Along with improving constantly of user's living standard, comfort level and Experience Degree are pursued also more and more diversified by user, and intelligent artifact is also increasingly harsher to the demand of simplicity and playability.Thus, the requirement of the transmission of light-duty data is also more and more higher.And how to ensure in data transmission procedure accurate, safety and convenient be industry must faced by major issue.
Technology of Network Sniffer, flows through the data of network interface card, and these data carries out intellectual analysis and filtration mainly by sniff, thus being quickly found out the network information content of needs.Under normal circumstances, network interface card only receives the packet relevant with oneself address, thus in order to walk around this layer, namely walks around tcpip stack, thus all data received in network, sniffer generally all makes network interface card work in promiscuous mode.
Summary of the invention
The technical problem to be solved is: propose a kind of to realize method based on the network data sniff connecting agreement soon, under complicated open network environment, it is possible to quickly, and sniff goes out sensitive bag accurately, and resolves to corresponding data accurately.
The technical solution adopted for the present invention to solve the technical problems is:
Realize method based on the network data sniff connecting agreement soon, be applied to include hardware sniffer and network data sends in the system of equipment;The method comprises the following steps:
A, hardware sniffer power on for the first time and namely start sniff, and network data sends equipment and is then not intended to the time and sends data at random;
B, after hardware sniffer sniff to sensitive data, subpackage sequence number according to these data carries out organizing reception more, and the multi-group data for each subpackage sequence number is marked respectively, it is designated as data [x, y], wherein, x represents that subpackage sequence number is also grouping serial number simultaneously, and y represents current these data position in a packet;
Whether C, judge that sensitive data receives and complete, if do not finished receiving, then the data entered in step D process sub-process, if finished receiving, then the data received are verified;
D, data process sub-process:
D1, first determine whether receive frame data whether be repeating frame, if be repeating frame, enter step D2, if not being repeating frame, then entrance step D3;
D2, judging that whether current y value is more than 5, if greater than 5, then frame number is abnormal, abandons this frame;If y value is less than or equal to 5, then it is assigned to data [x, y], and y value is added 1;
D3, judging whether these frame data are the first frame, if being the first frame, then data being assigned to data [x, y], then by x+1;If not the first frame, first x is added one, then data are assigned to data [x, y].
Further, described hardware sniffer is the equipment with sniff function, and it is the various equipment supporting UDP communication protocol that described network sends equipment.
Further, in step C, the described data to receiving verify, and specifically include:
First take out the data that subpackage sequence number is identical, compare between two, if numerical value is inconsistent, then abandon all data under this subpackage sequence number, if unanimously, then continue verification, until the data one-hundred-percent inspection of all subpackage sequence numbers completes.
The invention has the beneficial effects as follows:
On the one hand, the present invention does not limit the network channel of open environment lower network communication, and supports across channel acquisition data, it is ensured that capture multiformity and the high efficiency of data;On the other hand, the present invention can when network data retransmit, it is ensured that data communication transmission accuracy.
Accompanying drawing explanation
Fig. 1 is that in embodiment, network data sniff realizes method main flow;
Fig. 2 is that in embodiment, data process sub-process.
Detailed description of the invention
In the present invention, hardware sniffer powers on for the first time and namely starts sniff, network data sends equipment and is then not intended to the time and sends data at random, after sniff equipment sniff to sensitive data, can carry out organizing reception according to the subpackage sequence number of these data more, namely same data receiver many groups, until all of subpackage all finishes receiving, and each subpackage have received a lot of groups.
Being marked respectively receiving the data multi-group data simultaneously for each subpackage sequence number, be labeled as data [x, y], wherein, x represents that subpackage sequence number is also grouping serial number simultaneously, and y represents current these data position in a packet.
After data receiver completes, entering matching algorithm, handling process is: first data are grouped according to the value of x, what x value was identical is divided into one group, until all of packet completes, after packet completes, carry out label to each data in each group are ascending.Then according to the verification rule that network data transmission equipment sending data adopts verifies: take out the data that subpackage sequence number is identical, compare between two, if numerical value is inconsistent, then abandon all data under this subpackage sequence number, if it is consistent, then continuing verification, until the data one-hundred-percent inspection of all subpackage sequence numbers completes, output is the target data of this transmitting terminal received.
Embodiment:
As it is shown in figure 1, realizing method based on the network data sniff connecting agreement soon and include in this example:
After program brings into operation, entering sniff algorithm flow, the initial array data [x, y] that receives is set to 0, x, y is zero setting also.Now sniffer has detected whether sensitive data, if there being sensitive data, first judges to receive whether complete, if it is not complete, then enter frame data to process sub-process.Being complete if received, whether the packet being judged as each subpackage sequence number is identical.If all grouped datas of each subpackage sequence number are all identical, then this receives data correctly, terminates algorithm, output data data [x, y];Otherwise just abandon this to receive, and restoring scene, restart receiving algorithm.
Frame data process sub-process as shown in Figure 2, first determine whether whether these frame data are repeating frame, if not repeating frame, then determine whether the first frame, if being the first frame, so data are assigned to data [x, y], then x+1, if not the first frame, first x is added one, then data are assigned to data [x, y].If being repeating frame, it is judged that whether y value is more than 5, if greater than 5, then frame number is abnormal, abandons this frame.If y value is less than or equal to 5, then it is assigned to data [x, y], and y value is added 1.
Claims (3)
1. realize method based on the network data sniff connecting agreement soon, be applied to include hardware sniffer and network data sends in the system of equipment;It is characterized in that, the method comprises the following steps:
A, hardware sniffer power on for the first time and namely start sniff, and network data sends equipment and is then not intended to the time and sends data at random;
B, after hardware sniffer sniff to sensitive data, subpackage sequence number according to these data carries out organizing reception more, and the multi-group data for each subpackage sequence number is marked respectively, it is designated as data [x, y], wherein, x represents that subpackage sequence number is also grouping serial number simultaneously, and y represents current these data position in a packet;
Whether C, judge that sensitive data receives and complete, if do not finished receiving, then the data entered in step D process sub-process, if finished receiving, then the data received are verified;
D, data process sub-process:
D1, first determine whether receive frame data whether be repeating frame, if be repeating frame, enter step D2, if not being repeating frame, then entrance step D3;
D2, judging that whether current y value is more than 5, if greater than 5, then frame number is abnormal, abandons this frame;If y value is less than or equal to 5, then it is assigned to data [x, y], and y value is added 1;
D3, judging whether these frame data are the first frame, if being the first frame, then data being assigned to data [x, y], then by x+1;If not the first frame, first x is added one, then data are assigned to data [x, y].
2. realizing method based on the network data sniff connecting agreement soon as claimed in claim 1, it is characterised in that described hardware sniffer is the equipment with sniff function, it is the various equipment supporting UDP communication protocol that described network sends equipment.
3. realizing method based on the network data sniff connecting agreement soon as claimed in claim 1 or 2, it is characterised in that in step C, the described data to receiving verify, and specifically include:
First take out the data that subpackage sequence number is identical, compare between two, if numerical value is inconsistent, then abandon all data under this subpackage sequence number, if unanimously, then continue verification, until the data one-hundred-percent inspection of all subpackage sequence numbers completes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610074065.XA CN105721245B (en) | 2016-02-02 | 2016-02-02 | Based on the network data sniff implementation method for connecting agreement fastly |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610074065.XA CN105721245B (en) | 2016-02-02 | 2016-02-02 | Based on the network data sniff implementation method for connecting agreement fastly |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105721245A true CN105721245A (en) | 2016-06-29 |
| CN105721245B CN105721245B (en) | 2019-03-15 |
Family
ID=56154664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610074065.XA Active CN105721245B (en) | 2016-02-02 | 2016-02-02 | Based on the network data sniff implementation method for connecting agreement fastly |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105721245B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110020553A (en) * | 2019-04-12 | 2019-07-16 | 山东浪潮云信息技术有限公司 | A kind of method and system for protecting sensitive data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1225741A1 (en) * | 2000-10-30 | 2002-07-24 | Siemens Aktiengesellschaft | High speed interconnection for embedded systems within a computer network |
| CN103532668A (en) * | 2013-10-12 | 2014-01-22 | 成都阜特科技股份有限公司 | Method for ensuring integrity and correctness of TCP (transmission control protocol) communication data |
| CN104901889A (en) * | 2015-05-15 | 2015-09-09 | 嘉兴市稠江光电仪器技术有限公司 | Remote data collection and control method based on improved-type UDP/IP protocol |
| CN104993979A (en) * | 2015-07-22 | 2015-10-21 | 上海迈外迪网络科技有限公司 | Network connection monitoring method, terminal equipment and communication system |
-
2016
- 2016-02-02 CN CN201610074065.XA patent/CN105721245B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1225741A1 (en) * | 2000-10-30 | 2002-07-24 | Siemens Aktiengesellschaft | High speed interconnection for embedded systems within a computer network |
| CN103532668A (en) * | 2013-10-12 | 2014-01-22 | 成都阜特科技股份有限公司 | Method for ensuring integrity and correctness of TCP (transmission control protocol) communication data |
| CN104901889A (en) * | 2015-05-15 | 2015-09-09 | 嘉兴市稠江光电仪器技术有限公司 | Remote data collection and control method based on improved-type UDP/IP protocol |
| CN104993979A (en) * | 2015-07-22 | 2015-10-21 | 上海迈外迪网络科技有限公司 | Network connection monitoring method, terminal equipment and communication system |
Non-Patent Citations (1)
| Title |
|---|
| 张永涛: "《以太网数据包嗅探技术》", 《微计算机信息》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110020553A (en) * | 2019-04-12 | 2019-07-16 | 山东浪潮云信息技术有限公司 | A kind of method and system for protecting sensitive data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105721245B (en) | 2019-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105425065B (en) | The system and method for intelligent appliance automated production test | |
| EP2849384B1 (en) | Approximate matching method and related device, and communication system | |
| CN103326893A (en) | Limit speed measuring method | |
| EP2600535A4 (en) | Method, apparatus and system for configuring demodulation reference signal | |
| WO2013063600A3 (en) | Systems and methods for fast initial network link setup | |
| CN106899978B (en) | Wireless network attack positioning method | |
| CN106658756A (en) | Method and device for recognizing connection between terminal device and hotspot | |
| CN102934469A (en) | Wireless communication method, wireless communication apparatus and wireless communication system | |
| CN105721245A (en) | Network data sniffing realization method based on rapid connection protocol | |
| CN104023036A (en) | TCP (transmission control protocol) bypass blocking method and device | |
| CN102355668A (en) | Method, system and terminal equipment for searching for access point (AP) attacker | |
| CN103999396B (en) | The subscriber station of bus system and the method for transmitting data between the subscriber station of bus system | |
| CN107426798B (en) | WIFI module network distribution method and device | |
| CN104468569B (en) | The integrality detection method and device of distributed data | |
| CN105979511B (en) | A method of realizing that SD and AP is quickly connected using the encryption of SD information under the WIFI environment of onrelevant | |
| CN103781132B (en) | Method and apparatus for switching detection of user plane and signaling plane in TETRA system | |
| CN106330347A (en) | Radio frequency parameter adjusting method and device | |
| CN108574530B (en) | Data transmitting and receiving method and device and multichannel EPON system | |
| CN101801018A (en) | Method and network side device for detecting reverse fault | |
| CN104468190A (en) | Wifi data package capturing method and device and intelligent terminal | |
| CN102891781B (en) | Network shares detection system and network shares detection method | |
| CN105262732A (en) | Method and apparatus for detecting MAC address spoofing | |
| CN105979474B (en) | A method of realizing that SD and AP is quickly connected using near radio identification technology | |
| EP1432205A3 (en) | Automatic detecting method for protocol nonconformity and automatic detecting apparatus for protocol nonconformity | |
| CN105959943B (en) | A method of realizing that SD and AP is quickly connected using third party's mobile terminal MT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |