CN110012471A - A kind of wireless network data Packet analyzing method based on pseudo- hot spot - Google Patents
A kind of wireless network data Packet analyzing method based on pseudo- hot spot Download PDFInfo
- Publication number
- CN110012471A CN110012471A CN201910161365.5A CN201910161365A CN110012471A CN 110012471 A CN110012471 A CN 110012471A CN 201910161365 A CN201910161365 A CN 201910161365A CN 110012471 A CN110012471 A CN 110012471A
- Authority
- CN
- China
- Prior art keywords
- network
- data packet
- packet
- pseudo
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Abstract
The wireless network data Packet analyzing method based on pseudo- hot spot that the invention discloses a kind of, resolve packet method detailed process disclosed in this invention is, Intranet, and selected target attacking network are scanned first with scanning tools, pseudo- hot spot is established according to target network parameter;During client is connect with target network, hash packet is sent using the tool of interception, intercepts the connection of client and target network, and client is inveigled to be connected to pseudo- hot spot;When client is connected to pseudo- hot spot, wireless cipher is inputted in client user cheating, and be decrypted using the password that airdecap component inputs user, the APMB package after obtaining one group of decryption;The content of packet analysis software display packet is finally called, and abnormal traffic behavior is further analyzed according to the content of display packet.The beneficial effects of the practice of the present invention is on the one hand the method disclosed in the present can save and carry out collating sort to the data of crawl;On the other hand abnormal flow parsing can be carried out for unknown network.
Description
Technical field
The present invention relates to network communication technology fields, and more particularly, it relate to wirelessly face the packet capturing in frame field to crack survey
Examination.
Background technique
With the fast development of Internet technology, wireless WIFI has become a part inseparable in people's life.
Due to the opening of wireless network, safety problem therein is also increasingly apparent.Therefore, in order to tracking in local area network in real time
Various flows, detect abnormal traffic behavior, the present invention devises a kind of wireless flow analytic modell analytical model of combination puppet hot spot.
While current most common flow analysis method is the connection by attack client and network, crawl eats dishes without rice or wine to wrap,
And after the packet that will eat dishes without rice or wine preserves, then the content in packet of eating dishes without rice or wine is parsed one by one.However, this method have the defects that it is certain,
When being that on the one hand unknown network can not be obtained again wireless cipher, the difficulty that crawl eats dishes without rice or wine to wrap is greatly promoted, another
Aspect WIFI itself has certain packet loss, and network interface card must be with target hot spot same when packet catcher packet capturing
Channel, therefore the success rate of packet capturing is not high.In view of the above problems, we have proposed a kind of higher wireless network datas of success rate
Packet analyzing method: establishing a pseudo- hot spot, and when client is connected to pseudo- hot spot, wireless close in the input of client user cheating
Code, and be decrypted using the password that airdecap component inputs user, the data APMB package after obtaining one group of decryption;Finally
The content for calling packet analysis software display packet, is compared other normal data packets are dissolved in display packet, further really
Determine the abnormal flow behavior of user.
Ordinary user is when connecting local area network using the mobile device of oneself, if access fishing website or downloading have
The software of wooden horse may then reveal personal information or even be extorted;The network equipment of enterprise-level is by abnormal malice
Load fully loaded even paralysis can be reached when flow attacking, cause huge economic loss;The illegal tissue such as many multiple level marketings is often poly-
Crowd carries out illegal activity in secret place, and since lawbreaker has high precaution, public security organ is difficult to recognize in it
Portion's specifying information, causes investigation to be made slow progress.In the method using wireless network data Packet analyzing provided by the invention, have
It can be in the type for detecting abnormal flow from the background, and to a large amount of conducive to user, investigator or enterprise network management personnel
Data be sampled parsing, trace attack source, and then adjust host defence.
Summary of the invention
The technical problem to be solved in the present invention is that for the prior art for unknown network can not obtain wireless cipher and
The not high defect of packet capturing success rate provides a kind of wireless network data Packet analyzing method.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of wireless network number based on pseudo- hot spot
According to Packet analyzing method, comprising the following steps:
S1, in the machine, read the device parameter of the machine;It creates data packet and stores file, and establish directory index;
S2, using scanning tools, scan the network environment of surrounding, and the network parameter that real-time display and writing scan are arrived;
S3, the network parameter obtained according to step S2 select target of attack network;
S4, the target of attack network selected according to step S3, in the network parameter mistake for judging the target of attack network
In the case of, return step S3 reselects target of attack;In the case of other, according to the network parameter of the target of attack network of record
Pseudo- hot spot is established, and executes step S5;
S5, under the scanning mode of scanning tools, in the machine simultaneously use interception tool, continuously send out a certain number of
Data packet is realized to target network and releases certification attack, and user offline is forced to wait reconnection;
S6, in user's reconnection, the reconnection process of monitoring users, and certification request data are captured by interception tool in real time
Packet;If being successfully acquired the data packet, that is, judge the connection for successfully blocking user and target network, executes step S7 immediately;Its
In the case of him, then data packet is persistently sent, the connection until successfully intercepting user and target network;
S7, when logging on to the pseudo- hot spot that step S4 is established to user, and triggering webpage authentication window, induction user's input is close
Code;
S8, using airdecap component user input proper password in the case where, transfer airdecap interface, further
Configure password decrypted data packet;
S9, step S8 decrypted data packet is stored in the specified directory established in step S1, and soft using packet analysis
Part shows the content of data packet, further identifies abnormal flow.
Further, the device parameter for the machine being read in step S1 includes network interface card title and network interface card ip parameter.
Further, in step S2, network parameter includes the MAC Address, channel and BSSID parameter of network.
Further, relevant DNS service can also be configured while configuring pseudo- hot spot in step S4.
Further, in step S6, the encrypted packet successfully grabbed can store the catalogue established into step S1 automatically
In.
Further, in step S9, the content of data packet is specifically shown using wireshark software;Intercept kit
Include aireplay tool;Scanning tools include airodump tool.
Further, in step S2, the network parameter scanned is shown in the machine in the form of a list;Step S3
In, according to the network parameter recorded in list, intuitively judge whether the target network parameter of record is wrong.
Further, in step S9, the packet content after parsing include the packaging information of data packet head, packet source,
The size attribute information of the type of packet, the time given out a contract for a project and packet, by the packet content and other normal data packets after parsing
It is compared, further determines that the abnormal flow behavior of user.
In a kind of wireless network data Packet analyzing method based on pseudo- hot spot of the present invention, client connection is inveigled
To pseudo- hot spot;When client is connected to pseudo- hot spot, wireless cipher is inputted in client user cheating, and use airdecap group
The password that part inputs user is decrypted, the APMB package after obtaining one group of decryption;Finally call packet analysis software display packet
Content, and abnormal traffic behavior is further analyzed according to the content of display packet.
Implement a kind of wireless network data Packet analyzing method based on pseudo- hot spot of the invention, have the advantages that,
On the one hand it can save and collating sort is carried out to the data of crawl, on the other hand can carry out abnormal flow for unknown network
Parsing.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the flow chart for implementing wireless network data Packet analyzing method disclosed by the invention;
Fig. 2 is the first time scanning result after selected network interface card;
The surface chart of Fig. 3 record user behavior;
The display figure for the non-decrypted data packet that Fig. 4 is obtained using analysis software;
The display figure for the decrypted data packet that Fig. 5 is obtained using analysis software.
Specific embodiment
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail
A specific embodiment of the invention.
Referring to FIG. 1, it is the flow chart for implementing wireless network data Packet analyzing method disclosed by the invention, the present embodiment
Based on developing under Linux, and have invoked the local library pcap;The decrypted packet that parsing generates is the data packet of removal encapsulation, can be with
It is opened by packet analysis tool;Specifically includes the following steps:
S1, in the machine, read the network interface card title and network interface card ip parameter of the machine;It creates data packet and stores file, and build
Vertical directory index;Wherein, network card status is further detected according to resulting device parameter;
S2, using airodump scanning tools, scan the network environment of surrounding, and show and remember in the form of a list in real time
It records on the network parameter to the machine scanned;Wherein network parameter includes MAC Address, channel and BSSID parameter;
S3, the network parameter obtained according to step S2 select target of attack network;
Whether the target network parameter of S4, judgment step S3 record is wrong, in the network parameter mistake of target of attack network
In the case where, return step S3 reselects target of attack;In the case of other, joined according to the network of the target of attack network of record
Number establishes pseudo- hot spot, configures DNS service, and execute step S5;
S5, under the scanning mode of airodump scanning tools tool, according in step S3 determine target of attack, this
Aireplay tool is used in machine simultaneously, a certain number of data packets is continuously sent out to target network, realizes and release certification attack,
And user offline is forced to wait reconnection;
S6, in user's reconnection, the reconnection process of monitoring users, and certification request is captured by aireplay tool in real time
Data packet;If being successfully acquired the data packet, that is, judges the connection for successfully blocking user and target network, execute step immediately
S7;In the case of other, then data packet is persistently sent, the connection until successfully intercepting user and target network;
S7, the pseudo- hot spot that step S4 foundation is logged on to user, when triggering webpage authentication window, induction user's input is close
Code;
S8, using airdecap component user input proper password in the case where, transfer airdecap interface, further
Configure password decrypted data packet;
S9, step S8 decrypted data packet is stored in the specified directory established in step S1, and utilizes system analysis
Software shows the content of data packet;Wherein, the packet content after parsing include the packaging information of data packet head, packet source,
The size attribute information of the type of packet, the time given out a contract for a project and packet, by the packet content and other normal data packets after parsing
It is compared, further determines that the abnormal flow behavior of user.
It should be noted that the mode tuning of network interface card includes: the network environment around being scanned using scanning tools, by net
Mode card is set as listening mode;When establishing pseudo- hot spot, network interface card mode is set as holotype.
Referring to FIG. 2, it is the first time scanning result after selected network interface card, correspond to step S2, it can be seen that passing through
Airodump scanning tools scan the network environment of surrounding, and show the network arrived with writing scan in the form of a list in real time
In parameter to the machine;If need to choose in figure, Article 3 network is as target network, according to the target network MAC being recorded
Location: 76:27:1E:45:89:CD, channel parameter: 4, wireless title: 360, a net just can determine that by above three parameter
Network.
Referring to FIG. 3, it is the surface chart for recording user behavior;Wherein, that the interfaces windows record in the upper left corner is DHCP
Service, acting on includes that corresponding IP address is distributed for the user for being connected to pseudo- hot spot, in the present embodiment, for the IP of user's distribution
Address is 192.168.1.100;The interfaces windows record in the upper right corner is the information of pseudo- hot spot and the visitor that connect with pseudo- hot spot
Family client information, in the present embodiment, the user information that record is connect with puppet hot spot includes: the mobile phone model of user: HUAWEI
Nova, the MAC Address of client: 84:9F:B5:34:52:8A;What the window in the lower left corner recorded is the website that client is accessed
The connection request to gateway issued, the access website recorded in the present embodiment includes the common website such as Baidu, Google;The lower right corner
Window record be the real-time attack state attacked using aireplay tool target network, in the present embodiment,
Target network was once attacked every 3 seconds in setting position, until capturing certification request data packet by aireplay tool
When, it halts attacks.
Fig. 4 and Fig. 5 are please referred to, is respectively to utilize the aobvious of the obtained non-decrypted data packet of analysis software and decrypted data packet
Diagram;The range of information such as the type of the data packet after can wherein decrypting, practical packet length, source and destination can be seen
It arrives.The content of non-decrypted data packet and decrypted data packet is compared, further judges the abnormal flow behavior of user.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (8)
1. a kind of wireless network data Packet analyzing method based on pseudo- hot spot, which comprises the following steps:
S1, in the machine, read the device parameter of the machine;It creates data packet and stores file, and establish directory index;
S2, using scanning tools, scan the network environment of surrounding, and the network parameter that real-time display and writing scan are arrived;
S3, the network parameter obtained according to step S2 select target of attack network;
S4, the target of attack network selected according to step S3, in the situation for the network parameter mistake for judging the target of attack network
Under, return step S3 reselects target of attack;In the case of other, established according to the network parameter of the target of attack network of record
Pseudo- hot spot, and execute step S5;
S5, under the scanning mode of scanning tools, in the machine simultaneously use interception tool, continuously send out a certain number of data
Target network is wrapped, realizes and releases certification attack, and user offline is forced to wait reconnection;
S6, in user's reconnection, the reconnection process of monitoring users, and certification request data packet is captured by interception tool in real time;
If being successfully acquired the data packet, that is, judge the connection for successfully blocking user and target network, executes step S7 immediately;Other feelings
Under condition, then data packet is persistently sent, the connection until successfully intercepting user and target network;
S7, when logging on to the pseudo- hot spot that step S4 is established to user, and triggering webpage authentication window, induction user inputs password;
S8, using airdecap component user input proper password in the case where, transfer airdecap interface, further configure
Password decrypted data packet;
S9, step S8 decrypted data packet is stored in the specified directory established in step S1, and aobvious using packet analysis software
The content for showing data packet, further identifies abnormal flow.
2. wireless network data Packet analyzing method according to claim 1, which is characterized in that read the machine in step S1
Device parameter includes network interface card title and network interface card ip parameter.
3. wireless network data Packet analyzing method according to claim 1, which is characterized in that in step S2, network parameter
MAC Address, channel and BSSID parameter including network.
4. wireless network data Packet analyzing method according to claim 1, which is characterized in that in the pseudo- heat of configuration in step S4
While point, relevant DNS service can be also configured.
5. wireless network data Packet analyzing method according to claim 1, which is characterized in that in step S6, successfully grab
The encrypted packet arrived can be stored automatically in the catalogue established into step S1.
6. wireless network data Packet analyzing method according to claim 1, which is characterized in that specifically sharp in step S9
The content of data packet is shown with wireshark software;Interception tool includes aireplay tool;Scanning tools include airodump
Tool.
7. wireless network data Packet analyzing method according to claim 1, which is characterized in that in step S2, scanning is obtained
Network parameter be shown in the machine in the form of a list;In step S3, according to the network parameter recorded in list, intuitively sentence
Whether the target network parameter of disconnected record is wrong.
8. wireless network data Packet analyzing method according to claim 1, which is characterized in that in step S9, after parsing
Packet content includes the packaging information of data packet head, the source of packet, the type of packet, the size attribute of the time and packet given out a contract for a project letter
Packet content after parsing is compared with other normal data packets, further determines that the abnormal flow row of user by breath
For.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910161365.5A CN110012471A (en) | 2019-03-04 | 2019-03-04 | A kind of wireless network data Packet analyzing method based on pseudo- hot spot |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910161365.5A CN110012471A (en) | 2019-03-04 | 2019-03-04 | A kind of wireless network data Packet analyzing method based on pseudo- hot spot |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110012471A true CN110012471A (en) | 2019-07-12 |
Family
ID=67166460
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910161365.5A Pending CN110012471A (en) | 2019-03-04 | 2019-03-04 | A kind of wireless network data Packet analyzing method based on pseudo- hot spot |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110012471A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401732A (en) * | 2013-08-12 | 2013-11-20 | 东南大学 | Pseudo wireless access point data analysis system and method thereof |
US20140245441A1 (en) * | 2013-02-22 | 2014-08-28 | Electronics And Telecommunications Research Institute | Apparatus for analyzing vulnerability of wireless local area network |
CN104754651A (en) * | 2013-12-25 | 2015-07-01 | 任子行网络技术股份有限公司 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
-
2019
- 2019-03-04 CN CN201910161365.5A patent/CN110012471A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140245441A1 (en) * | 2013-02-22 | 2014-08-28 | Electronics And Telecommunications Research Institute | Apparatus for analyzing vulnerability of wireless local area network |
CN103401732A (en) * | 2013-08-12 | 2013-11-20 | 东南大学 | Pseudo wireless access point data analysis system and method thereof |
CN104754651A (en) * | 2013-12-25 | 2015-07-01 | 任子行网络技术股份有限公司 | WLAN (Wireless Local Area Network) wireless data capturing method and system based on pseudo AP (Access Point) induced connection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220263868A1 (en) | Methods and systems for providing a secure connection to a mobile communications device with the level of security based on a context of the communication | |
Denis et al. | Penetration testing: Concepts, attack methods, and defense strategies | |
US10289857B1 (en) | Enforcement of same origin policy for sensitive data | |
US8873411B2 (en) | Provisioning of e-mail settings for a mobile terminal | |
CN103888459B (en) | Method and device for detecting intranet intrusion of network | |
CN105939326A (en) | Message processing method and device | |
Tambe et al. | Detection of threats to IoT devices using scalable VPN-forwarded honeypots | |
CN108965296A (en) | A kind of leak detection method and detection device for smart home device | |
CN112615863A (en) | Method, device, server and storage medium for resisting attack host | |
Tsow et al. | Warkitting: the drive-by subversion of wireless home routers | |
Valente et al. | Privacy and security in Internet-connected cameras | |
CN105592137B (en) | A kind of recognition methods of application type and device | |
CN106790073B (en) | Blocking method and device for malicious attack of Web server and firewall | |
CN108737407A (en) | A kind of method and device for kidnapping network flow | |
Brierley et al. | Industrialising blackmail: Privacy invasion based IoT ransomware | |
CN110012471A (en) | A kind of wireless network data Packet analyzing method based on pseudo- hot spot | |
Sharma | Honeypots in Network Security | |
KR101826728B1 (en) | Method, system and computer-readable recording medium for managing log data | |
Paliwal | Honeypot: A trap for attackers | |
CN106657139A (en) | Login password processing method, apparatus and system | |
CN112600844A (en) | Data security detection method and device, storage medium and electronic equipment | |
JP2004310267A (en) | Inspection equipment for web site | |
Zaman et al. | Internal Security Monitoring of an Organization by Scapy & Kali Linux | |
Frank | Securing Smart Homes with OpenFlow: Feasibility, Implementation, and Performance | |
Al Zaabi | Android forensics: investigating social networking cybercrimes against man-in-the-middle attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190712 |
|
WD01 | Invention patent application deemed withdrawn after publication |