CN106453358A - MAC protocol realization method and device for adjusting working cycles based on energy states - Google Patents
MAC protocol realization method and device for adjusting working cycles based on energy states Download PDFInfo
- Publication number
- CN106453358A CN106453358A CN201610943700.3A CN201610943700A CN106453358A CN 106453358 A CN106453358 A CN 106453358A CN 201610943700 A CN201610943700 A CN 201610943700A CN 106453358 A CN106453358 A CN 106453358A
- Authority
- CN
- China
- Prior art keywords
- file
- data
- network
- send
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
Abstract
The invention discloses an MAC protocol realization method and device for adjusting working cycles based on energy states. The method comprises the steps that when polling is carried out each time, a sink node sends polling packets to all sensor nodes; wherein data in the polling packets comprises the number of the energy collection type sensor nodes, the number of battery power supply type sensor nodes and the residual energy of all sensor nodes before the polling is started this time; and after receiving the polling packets, the active senor nodes update sleep duration in own working cycles according to the polling packets. According to the MAC protocol realization method and device for adjusting the working cycles based on the energy states disclosed by the invention, the battery power supply type sensor nodes are enabled to integrally have relatively long sleep duration proportions, the energy collection type sensor nodes with relatively poor energy states are enabled to have relatively long sleep proportions, so the energy consumption of the whole network is balanced, the reliability of the network in the relatively long time is ensured, and the transmission performance is improved.
Description
Technical field
The present invention relates to field of information security technology, a kind of method sending file data particularly to monitoring QQ.
Background technology
With scientific and technological development, people are also increasing to the dependence of network, and secrets disclosed by net problem also displays therewith,
Each major company:Various departments also have to the Internet Use to office worker and carry out management and control, prevent office worker from revealing some secret letters
Breath.
Also there are a lot of network administration tool on the market at present, great majority are all to carry out management and control to computer, and need to be in computer
Upper installation client, collects data is activation by client and realizes monitoring to monitoring client.This mode just necessarily has a lot of problems:
1:Client needs to install in every equipment to be monitored, and operation is excessively loaded down with trivial details;2:Client unloaded or disabling after just not
Can be recurred supervisory function bit;3:Client is installed and itself is subject to the control of authority of operating system and protecting of antivirus software in systems
After shield, it is unfavorable for the crawl 4 of data:Because client needs in running background, constantly sending data to server will necessarily make
Power consumption increases it is clear that being inapplicable on the mobile apparatus.
QQ is a very fiery social tool, also often act as transmitting the instrument of file, but most management and control work
Tool is not all monitored to QQ file transfer data, and this is also a breach in network management and control.
Content of the invention
The present invention is directed to the defect of prior art, there is provided a kind of method that monitoring QQ sends file data, can be effectively
Solve the problems, such as above-mentioned prior art.
A kind of method that monitoring QQ sends file data, comprises the following steps:
S1:Network packet is obtained by network packet capturing mode, detailed step is as follows;
S11:Network data packet capturing, carries out packet crawl according to Wireshark;
S12:Protocol header is analyzed, and obtains protocol type and port, and protocol type is TCP, and port is 80 or 443;
S13:Network sends, and detailed step is as follows:
S131:Set up and connect, 443 or 80 ports are opened in user end to server application, and then server end beams back one
ACK message notifying client request message receives, and client sends confirmation message again and confirms just now after receiving confirmation message
The confirmation message that server end sends, completes to connect;
S132:Client basic parameter sends;After the completion of connection establishment, client can send multiple POST request, point
Analyse this request bag and obtain http protocol information, content includes:The network type of transmission data is, send the QQ client release of data
And send the length etc. of data segment, after request success, service end will respond, client then start to send data head and
File data;
S2:Network data Packet analyzing, judges to send file data with the presence or absence of QQ in packet, comprises the following steps that:
S21:Monitor and scan network packet and whether there is file attribute packet header feature;The head of skew place value 0x00
Feature " 0xABCD9876 ", if existing, executes S22, if not existing, continues monitoring;
S22:Continuing to monitor downwards, if the single bag data continuously transmitting is more than 368 bytes, executing S23, if not depositing
Then executing S21;
S23:Continue to monitor downwards, 4 byte lengths starting from 344 bytes are the total length of file data, afterwards ten
Six bytes are other information data, start as file data section, the length of file data is POST information after 16 words knots
The length of middle data segment deducts 368, preserves this segment file data execution S24;
S24:Continue to monitor downwards, circulation execution S132 to S23, until continuous POST request no longer occurs, complete to send out
Send the splicing of file data, and splice the heavy length of data and then execute equal to the total length of the file data of record in data head
S3, otherwise executes S21;
S3:Judge file type and change file suffixes name, its step is as follows:
S31:Open the file data of splicing;
S32:Judge that File header information identifies, the file being typically different type has different file headers, for example:.Jpg literary composition
Part head is 0xFFD8FF;.png file header is 0x89PNG etc., just can determine that file type by file header;
S33:The file suffixes name of the file type after will confirm that is modified as the suffix name of respective file type;
S4:The file data extracting is carried out processing and presenting of respective file form.
Compared with prior art it is an advantage of the current invention that:The QQ software of mobile phone and computer can be monitored, effectively
Prevent and follow the trail of and send the loss that internal confidential file brings, the information security of protection enterprise or national sector because of QQ.
Specific embodiment
For making the purpose of the present invention:Technical scheme and advantage become more apparent, by the following examples, the present invention is done into
One step describes in detail.
A kind of method that monitoring QQ sends file data, comprises the following steps:
S1:Network packet is obtained by network packet capturing mode, detailed step is as follows;
S11:Network data packet capturing, carries out packet crawl according to Wireshark;
S12:Protocol header is analyzed, and obtains protocol type and port, and protocol type is TCP, and port is 80 or 443;
S13:Network sends, and detailed step is as follows:
S131:Set up and connect, 443 or 80 ports are opened in user end to server application(It is equal to 1 TCP report with SYN segment
Literary composition), then server end beam back an ACK message notifying client request message and receive, after client receives confirmation message
Send the confirmation message confirmation confirmation message that server end sends just now again, complete to connect;Namely do three-way handshake;Need
It is to be noted that all can re-establish when sending file every time once connecting;
S132:Client basic parameter sends;After the completion of connection establishment, client can send multiple POST request, point
Analyse this request bag and obtain http protocol information, content includes:The network type of transmission data is, send the QQ client release of data
And send the length etc. of data segment, after request success, service end will respond, client then start to send data head and
File data.
S2:Network data Packet analyzing, judges to send file data with the presence or absence of QQ in packet, comprises the following steps that:
S21:Monitor and scan network packet and whether there is file attribute packet header feature;The head of skew place value 0x00
Feature " 0xABCD9876 ", if existing, executes S22, if not existing, continues monitoring;
S22:Continuing to monitor downwards, if the single bag data continuously transmitting is more than 368 bytes, executing S23, if not depositing
Then executing S21;
S23:Continue to monitor downwards, 4 byte lengths starting from 344 bytes are the total length of file data, afterwards ten
Six bytes are other information data, start as file data section, the length of file data is POST information after 16 words knots
The length of middle data segment deducts 368, preserves this segment file data execution S24
S24:Continue to monitor downwards, circulation execution S132 to S23, until continuous POST request no longer occurs, complete to send out
Send the splicing of file data, and splice the heavy length of data and then execute equal to the total length of the file data of record in data head
S3, otherwise executes S21;
S3:Judge file type and change file suffixes name, its step is as follows:
S31:Open the file data of splicing
S32:Judge that File header information identifies, the file being typically different type has different file headers, for example:.Jpg literary composition
Part head is 0xFFD8FF;.png file header is 0x89PNG etc., just can determine that file type by file header;
S33:The file suffixes name of the file type after will confirm that is modified as the suffix name of respective file type;
S4:The file data extracting is carried out processing and presenting of respective file form.
