CN106533836A - Method and apparatus for displaying data packet contents - Google Patents

Method and apparatus for displaying data packet contents Download PDF

Info

Publication number
CN106533836A
CN106533836A CN201611075393.8A CN201611075393A CN106533836A CN 106533836 A CN106533836 A CN 106533836A CN 201611075393 A CN201611075393 A CN 201611075393A CN 106533836 A CN106533836 A CN 106533836A
Authority
CN
China
Prior art keywords
file
packet
intended application
group
content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611075393.8A
Other languages
Chinese (zh)
Other versions
CN106533836B (en
Inventor
陈露姹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201611075393.8A priority Critical patent/CN106533836B/en
Publication of CN106533836A publication Critical patent/CN106533836A/en
Application granted granted Critical
Publication of CN106533836B publication Critical patent/CN106533836B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method and apparatus for displaying data packet contents. The method is applied to a packet capture client, and the method comprises the following steps: grabbing a locally received and sent data packet, and recording protocol information of the data packet, wherein the protocol information comprises transmission layer protocol information and application layer protocol information; packing up the data packet into one or multiple groups of data packet sequences according to the transmission layer protocol information; analyzing the one or multiple groups of data packet sequences into one or multiple groups of files according to the application layer protocol information, wherein each group of files contain one or more files; and calling a corresponding application to display the contents of the files of each group of files according to the attributes of the files in each group of files. By application of the method and apparatus provided by the embodiment of the invention, the grabbed data packets are automatically trimmed, analyzed and stored as one or multiple groups of readable files through the packet capture client, and the packet capture client automatically displays the contents of the grabbed data packet, thereby improving the efficiency of displaying the contents of the data packet.

