CN108173843A - A kind of method that industry control information displaying and data packet are excavated - Google Patents
A kind of method that industry control information displaying and data packet are excavated Download PDFInfo
- Publication number
- CN108173843A CN108173843A CN201711437426.3A CN201711437426A CN108173843A CN 108173843 A CN108173843 A CN 108173843A CN 201711437426 A CN201711437426 A CN 201711437426A CN 108173843 A CN108173843 A CN 108173843A
- Authority
- CN
- China
- Prior art keywords
- data
- data packet
- industry control
- module
- excavated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000004458 analytical method Methods 0.000 claims abstract description 43
- 238000004891 communication Methods 0.000 abstract description 8
- 230000002457 bidirectional effect Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000009412 basement excavation Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
- G05B19/4186—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication by protocol, e.g. MAP, TOP
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of method that the present invention provides industry control information displaying and data packet is excavated, this method includes data resolution module, finish message display module and data packet and excavates module, the data resolution module carries out deep analysis to industry control network data message, and it exports analysis result and arranges display module to described information, described information arranges display module and analysis result is shown by the form of list, and the data packet excavates module and navigates to raw data packets according to analysis result.Present invention employs resolve packets to information, information excavating is to the bidirectional technique channel of data packet, it can finally realize data packet --- the one-to-one displaying relationship between information, each communication data in intuitive analysis displaying industrial control system network completes the unified finishing analysis task of industrial control data.
Description
Technical field
The present invention relates to technical field of industrial control, are excavated more particularly, to a kind of displaying of industry control information and data packet
Method.
Background technology
Current industrial control system is with the development of computer technology, the communication technology and control technology, also gradually to network
Change direction to develop, and produce a variety of industrial economical development systems therewith.But due to the technology of Industry Control product supplier
Protective policy leads to the communications protocol to communicate between each product in current industrial control system diversification, privatization, can not be formed
One unified consensus standard, this has caused great difficulties industrial control system network data analysis.For more than industry control
Communications protocol privatization, diversified problem, the present invention will provide a kind of industrial control system protocol data parsing and solution
Analysis result is unified to arrange the technology for showing and excavating initial data.
Invention content
It is an object of the invention to:In view of the problems of the existing technology, a kind of industry control information displaying and data are provided
The method excavated is wrapped, each communication data in displaying industrial control system network can be intuitively analyzed, complete industrial control data
Unified finishing analysis task.
The goal of the invention of the present invention is achieved through the following technical solutions:
A kind of method that industry control information displaying and data packet are excavated, which is characterized in that this method includes data and parses mould
Block, finish message display module and data packet excavate module, and the data resolution module carries out industry control network data message deep
Degree parsing, and export analysis result and arrange display module to described information, described information arranges shape of the display module by list
Formula is shown analysis result, and the data packet excavates module and navigates to raw data packets according to analysis result.
As further technical solution, the data resolution module integrates a variety of industry control protocol analysis engines, to industry control
Network data message carries out deep analysis.
As further technical solution, described information arranges display module and packet parsing result is managed collectively,
And classification is arranged, analysis result is shown finally by the form of list.
As further technical solution, the data packet excavates module and the list of displaying is successively excavated, gradually
Increase and determine information content, while reduce data area, finally navigate to raw data packets completely.
Compared with prior art, present invention employs resolve packet to information, the two-way skills of information excavating to data packet
Art channel can finally realize data packet --- the one-to-one displaying relationship between information, intuitive analysis displaying industry control
Each communication data in grid processed completes the unified finishing analysis task of industrial control data.
Description of the drawings
Fig. 1 is the flow diagram of the present invention.
Specific embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.
Embodiment 1
A kind of method that the present invention provides industry control information displaying and data packet is excavated, as shown in Figure 1, it is a kind of support
Industrial control system procotol packet parsing technology and information displaying digging technology, this method include data resolution module,
Finish message display module and data packet excavate module.Data resolution module carries out deep analysis to industry control network data message,
And it exports analysis result and gives finish message display module;Finish message display module carries out analysis result by the form of list
Displaying;Data packet excavates module and navigates to raw data packets according to analysis result.
Embodiment 2
A kind of method that the present invention provides industry control information displaying and data packet is excavated, as shown in Figure 1, it is a kind of support
Industrial control system procotol packet parsing technology and information displaying digging technology, this method include data resolution module,
Finish message display module and data packet excavate module.Data resolution module integrates a variety of industry control protocol analysis engines, to industry control
Network data message carries out deep analysis, and exports analysis result and give finish message display module;Finish message display module leads to
The form for crossing list is shown analysis result;Data packet excavates module and navigates to raw data packets according to analysis result.
Embodiment 3
A kind of method that the present invention provides industry control information displaying and data packet is excavated, as shown in Figure 1, it is a kind of support
Industrial control system procotol packet parsing technology and information displaying digging technology, this method include data resolution module,
Finish message display module and data packet excavate module.Data resolution module integrates a variety of industry control protocol analysis engines, to industry control
Network data message carries out deep analysis, and exports analysis result and give finish message display module;Finish message display module pair
Packet parsing result is managed collectively, and arranges classification, and analysis result is shown finally by the form of list;Data
Packet excavates module and navigates to raw data packets according to analysis result.
Embodiment 4
A kind of method that the present invention provides industry control information displaying and data packet is excavated, as shown in Figure 1, it is a kind of support
Industrial control system procotol packet parsing technology and information displaying digging technology, this method include data resolution module,
Finish message display module and data packet excavate module.Data resolution module integrates a variety of industry control protocol analysis engines, to industry control
Network data message carries out deep analysis, and exports analysis result and give finish message display module;Finish message display module pair
Packet parsing result is managed collectively, and arranges classification, and analysis result is shown finally by the form of list;Data
Packet excavates module and the list of displaying is successively excavated, and gradually increases determining information content, while reduce data area, final complete
Navigate to raw data packets entirely.
Wherein, a variety of industry control protocol analysis engines that data resolution module is integrated are industry control network safety comprehensive detection platforms
Existing analytics engine, mainly according to consensus standard specification document illustrate, realize data packet bytes match and parsing and from
The meaning of each 16 binary data, the meaning have specific definition in consensus standard specification document, draw in dynamic parsing data packet
Hold up the process for only completing to parse automatically and the translation process to 16 binary datas.
List involved by this method include it is multiple, mainly in layer excavate, can be excavated from a table
To another table, form information has:Source IP, Target IP, source port, target port, communications protocol, industry control instruction, send
Relatively may mostly and according to different communications protocol there be different lists in time etc..
Entire " parsing-displaying-excavation " process is described with a specific example below:
System has been mounted in user network, and the data in user network will be acquired and parse reduction, by system
It will be shown in system home page after analysis, one of angle is IP address list, is there are one IP address in the list
12.12.12.12 statistics double-clicks all Target IPs for having interactive relation that will be seen that the IP after excavating, one of them is assumed to be
10.10.10.10;The 10.10.10.10 Target IPs are double-clicked, can continue to excavate all to what is communicated between the two IP address
Agreement statistical form, it is assumed that wherein have a data statistic of industry control agreement MODBUS, double-clicking MODBUS can continue to excavate to one
A industry control instruction statistics list --- MODBUS agreements have many instructions, each instruction represents a kind of operation;It " is read assuming that having
This instruction code of coil state 0x01 ";The instruction code is double-clicked, data the package list of all instruction codes can be excavated, double-clicks and closes
The data packet of the heart can check the details of the data packet.Here it is the processes entirely excavated, and the process is according to industry control agreement
Difference, possible level and corresponding list information are different.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, it is noted that all
All any modification, equivalent and improvement made within the spirit and principles in the present invention etc. should be included in the guarantor of the present invention
Within the scope of shield.
Claims (4)
1. the method that a kind of displaying of industry control information and data packet are excavated, which is characterized in that this method include data resolution module,
Finish message display module and data packet excavate module, and the data resolution module carries out depth solution to industry control network data message
Analysis, and export analysis result and arrange display module to described information, described information arranges form pair of the display module by list
Analysis result is shown, and the data packet excavates module and navigates to raw data packets according to analysis result.
2. the method that a kind of industry control information displaying according to claim 1 and data packet are excavated, which is characterized in that described
Data resolution module integrates a variety of industry control protocol analysis engines, and deep analysis is carried out to industry control network data message.
3. the method that a kind of industry control information displaying according to claim 1 and data packet are excavated, which is characterized in that described
Finish message display module is managed collectively packet parsing result, and arranges classification, finally by the form of list to solution
Analysis result is shown.
4. the method that a kind of industry control information displaying according to claim 1 and data packet are excavated, which is characterized in that described
Data packet excavates module and the list of displaying is successively excavated, and gradually increases determining information content, while reduce data area, most
Raw data packets are navigated to completely eventually.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711437426.3A CN108173843A (en) | 2017-12-26 | 2017-12-26 | A kind of method that industry control information displaying and data packet are excavated |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711437426.3A CN108173843A (en) | 2017-12-26 | 2017-12-26 | A kind of method that industry control information displaying and data packet are excavated |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108173843A true CN108173843A (en) | 2018-06-15 |
Family
ID=62521461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711437426.3A Withdrawn CN108173843A (en) | 2017-12-26 | 2017-12-26 | A kind of method that industry control information displaying and data packet are excavated |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173843A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108898586A (en) * | 2018-06-19 | 2018-11-27 | 歌尔股份有限公司 | Product test method and system, client terminal device, test of heuristics device |
| CN110445815A (en) * | 2019-09-20 | 2019-11-12 | 北京天地和兴科技有限公司 | A kind of industry control protocol depth analytic method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105208018A (en) * | 2015-09-09 | 2015-12-30 | 上海三零卫士信息安全有限公司 | Industrial control network information security monitoring method based on funnel type white list |
| CN106254316A (en) * | 2016-07-20 | 2016-12-21 | 北京工业大学 | A kind of industry control dystropy detecting system based on data dependence |
| CN106911529A (en) * | 2015-12-22 | 2017-06-30 | 国网青海省电力公司 | Power network industry control safety detecting system based on protocol analysis |
-
2017
- 2017-12-26 CN CN201711437426.3A patent/CN108173843A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105208018A (en) * | 2015-09-09 | 2015-12-30 | 上海三零卫士信息安全有限公司 | Industrial control network information security monitoring method based on funnel type white list |
| CN106911529A (en) * | 2015-12-22 | 2017-06-30 | 国网青海省电力公司 | Power network industry control safety detecting system based on protocol analysis |
| CN106254316A (en) * | 2016-07-20 | 2016-12-21 | 北京工业大学 | A kind of industry control dystropy detecting system based on data dependence |
Non-Patent Citations (2)
| Title |
|---|
| 来源:维实公司网站: "工控网络安全综合检测系统(ICS)", 《来源:维实公司网站,网址:HTTP://WELSOUL.CN/557/566/19》 * |
| 高凯 等: "一种网络数据包分析软件的开发与设计", 《电子世界》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108898586A (en) * | 2018-06-19 | 2018-11-27 | 歌尔股份有限公司 | Product test method and system, client terminal device, test of heuristics device |
| CN110445815A (en) * | 2019-09-20 | 2019-11-12 | 北京天地和兴科技有限公司 | A kind of industry control protocol depth analytic method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102306171B (en) | A kind of for providing network to access suggestion and the method and apparatus of web search suggestion | |
| CN109981617A (en) | A kind of internet of things equipment monitoring method, system and electronic equipment and storage medium | |
| CN102202093B (en) | A kind of method and system realizing transducer adaptation | |
| CN102377246A (en) | Graphic instantiation method based on IEC61850 fault analysis system | |
| CN109743293A (en) | The access method and network target range system, computer storage medium in network target range | |
| CN105677329A (en) | Controlling method and electronic device | |
| CN108173843A (en) | A kind of method that industry control information displaying and data packet are excavated | |
| CN108388372B (en) | Method, device and equipment for self-adapting touch data and storage medium | |
| CN112069176B (en) | Database design method, device and equipment of communication protocol and storage medium | |
| CN105681389A (en) | Identification method and device based on different function communication streams of Skype | |
| CN102866967B (en) | I 2c device management method and complex programmable logic device (CPLD) | |
| CN110147397A (en) | System docking method, apparatus, management system and terminal device, storage medium | |
| CN105183572A (en) | Method and device for configuration of electric power communication protocols | |
| WO2008092805A3 (en) | Network component, method for the operation of such a network component, automation system comprising such a network component, method for transmitting data in an automation system by means of such a network component, and corresponding computer program and computer program product | |
| CN107579976A (en) | The method and device of self-defined detection website sensitive information | |
| US11656608B2 (en) | Rule-based communicating of equipment data from an industrial system to an analysis system using uni-directional interfaces | |
| CN105718429B (en) | The method and device of inspection report generation | |
| CN106293434A (en) | The multi-point gesture identification method of vehicular touch screen terminal and device | |
| WO2015179274A1 (en) | Systems and methods for programming behavior of a website to respond to capabilities of different devices | |
| CN105607909B (en) | Method and system for improving list development efficiency on basis of MVC frame | |
| CN111315026B (en) | Channel selection method, device, gateway and computer readable storage medium | |
| CN102857375A (en) | Method for managing and explaining communication protocols | |
| CN105959305A (en) | Substation communication protocol conversion system | |
| CN104753934A (en) | Method for separating known protocol multi-communication-parties data stream into point-to-point data stream | |
| CN104750927B (en) | A kind of patterned optic fiber distribution relation methods of exhibiting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180615 |
|
| WW01 | Invention patent application withdrawn after publication |