Those of ordinary skill in the art will be appreciated that, embodiment described here is to aid in reader and understands this
Bright implementation is it should be understood that protection scope of the present invention is not limited to such special statement and embodiment.Ability
The those of ordinary skill in domain can according to these technology disclosed by the invention enlightenment make various without departing from the present invention essence its
Its various concrete deformation and combination, these deformation and combination are still within the scope of the present invention.
Claims (1)
1. a kind of monitoring QQ sends the method for file data it is characterised in that comprising the following steps:
S1:Network packet is obtained by network packet capturing mode, detailed step is as follows;
S11:Network data packet capturing, carries out packet crawl according to Wireshark;
S12:Protocol header is analyzed, and obtains protocol type and port, and protocol type is TCP, and port is 80 or 443;
S13:Network sends, and detailed step is as follows:
S131:Set up and connect, 443 or 80 ports are opened in user end to server application, then server end beams back an ACK report
Literary composition notifies client request message to receive, and client sends confirmation message again and confirms server just now after receiving confirmation message
Hold the confirmation message sending, complete to connect;
S132:Client basic parameter sends;After the completion of connection establishment, client can send multiple POST request, and analysis should
Request bag obtains http protocol information, and content includes:Send data network type, send data QQ client release and
Send length of data segment etc., after request success, service end will respond, client then starts to send data head and file
Data;
S2:Network data Packet analyzing, judges to send file data with the presence or absence of QQ in packet, comprises the following steps that:
S21:Monitor and scan network packet and whether there is file attribute packet header feature;The head feature of skew place value 0x00
" 0xABCD9876 ", if existing, executes S22, if not existing, continues monitoring;
S22:Continue to monitor downwards, if the single bag data continuously transmitting is more than 368 bytes, execute S23, if not existing,
Execution S21;
S23:Continue to monitor downwards, 4 byte lengths starting from 344 bytes are the total length of file data, afterwards 16
Byte is other information data, starts as file data section after 16 words knots, and the length of file data is number in POST information
Length according to section deducts 368, preserves this segment file data execution S24;
S24:Continue to monitor downwards, circulation execution S132 to S23, until continuous POST request no longer occurs, complete to send literary composition
The splicing of number of packages evidence, and the heavy length of splicing data then executes S3 equal to the total length of the file data of record in data head, no
Then execute S21;
S3:Judge file type and change file suffixes name, its step is as follows:
S31:Open the file data of splicing;
S32:Judge that File header information identifies, the file being typically different type has different file headers, for example:.Jpg file header
For 0xFFD8FF;.png file header is 0x89PNG etc., just can determine that file type by file header;
S33:The file suffixes name of the file type after will confirm that is modified as the suffix name of respective file type;
S4:The file data extracting is carried out processing and presenting of respective file form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610943700.3A CN106453358A (en) | 2016-11-02 | 2016-11-02 | MAC protocol realization method and device for adjusting working cycles based on energy states |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610943700.3A CN106453358A (en) | 2016-11-02 | 2016-11-02 | MAC protocol realization method and device for adjusting working cycles based on energy states |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106453358A true CN106453358A (en) | 2017-02-22 |
Family
ID=58177610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610943700.3A Pending CN106453358A (en) | 2016-11-02 | 2016-11-02 | MAC protocol realization method and device for adjusting working cycles based on energy states |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106453358A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109814765A (en) * | 2017-11-22 | 2019-05-28 | 广州数鹏通科技有限公司 | Meteorological image comparison method, device, computer equipment and storage medium |
| CN113542264A (en) * | 2021-07-13 | 2021-10-22 | 杭州安恒信息技术股份有限公司 | File transmission control method, device, equipment and readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100057903A1 (en) * | 2006-07-19 | 2010-03-04 | Chronicle Solutions (Uk) Limited | Network monitoring by using packet header analysis |
| CN101783817A (en) * | 2010-03-26 | 2010-07-21 | 西南科技大学 | Web text reduction system and method |
| CN103139315A (en) * | 2013-03-26 | 2013-06-05 | 烽火通信科技股份有限公司 | Application layer protocol analysis method suitable for home gateway |
| CN104702454A (en) * | 2013-12-04 | 2015-06-10 | 大连东浦机电有限公司 | Method for monitoring risks of QQ transmitted data based on keyword extraction strategy |
| CN105227514A (en) * | 2014-05-27 | 2016-01-06 | 北大方正集团有限公司 | Based on document transmission processing method and the browser of browser |
-
2016
- 2016-11-02 CN CN201610943700.3A patent/CN106453358A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100057903A1 (en) * | 2006-07-19 | 2010-03-04 | Chronicle Solutions (Uk) Limited | Network monitoring by using packet header analysis |
| CN101783817A (en) * | 2010-03-26 | 2010-07-21 | 西南科技大学 | Web text reduction system and method |
| CN103139315A (en) * | 2013-03-26 | 2013-06-05 | 烽火通信科技股份有限公司 | Application layer protocol analysis method suitable for home gateway |
| CN104702454A (en) * | 2013-12-04 | 2015-06-10 | 大连东浦机电有限公司 | Method for monitoring risks of QQ transmitted data based on keyword extraction strategy |
| CN105227514A (en) * | 2014-05-27 | 2016-01-06 | 北大方正集团有限公司 | Based on document transmission processing method and the browser of browser |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109814765A (en) * | 2017-11-22 | 2019-05-28 | 广州数鹏通科技有限公司 | Meteorological image comparison method, device, computer equipment and storage medium |
| CN113542264A (en) * | 2021-07-13 | 2021-10-22 | 杭州安恒信息技术股份有限公司 | File transmission control method, device, equipment and readable storage medium |
| CN113542264B (en) * | 2021-07-13 | 2022-08-26 | 杭州安恒信息技术股份有限公司 | File transmission control method, device and equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| CN103051633B (en) | A kind of method and apparatus of defensive attack | |
| CN104137513B (en) | Attack prevention method and equipment | |
| Udd et al. | Exploiting bro for intrusion detection in a SCADA system | |
| TWI294726B (en) | ||
| JP4827972B2 (en) | Network monitoring device, network monitoring method, and network monitoring program | |
| CA2526759A1 (en) | Event monitoring and management | |
| CN109922073A (en) | Network security monitoring device, method and system | |
| CN103166996B (en) | HTTP connects and HTTPS connects self-adaptation method, Apparatus and system | |
| TW201505411A (en) | Method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus | |
| CN105516081A (en) | Method and system for issuing safety strategy by server and message queue middleware | |
| Shuaib et al. | Resiliency of smart power meters to common security attacks | |
| Farina et al. | Understanding ddos attacks from mobile devices | |
| JP4380710B2 (en) | Traffic anomaly detection system, traffic information observation device, and traffic information observation program | |
| CN101018233A (en) | Session control method and control device | |
| Huang et al. | An authentication scheme to defend against UDP DrDoS attacks in 5G networks | |
| CN106453358A (en) | MAC protocol realization method and device for adjusting working cycles based on energy states | |
| Darwish et al. | Vulnerability Assessment and Experimentation of Smart Grid DNP3. | |
| KR100758796B1 (en) | Realtime service management system for enterprise and a method thereof | |
| US11943250B2 (en) | Test device | |
| CN104660584A (en) | Trojan virus analysis technique based on network conversation | |
| CN116319028A (en) | Rebound shell attack interception method and device | |
| Leal et al. | MQTT flow signatures for the Internet of things | |
| Dalati et al. | NGS: mitigating DDoS attacks using SDN-based network gate shield | |
| JP2009169781A (en) | Network quarantine system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 641000 Songshan South Road 253, Neijiang City, Sichuan Province Applicant after: Sichuan Miwu Traceless Science and Technology Co., Ltd. Address before: 641000 Songshan South Road 253, Neijiang City, Sichuan Province Applicant before: SICHUAN MWH INFORMATION SAFETY TECHNOLOGY CO., LTD. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
| RJ01 | Rejection of invention patent application after publication |