Description

A kind of method and device of display data bag content
Technical field
The application is related to communication technical field, the more particularly to method and device of display data bag content.
Background technology
In network communications, file waiting for transmission can be divided into multiple packets, each packet in transmitting procedure The partial content of this document and the address information of sender and recipients are included all, and along different paths at one or many Transmit in individual network, finally reconfigure in destination.A application can send and receive multigroup number during on-line running According to bag, when the data to applying are analyzed, it is necessary to the packet of the application transmitting-receiving is first captured using packet catcher, then Packet is screened according to different analysis demands.Packet is screened when needing according to the content of packet When, it is necessary to the content of display data bag.
In prior art, the displaying of packet content needs screening personnel that manual classification, sequence reconciliation are carried out to packet Analysis, then will parse content both and saves as readable documents, and finally calling corresponding program to open again manually should Readable documents are with the content of display data bag.It can be seen that, it is less efficient during prior art display data bag content.
The content of the invention
The embodiment of the present invention provides the method and device of display data bag content, for solving prior art display data bag Less efficient problem during content.
First aspect according to embodiments of the present invention, there is provided a kind of method of display data bag content, methods described application In packet capturing client, methods described includes:
Capture the packet of local transceiver and record the protocol information of the packet, the protocol information includes transport layer Protocol information and application layer protocol information;
The packet is arranged as one or more groups of sequence of data packet according to the transport layer protocol information;
One or more groups of sequence of data packet are resolved to by one or more groups of files according to the application layer protocol information, Wherein described every group of file includes one or more files;
According to the attribute of each file in every group of file, corresponding application is called to show each file in every group of file Content.
Second aspect according to embodiments of the present invention, there is provided a kind of device of display data bag content, described device application In packet capturing client, described device includes:
Placement unit, for capturing the packet of local transceiver and recording the protocol information of the packet, the agreement Information includes transport layer protocol information and application layer protocol information;
Unit is arranged, for the packet being arranged for one or more groups of packets according to the transport layer protocol information Sequence;
Resolution unit, for one or more groups of sequence of data packet are resolved to one according to the application layer protocol information Group or multigroup file, wherein every group of file includes one or more files;
Display unit, for the attribute according to each file in every group of file, calls corresponding application to show described every The content of each file in group file.
From above technical scheme, the embodiment of the present invention after packet is grabbed, automatically according to the agreement of packet Packet is arranged, parses and save as one or more groups of files by information, and is called according to the attribute of each file in every group of file Corresponding application shows file content, realizes automatic Display of the packet capturing client to the content of captured packet, improves The efficiency of display data bag content.
Description of the drawings
Application scenarios schematic diagrams of the Fig. 1 for the method for embodiment of the present invention display data bag content;
Fig. 2 is one embodiment flow chart of the method for display data bag content of the present invention;
Fig. 3 is another embodiment flow chart of the method for display data bag content of the present invention;
Fig. 4 is a kind of hardware structure diagram of the device place equipment of display data bag content of the present invention;
Fig. 5 is one embodiment block diagram of the device of display data bag content of the present invention.
Specific embodiment
In order that those skilled in the art are better understood from the technical scheme in the embodiment of the present invention, and make of the invention real Apply the above-mentioned purpose of example, feature and advantage can become apparent from it is understandable, below in conjunction with the accompanying drawings to the technology in the embodiment of the present invention Scheme is described in further detail.
Application scenarios schematic diagrams of the Fig. 1 for the method for embodiment of the present invention display data bag content.
As shown in figure 1, the application scenarios include the user equipment that internet is connected, wherein, shown user equipment includes Equipment network interface card and the packet capturing client on equipment, shown user equipment can run N number of process simultaneously and by setting Standby network interface card carries out data interaction with internet.Shown packet capturing client is connected with the network interface card of user equipment, can be captured user and be set The standby packet interacted with internet.It should be noted that packet capturing client can be installed on a user device as shown in Figure 1, Can also install on miscellaneous equipment independently of user equipment.
By taking the displaying of the packet content received and dispatched to user equipment shown in Fig. 1 as an example, in prior art, technology people is needed Member carries out manual classification, sequence to the packet of shown N number of process transmitting-receiving in packet capturing client and parses, and then will parse content Both simultaneously saves as readable documents, finally calls corresponding program to open the readable documents with display data again manually The content of bag.It can be seen that, it is less efficient during prior art display data bag content.
In embodiments of the present invention, packet capturing client is after packet is grabbed, automatically according to the protocol information of packet Packet is arranged, one or more groups of files are parsed and save as, and correspondence is called according to the attribute of each file in every group of file Application show file content, realize automatic Display of the packet capturing client to the content of captured packet, improve displaying The efficiency of packet content.
With reference to the application scenarios shown in Fig. 1, the embodiment of the present invention is described in detail.
Referring to Fig. 2, Fig. 2 is one embodiment flow chart of the method for display data bag content of the present invention, and the embodiment should For packet capturing client, comprise the following steps:
Step 201:Capture the packet of local transceiver and record the protocol information of the packet, the protocol information bag Include transport layer protocol information and application layer protocol information.
In an optional example, above-mentioned transport layer protocol can include TCP/IP (Transmission Control Protocol/Internet Protocol, transmission control protocol/Internet Protocol) and UDP (User Datagram Protocol, UDP);Above-mentioned application layer protocol can include HTTP (Hyper Text Transfer Protocol, HTTP), SMTP (Simple Mail Transfer Protocol, simple mail transmission association View), POP3 (Post Office Protocol-Version 3, Post Office Protocol,Version 3), FTP (File Transfer Protocol, FTP).
In another optional example, the packet for capturing can be filtered when packet is captured.Specifically, The filtration can include that capture is filtered and shown and filter.Wherein, the quantity that can be used to controlling crawl data is filtered in capture, can With according to default condition, such as:Protocol type, IP address and port numbers, capture to packet.Show filter, be According to default screening conditions in the packet kind for having captured, such as:Protocol type, IP address and port numbers, enter to packet Row screening, so that the packet required for user quickly and accurately finds.
In another optional example, packet capturing client can orient the local intended application transmitting-receiving to be analyzed of crawl Packet simultaneously records the protocol information of the packet.Specifically, comprise the following steps:Obtain what local system was currently running Using the corresponding relation with port;The corresponding target port of intended application is searched according to application and the corresponding relation of port;Crawl The protocol information of the packet record data bag of local target port transmitting-receiving.
Step 202:The packet is arranged as one or more groups of sequence of data packet according to the transport layer protocol information.
In an optional example, packet can be arranged as one according to protocol type, IP address and port numbers Group or multi-group data packet sequence.
Step 203:According to the application layer protocol information by one or more groups of sequence of data packet resolve to one group or Multigroup file, wherein every group of file includes one or more files.
In an optional example, the resolving in this step includes:According to the application layer of every group of sequence of data packet Protocol information, such as HTTP, SMTP, POP3, FTP, search in every group of sequence of data packet and rise comprising the application layer protocol file The packet and the packet comprising the corresponding end of identification of the origin identification of the mark that begins;Extract above-mentioned origin identification and terminate mark These file contents are simultaneously saved as readable documents by file content between knowledge in each packet;If deposited in sequence of data packet In multiple origin identifications and end of identification corresponding with the origin identification, then extract successively between each origin identification and end of identification File content and save as readable documents, finally obtain multiple readable documents, record the file sequential in every group of file.
Step 204:According to the attribute of each file in every group of file, corresponding application is called to show every group of file The content of interior each file.
In an optional example, if the multiple files of file group bag parsed in step 203 and have recorded the text File sequential in part group, then call corresponding application to show the file in this document group according to this document sequential successively.
In another optional example, if packet capturing client is the local intended application transmitting-receiving to be analyzed of orientation crawl Packet, then can first preserve the proprietary protocol of the intended application, then call the intended application to show that the intended application is received When sending out packet described, intended application is with the file content in the interaction and interaction of user.Specifically, the displaying Process is comprised the steps of:
The content of each file in the file sequential in proprietary protocol, every group of file and every group of file according to intended application The anti-operational order and instruction sequencing for pushing away user when intended application receives and dispatches the packet;Open the intended application, according to The content of each file in the operational order at family, instruction sequencing and every group of file, at the interface of intended application, shows intended application When receiving and dispatching the packet, intended application is with the file content in the interaction and interaction of user.
From above example, packet capturing client after packet is grabbed, automatically according to the protocol information of packet Packet is arranged, one or more groups of files are parsed and save as, and correspondence is called according to the attribute of each file in every group of file Application show file content, realize automatic Display of the packet capturing client to the content of captured packet, improve displaying The efficiency of packet content.
Referring to Fig. 3, Fig. 3 is another embodiment flow chart of the method for display data bag content of the present invention.The embodiment The Dynamic Display of packet content is described in detail from packet capturing client-side, has been comprised the following steps:
Step 301:Monitor the port called by local intended application to be analyzed.
In an optional mode, can be by TDI (Transport Driver Interface, transmission driving journey Sequence interface) interface that provided gets the port called by intended application to be analyzed.
In another optional mode, can pass through to run the order line program of Microsoft's Windows systems, perform " netstat-ano " and " tasklist " is ordered, and gets the port called by intended application to be analyzed.
Step 302:If listening to the invoked port transceiving data bag, the called port transmitting-receiving is captured Packet and record the protocol information of the packet.
In an optional mode, the protocol information includes transport layer protocol and application layer protocol, wherein, transport layer Agreement can include TCP/IP and UDP;Application layer protocol can include HTTP, SMTP, POP3, FTP.
Step 303:Above-mentioned packet is arranged as one or more groups of sequence of data packet according to above-mentioned transport layer protocol information.
In an optional mode, can be respectively according to local port number, Target IP and destination port number to data Bag carries out preliminary finish, then packet is arranged again according to different agreements.For example, local port number can be by we 56294th, the packet preliminary finish that Target IP is 202.108.23.113, destination port number is 5287 is a sequence of data packet, Then the packet again by protocol type in the sequence of data packet for UDP and TCP is arranged respectively as a sequence of data packet.
Step 304:According to above-mentioned application layer protocol information by above-mentioned one or more groups of sequence of data packet resolve to one group or Multigroup file, wherein every group of file includes one or more files, and records the file sequential in above-mentioned every group of file.
Resolving in this step is identical with the resolving in step 203, will not be described here.
Step 305:Preserve the proprietary protocol of above-mentioned intended application.
Step 306:The file sequential in proprietary protocol, above-mentioned every group of file according to above-mentioned intended application and above-mentioned every In group file, the content of each file is counter pushes to the operational order and instruction sequencing for stating user when intended application receives and dispatches the packet.
In an optional mode, the above-mentioned anti-journey that pushes through may comprise steps of:According to the privately owned association of intended application View arranges the corresponding relation of operational order and file;The one or more groups of files for obtaining parsed in transferring step 305, according to upper The corresponding relation of operational order and file is stated, the corresponding operation of one or more files included in above-mentioned every group of file is searched Instruction;It is ranked up according to the ordered pair above-mentioned operational order for finding during file in every group of file, obtains the operational order Instruction sequencing.
Step 307:Above-mentioned intended application is opened, operational order, instruction sequencing according to above-mentioned user and above-mentioned per group The content of each file in file, at the interface of above-mentioned intended application, target when showing that above-mentioned intended application receives and dispatches above-mentioned packet Using the file content in the interaction and interaction of same user.
From above example, on the one hand, the embodiment after packet capturing client grabs packet, automatically according to number Packet is arranged, parses and save as one or more groups of files according to the protocol information of bag, and according to each file in every group of file Attribute call corresponding application to show file content, realize automatic exhibition of the packet capturing client to the content of captured packet Show, improve the efficiency of display data bag content.On the other hand, the embodiment is by obtaining what local system was currently running Using the corresponding relation with port, the destination port number corresponding to intended application to be analyzed is searched, is realized to intended application Orientation packet capturing, improve the efficiency of packet capturing;Another further aspect, proprietary protocol of the embodiment by preservation intended application, is arranged Operational order and the corresponding relation of file content, realize operational order and instruction to user during intended application transceiving data bag The counter of sequential pushes away, and then interaction and interaction of the intended application with user when illustrating intended application transceiving data bag In file content, realize user to analyzing the quick understanding of whole application interaction process and to the accurately fixed of file content Position and analysis.
The embodiment of the present invention is illustrated below by a specific application example, the application example shows with reference to Fig. 1 The application scenarios for going out are described, where it is assumed that user A have accessed website www.xxxxx.com by browser A and download Picture XX.jpg.We want to capture the packet of operation generations of the user A on browser A by packet catcher and show now The file content produced in the operating process and operating process of user A.Displaying process is as follows:
The proprietary protocol of browser A is obtained, the operational order for preserving browser A is corresponding with file produced by browser A Relation, the file are the file that the operational order of browser A is produced in the process of implementation.
Open during browser A accesses www.xxxxx.com and downloaded picture XX.jpg in user, packet capturing client The interface that end can be provided by TDI gets the port called by each process of intended application to be analyzed.
As shown in table 1:
Process Agreement Local IP Local port Target IP Target port
BrowserA.exe TCP 192.168.1.96 51739 119.75.222.23 80
BrowserA.exe TCP 192.168.1.96 51754 119.75.217.109 443
BrowserA.exe TCP 192.168.1.96 49618 220.181.76.37 80
BrowserA.exe TCP 192.168.1.96 51912 61.135.186.152 80
BrowserA.exe TCP 192.168.1.96 51897 180.97.158.124 80
Wherein, the IP of website www.xxxxx.com is 119.75.222.23 and 119.75.217.109, and we use Packet catcher captures the packet of the 51754 ports transmitting-receiving that local port number is 51739 respectively;The packet of crawl is pressed into TCP Agreement is arranged, and obtains 51739 corresponding TCP flow (sequence of data packet _ 1) of port numbers and 51754 corresponding TCP of port numbers Stream (sequence of data packet _ 2);The two groups of sequence of data packet for obtaining are resolved to into two groups of files, wherein parsing in sequence of data packet _ 1 Obtain XX.jpg;The file recorded in every group of file produces sequential.Wherein, by taking sequence of data packet _ 1 as an example, its resolving can Think:
Identified in sequence of data packet _ 1 locating file origin identification and the end of file according to Http agreements respectively, according to file Origin identification and end of file mark are segmented to sequence of data packet _ 1, obtain some data segments, wherein each data segment bag Containing some packets;Extract the data message of packet encapsulation in each data segment and the data message of extraction is saved as into one Readable documents;Record the sequential that each readable documents is produced.
Sequential is produced according to the file in the two groups of files and every group of file obtained in above-mentioned resolving, is searched above-mentioned The operational order of browser A and the corresponding relation of file produced by browser A, obtain the behaviour produced during user operation browser A Instruct and instruction sequencing.
Browser A is called, in the user interface of browser A, according to above-mentioned instruction sequencing, aforesaid operations is repeated and is referred to Order, and exhibiting pictures XX.jpg.
It is corresponding with the embodiment of the method for aforementioned display data bag content, present invention also provides display data bag content Device embodiment.
The embodiment of the device of the application display data bag content can be applied in packet capturing client.Device embodiment can To be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one Device on logical meaning, is referred to corresponding computer program in nonvolatile memory by the processor of its place equipment Order runs what is formed in reading internal memory.From for hardware view, as shown in figure 4, for the dress of the application display data bag content A kind of hardware structure diagram of place equipment is put, except the processor shown in Fig. 4, internal memory, network interface and non-volatile memories Outside device, actual functional capability of the equipment that device is located in embodiment generally according to the equipment can also include other hardware, to this Repeat no more.
Fig. 5 is refer to, is one embodiment block diagram of the device of display data bag content of the present invention, described device is applied to Packet capturing client, described device include:Placement unit 510, arranges unit 520, resolution unit 530, display unit 540.
Wherein, placement unit 510, for capturing the packet of local transceiver and recording the protocol information of the packet, The protocol information includes transport layer protocol information and application layer protocol information;
Unit 520 is arranged, for the packet being arranged for one or more groups of numbers according to the transport layer protocol information According to packet sequence;
Resolution unit 530, for being parsed one or more groups of sequence of data packet according to the application layer protocol information For one or more groups of files, wherein every group of file includes one or more files;
Display unit 540, for the attribute according to each file in every group of file, calls corresponding application to show described The content of each file in every group of file.
From above example, packet capturing client after packet is grabbed, automatically according to the protocol information of packet Packet is arranged, one or more groups of files are parsed and save as, and correspondence is called according to the attribute of each file in every group of file Application show file content, realize automatic Display of the packet capturing client to the content of captured packet, improve displaying The efficiency of packet content.
In an optional example, the placement unit 510 specifically for:
The local intended application to be analyzed packet received and dispatched of crawl the protocol information for recording the packet;
The display unit 540, specifically for calling the intended application to show in every group of file in each file Hold.
In another optional example, the placement unit 510 includes (not shown in Fig. 5):Port snoop subelement, Port captures subelement.
Wherein, port snoop subelement, for monitoring the port called by local intended application to be analyzed;
Port captures subelement, if listening to the invoked port for the port snoop subelement receives and dispatches number According to bag, then capture the packet of the called port transmitting-receiving and record the protocol information of the packet.
In another optional example, described device is also included (not shown in Fig. 5):File sequential recording unit, it is private There is agreement storage unit.
Wherein, file sequential recording unit, for resolving to one or more groups of sequence of data packet in resolution unit After one or more groups of files, the file sequential in every group of file is recorded;
Proprietary protocol storage unit, for calling the intended application to show every group of file Nei Gewen in display unit Before the content of part, the proprietary protocol of the intended application is preserved;
The display unit, specifically for opening the intended application, and the proprietary protocol according to the intended application, institute The content of each file in the file sequential and every group of file in every group of file is stated, in the interface of the intended application, exhibition When showing that the intended application receives and dispatches the packet, intended application is with the file in the interaction and interaction of user Hold.
In another optional example, the display unit 540 includes (not shown in Fig. 5):Anti- hairclipper unit is instructed, Interactive display subelement.
Wherein, anti-hairclipper unit is instructed, for the text in the proprietary protocol according to the intended application, every group of file The anti-behaviour for pushing away user when the intended application receives and dispatches the packet of the content of each file in part sequential and every group of file Instruct and instruction sequencing;
Interactive display subelement, in the operational order according to the user, instruction sequencing and every group of file The content of each file, at the interface of the intended application, when showing that the intended application receives and dispatches the packet, intended application is same File content in the interaction and interaction of user.
From above example, on the one hand, the embodiment after packet capturing client grabs packet, automatically according to number Packet is arranged, parses and save as one or more groups of files according to the protocol information of bag, and according to each file in every group of file Attribute call corresponding application to show file content, realize automatic exhibition of the packet capturing client to the content of captured packet Show, improve the efficiency of display data bag content.On the other hand, the embodiment is by obtaining what local system was currently running Using the corresponding relation with port, the destination port number corresponding to intended application to be analyzed is searched, is realized to intended application Orientation packet capturing, improve the efficiency of packet capturing;Another further aspect, proprietary protocol of the embodiment by preservation intended application, is arranged Operational order and the corresponding relation of file content, realize operational order and instruction to user during intended application transceiving data bag The counter of sequential pushes away, and then interaction and interaction of the intended application with user when illustrating intended application transceiving data bag In file content, realize user to analyzing the quick understanding of whole application interaction process and to the accurately fixed of file content Position and analysis.
In said apparatus, the function of unit and effect realizes that process specifically refers to correspondence step in said method Process is realized, be will not be described here.
For device embodiment, as which corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.Device embodiment described above is only schematic, wherein described as separating component The unit of explanation can be or may not be physically separate, as the part that unit shows can be or can also It is not physical location, you can local to be located at one, or can also be distributed on multiple NEs.Can be according to reality Need to select some or all of module therein to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein Its embodiment.The application is intended to any modification of the present invention, purposes or adaptations, these modifications, purposes or Person's adaptations follow the general principle of the present invention and including the undocumented common knowledge in the art of the present invention Or conventional techniques.Description and embodiments are considered only as exemplary, and true scope and spirit of the invention are by following Claim is pointed out.
The preferred embodiment of the application is the foregoing is only, not to limit the application, all essences in the application Within god and principle, any modification, equivalent substitution and improvements done etc. are should be included within the scope of the application protection.

Claims (10)

1. a kind of method of display data bag content, it is characterised in that methods described is applied to packet capturing client, methods described bag Include:
Capture the packet of local transceiver and record the protocol information of the packet, the protocol information includes transport layer protocol Information and application layer protocol information;
The packet is arranged as one or more groups of sequence of data packet according to the transport layer protocol information;
One or more groups of sequence of data packet are resolved to by one or more groups of files according to the application layer protocol information, wherein Every group of file includes one or more files;
According to the attribute of each file in every group of file, corresponding application is called to show the interior of each file in every group of file Hold.
2. method according to claim 1, it is characterised in that the packet of the crawl local transceiver simultaneously records the number According to bag protocol information, including:
The local intended application to be analyzed packet received and dispatched of crawl the protocol information for recording the packet;
The attribute according to each file in every group of file, calls corresponding application to show each file in every group of file Content, including:
The intended application is called to show the content of each file in every group of file.
3. method according to claim 2, it is characterised in that the number of the local intended application transmitting-receiving to be analyzed of the crawl According to the protocol information for wrapping and recording the packet, including:
Monitor the port called by local intended application to be analyzed;
If listening to the invoked port transceiving data bag, capture the packet of the called port transmitting-receiving and remember Record the protocol information of the packet.
4. method according to claim 2, it is characterised in that also include:
After one or more groups of sequence of data packet are resolved to one or more groups of files, the text in every group of file is recorded Part sequential;
The intended application is being called to show in every group of file before the content of each file, the private of the preservation intended application There is agreement;
It is described to call the intended application to show the file content in every group of file, including:
Open file sequential in the intended application, and the proprietary protocol according to the intended application, every group of file with And in every group of file each file content, at the interface of the intended application, show that the intended application receives and dispatches the number According to the file content in interaction and interaction of the intended application with user during bag.
5. method according to claim 4, it is characterised in that the displaying process bag at the interface in the intended application Include:
The file sequential in proprietary protocol, every group of file and every group of file Nei Gewen according to the intended application The anti-operational order and instruction sequencing for pushing away user when the intended application receives and dispatches the packet of the content of part;
The content of each file in operational order, instruction sequencing and every group of file according to the user, in the target Using interface, when showing that the intended application receives and dispatches the packet intended application with user interaction and interacted File content in journey.
6. a kind of device of display data bag content, it is characterised in that described device is applied to packet capturing client, described device bag Include:
Placement unit, for capturing the packet of local transceiver and recording the protocol information of the packet, the protocol information Including transport layer protocol information and application layer protocol information;
Unit is arranged, for the packet being arranged for one or more groups of data packet sequences according to the transport layer protocol information Row;
Resolution unit, for according to the application layer protocol information by one or more groups of sequence of data packet resolve to one group or Multigroup file, wherein every group of file includes one or more files;
Display unit, for the attribute according to each file in every group of file, call corresponding application show described per group it is literary The content of each file in part.
7. device according to claim 6, it is characterised in that the placement unit is additionally operable to:
The local intended application to be analyzed packet received and dispatched of crawl the protocol information for recording the packet;
The display unit, specifically for calling the intended application to show the content of each file in every group of file.
8. device according to claim 7, it is characterised in that the placement unit, including:
Port snoop subelement, for monitoring the port called by local intended application to be analyzed;
Port captures subelement, if listening to the invoked port transceiving data for the port snoop subelement Bag, then capture the packet of the called port transmitting-receiving and record the protocol information of the packet.
9. device according to claim 7, it is characterised in that also include:
File sequential recording unit, it is one or more groups of for resolving to one or more groups of sequence of data packet in resolution unit After file, the file sequential in every group of file is recorded;
Proprietary protocol storage unit, for calling the intended application to show each file in every group of file in display unit Before content, the proprietary protocol of the intended application is preserved;
The display unit, it is specifically for opening the intended application and the proprietary protocol according to the intended application, described every In file sequential and every group of file in group file, the content of each file, at the interface of the intended application, shows institute When stating the intended application transmitting-receiving packet, intended application is with the file content in the interaction and interaction of user.
10. device according to claim 9, it is characterised in that the display unit, including:
Instruct anti-hairclipper unit, for the file sequential in the proprietary protocol according to the intended application, every group of file with And in every group of file each file content it is counter push away when the intended application receives and dispatches the packet operational order of user and Instruction sequencing;
Interactive display subelement, for the operational order according to the user, instruction sequencing and every group of file Nei Gewen The content of part, at the interface of the intended application, intended application same user when showing that the intended application receives and dispatches the packet Interaction and interaction in file content.
CN201611075393.8A 2016-11-29 2016-11-29 A kind of method and device of display data packet content Active CN106533836B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611075393.8A CN106533836B (en) 2016-11-29 2016-11-29 A kind of method and device of display data packet content

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611075393.8A CN106533836B (en) 2016-11-29 2016-11-29 A kind of method and device of display data packet content

Publications (2)

Publication Number Publication Date
CN106533836A true CN106533836A (en) 2017-03-22
CN106533836B CN106533836B (en) 2019-09-06

Family

ID=58354055

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611075393.8A Active CN106533836B (en) 2016-11-29 2016-11-29 A kind of method and device of display data packet content

Country Status (1)

Country Link
CN (1) CN106533836B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110662244A (en) * 2019-10-08 2020-01-07 北京城市网邻信息技术有限公司 Data packet display method and mobile terminal
CN112688924A (en) * 2020-12-15 2021-04-20 中国海洋大学 Network protocol analysis system
CN113542264A (en) * 2021-07-13 2021-10-22 杭州安恒信息技术股份有限公司 File transmission control method, device, equipment and readable storage medium
CN115334178A (en) * 2022-07-08 2022-11-11 北京天融信网络安全技术有限公司 Application layer data analysis method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070050846A1 (en) * 2005-08-30 2007-03-01 Fortinet, Inc. Logging method, system, and device with analytical capabilities for the network traffic
CN102045391A (en) * 2010-12-09 2011-05-04 向心力信息技术股份有限公司 Information push method
CN103067218A (en) * 2012-12-14 2013-04-24 华中科技大学 High speed network data package content analysis device
CN104537040A (en) * 2014-12-23 2015-04-22 小米科技有限责任公司 Method and device for capturing webpage content and electronic device
CN105245407A (en) * 2015-10-30 2016-01-13 盐城工学院 Network sniffer based on socket and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070050846A1 (en) * 2005-08-30 2007-03-01 Fortinet, Inc. Logging method, system, and device with analytical capabilities for the network traffic
CN102045391A (en) * 2010-12-09 2011-05-04 向心力信息技术股份有限公司 Information push method
CN103067218A (en) * 2012-12-14 2013-04-24 华中科技大学 High speed network data package content analysis device
CN104537040A (en) * 2014-12-23 2015-04-22 小米科技有限责任公司 Method and device for capturing webpage content and electronic device
CN105245407A (en) * 2015-10-30 2016-01-13 盐城工学院 Network sniffer based on socket and method thereof

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110662244A (en) * 2019-10-08 2020-01-07 北京城市网邻信息技术有限公司 Data packet display method and mobile terminal
CN110662244B (en) * 2019-10-08 2021-04-13 北京城市网邻信息技术有限公司 Data packet display method and device and readable storage medium
CN112688924A (en) * 2020-12-15 2021-04-20 中国海洋大学 Network protocol analysis system
CN113542264A (en) * 2021-07-13 2021-10-22 杭州安恒信息技术股份有限公司 File transmission control method, device, equipment and readable storage medium
CN113542264B (en) * 2021-07-13 2022-08-26 杭州安恒信息技术股份有限公司 File transmission control method, device and equipment and readable storage medium
CN115334178A (en) * 2022-07-08 2022-11-11 北京天融信网络安全技术有限公司 Application layer data analysis method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN106533836B (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN106533836A (en) Method and apparatus for displaying data packet contents
CN108363662A (en) A kind of applied program testing method, storage medium and terminal device
CN111164939B (en) Specifying and utilizing paths through a network
US11522835B2 (en) Context based firewall service for agentless machines
CN103916294B (en) The recognition methods of protocol type and device
US11290527B2 (en) Automatic tagging of cloud resources for implementing security policies
US20160028597A1 (en) Real-time adaptive processing of network data packets for analysis
US20090323536A1 (en) Method, device and system for network interception
US9674316B2 (en) Methods and systems for identifying data sessions at a VPN gateway
US20110125748A1 (en) Method and Apparatus for Real Time Identification and Recording of Artifacts
US10893006B2 (en) System and method for implementing virtual platform media access control (MAC) address-based layer 3 network switching
CN104320378B (en) Intercept the method and system of web data
CN102761534A (en) Method and device for realizing transparent proxy of media access control layer
CN106302445A (en) For the method and apparatus processing request
EP3364627A1 (en) Adaptive session intelligence extender
CN108462615A (en) A kind of network user's group technology and device
CN102420837A (en) NDIS (Network Driver Interface Standard)-based method and system
CN103560933B (en) Method, device and system for displayer-free image intercepting or/and recording
JP6783501B2 (en) Information transmission system, information communication device, information transmission device, and program
US8918098B2 (en) Device for intercepting and analyzing traffic for a terminal
US20010027466A1 (en) Electronic mail transfer device and system, electronic mail transfer method
CN105991353A (en) Fault location method and device
CN105959248B (en) The method and device of message access control
CN106506400A (en) A kind of data stream recognition method and outlet device
CN118200898A (en) Dynamic device identification generation method, device, equipment and computer storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant