CN110661683A - Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format - Google Patents
Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format Download PDFInfo
- Publication number
- CN110661683A CN110661683A CN201910915173.9A CN201910915173A CN110661683A CN 110661683 A CN110661683 A CN 110661683A CN 201910915173 A CN201910915173 A CN 201910915173A CN 110661683 A CN110661683 A CN 110661683A
- Authority
- CN
- China
- Prior art keywords
- data packet
- udp protocol
- analysis result
- file
- analyzing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
Abstract
The application discloses a method, a device, equipment and a readable storage medium for analyzing a UDP (user Datagram protocol) protocol based on a pcap format file. The method disclosed by the application comprises the following steps: fetching pcap format files from a network configured with UDP protocol: calling a filter to filter the file to obtain a target file; splitting a target file into a file header and a plurality of data packets; extracting any data packet, and judging whether the data packet conforms to a UDP protocol or not by using a libpcap library; and if so, analyzing the data packet to obtain an analysis result, and visually displaying the analysis result so that the user can analyze the UDP protocol according to the analysis result. According to the method and the device, the filter and the libpcap library are utilized to avoid the influence of other data on the analysis result, and the analysis result can be visually displayed, so that the analysis accuracy of the UDP protocol and the positioning accuracy of the UDP protocol fault are improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for analyzing a UDP protocol based on a pcap format.
Background
Currently, in order to test a UDP protocol configured in a network, some packet capturing tools may be used to capture data packets in the network, and then analyze the data packets, so as to analyze the UDP protocol and determine a related fault existing in the UDP protocol.
However, the existing packet capturing tool can only capture data packets from the network, and cannot visually display the packet capturing result, which is not favorable for the analysis and fault location of the UDP protocol. Moreover, a protocol configured in one network does not only include a UDP protocol, so that a captured data packet may be a data packet conforming to other protocols, and an existing packet capturing tool cannot accurately identify data packets corresponding to different protocols, thereby further providing a barrier for analyzing each fault location of the UDP protocol.
Therefore, how to improve the analysis efficiency and accuracy of the UDP protocol is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present application is to provide a method, an apparatus, a device and a readable storage medium for analyzing a UDP protocol based on a pcap format file, so as to improve the analysis efficiency and accuracy of the UDP protocol. The specific scheme is as follows:
in a first aspect, the present application provides a method for analyzing a UDP protocol based on a pcap format file, including:
fetching pcap format files from a network configured with UDP protocol:
calling a filter to filter the file to obtain a target file; the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
splitting a target file into a file header and a plurality of data packets;
extracting any data packet, and judging whether the data packet conforms to a UDP protocol or not by using a libpcap library;
and if so, analyzing the data packet to obtain an analysis result, and visually displaying the analysis result so that the user can analyze the UDP protocol according to the analysis result.
Preferably, parsing the data packet to obtain a parsing result includes:
splitting the data packet into a data packet header and data;
analyzing the data packet header to obtain the component of the data packet header;
analyzing the data to obtain the length of the data;
and determining the components and the length of the data packet header as an analysis result.
Preferably, the visually displaying the analysis result includes:
carrying out statistics on the analysis result to obtain a statistical result;
and displaying the statistical result by using a preset visual tool.
Preferably, fetching the pcap format file from the network configured with UDP protocol includes:
and grabbing the file from the network by using a packet grabbing tool.
Preferably, if the packet does not conform to the UDP protocol, the packet is discarded.
Preferably, after visually displaying the analysis result, the method further includes:
calling a data packet editor according to a data packet modification instruction input by a user;
modifying the data packet by using a data packet editor, and transmitting the modified data packet to a network;
acquiring a processing result of the modified data packet by the network;
and if the processing result is wrong, determining that the UDP protocol configured in the network has a fault.
Preferably, after visually displaying the analysis result, the method further includes:
and determining a generation time stamp of the analysis result, and storing the generation time stamp and the analysis result.
Preferably, after storing the generated time stamp and the parsing result, the method further includes:
if a UDP (user Datagram protocol) configured in the network fails, determining the failure occurrence time period according to a playback instruction input by a user;
inquiring a target generation time stamp corresponding to the occurrence time period;
and visually displaying the analysis result corresponding to the target generation timestamp.
In a second aspect, the present application provides an apparatus for analyzing a UDP protocol based on a pcap format file, including:
the grabbing module is used for grabbing the files in the pcap format from the network configured with the UDP protocol:
the filtering module is used for calling a filter to filter the file to obtain a target file; the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
the splitting module is used for splitting the target file into a file header and a plurality of data packets;
the judging module is used for extracting any data packet and judging whether the data packet conforms to a UDP protocol or not by using the libpcap library;
and the analysis module is used for analyzing the data packet to obtain an analysis result if the data packet conforms to the UDP protocol, and visually displaying the analysis result so that a user can analyze the UDP protocol according to the analysis result.
In a third aspect, the present application provides a device for analyzing a UDP protocol based on a pcap format file, including:
a memory for storing a computer program;
a processor for executing a computer program for implementing the method of the aforementioned disclosed UDP protocol based on file parsing in pcap format.
In a fourth aspect, the present application provides a readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the method of the foregoing disclosed UDP protocol for file analysis based on the pcap format.
According to the scheme, the application provides a method for analyzing a UDP protocol based on a file in a pcap format, which comprises the following steps: fetching pcap format files from a network configured with UDP protocol: calling a filter to filter the file to obtain a target file; the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function; splitting a target file into a file header and a plurality of data packets; extracting any data packet, and judging whether the data packet conforms to a UDP protocol or not by using a libpcap library; and if so, analyzing the data packet to obtain an analysis result, and visually displaying the analysis result so that the user can analyze the UDP protocol according to the analysis result.
Therefore, after a file in a pcap format is captured from a network configured with a UDP protocol, a filter is called to filter the file to obtain a purer target file in the pcap format; further splitting the target file into a file header and a plurality of data packets; for any data packet, judging whether the data packet conforms to a UDP protocol by using a libpcap library; and if so, analyzing the data packet, and visually displaying the obtained analysis result so that the user can analyze the UDP protocol according to the analysis result. In order to analyze the UDP protocol more accurately and locate the fault in the UDP protocol, the method calls the filter to filter the files in the pcap format so as to avoid the influence of data which is not in the pcap format on the analysis result; and secondly, judging whether the data packet conforms to the UDP protocol by using the libpcap library, thereby avoiding the influence of the data packet which is not the UDP protocol on the analysis result, and improving the accuracy of analyzing the UDP protocol and the positioning accuracy of the UDP protocol fault. Meanwhile, the analysis result of the data packet conforming to the UDP protocol can be visually displayed, so that a user can further determine the fault existing in the UDP protocol according to the analysis result, and convenience is provided for positioning the fault of the UDP protocol.
Correspondingly, the device, the equipment and the readable storage medium for analyzing the UDP protocol based on the file in the pcap format also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart of a first method for analyzing a UDP protocol based on a pcap format;
FIG. 2 is a detailed flowchart of step S105 in FIG. 1;
FIG. 3 is a flowchart of a second method for parsing UDP protocol based on pcap format disclosed in the present application;
FIG. 4 is a flowchart of a third method for analyzing a UDP protocol based on a pcap format file disclosed in the present application;
FIG. 5 is a schematic view of a document selection interface disclosed herein;
FIG. 6 is a schematic illustration showing an analytic result disclosed herein;
FIG. 7 is a schematic diagram of an apparatus for analyzing a UDP protocol based on a pcap format according to the present disclosure;
fig. 8 is a schematic diagram of a device for analyzing a UDP protocol based on a pcap format.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, the existing packet capturing tool can only capture data packets from a network, but cannot visually display packet capturing results, which is not beneficial to analysis and fault location of a UDP protocol. Moreover, a protocol configured in one network does not only include a UDP protocol, so that a captured data packet may be a data packet conforming to other protocols, and an existing packet capturing tool cannot accurately identify data packets corresponding to different protocols, thereby further providing a barrier for analyzing each fault location of the UDP protocol. Therefore, the scheme for analyzing the UDP protocol based on the file in the pcap format is provided, and the analysis efficiency and accuracy of the UDP protocol can be improved.
Referring to fig. 1, an embodiment of the present application discloses a first method for analyzing a UDP protocol based on a pcap format file, including:
s101, capturing a pcap format file from a network configured with a UDP protocol:
specifically, fetching a pcap format file from a network configured with a UDP protocol includes: and grabbing the file from the network by using a packet grabbing tool. Bale plucking tools such as wirereshark, tcpdump, etc. The Pcap is a file format, and the UDP Protocol is a User Datagram Protocol (User Datagram Protocol), which is a connectionless transport Protocol.
S102, calling a filter to filter the file to obtain a target file;
wherein, the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function. pcap _ complement () uses strings containing high-level boolean expressions and produces low-level bytecodes that can be integrated into the packet driver by the filter engine. pcap _ setfilter () associates a filter with a packet capture session. Once pcap _ setfilter () is called, the relevant filter will be applied to all packets coming from the network. The filter is called to filter the files in the pcap format, so that the influence of data which is not in the pcap format on the analysis result can be avoided.
S103, splitting the target file into a file header and a plurality of data packets;
it should be noted that the pcap format file includes a header and a plurality of data packets, and each data packet includes a header and data. Each data packet is an object for analyzing the protocol, that is, the data packet in the pcap format file is analyzed, so that whether the protocol fails or not can be known.
S104, extracting any data packet, and judging whether the data packet conforms to a UDP protocol or not by using a libpcap library; if yes, executing S105; if not, executing S107;
s105, analyzing the data packet to obtain an analysis result;
s106, visually displaying the analysis result so that a user can analyze the UDP protocol according to the analysis result;
and S107, discarding the data packet.
In this embodiment, when the data packet in the pcap-formatted file conforms to the UDP protocol, the data packet is further parsed, otherwise, the data packet is discarded, so that unnecessary parsing processes can be reduced. The libpcap is a very powerful network sniffing tool library, and a series of functions of the libpcap can analyze the content of the data packet. The correlation functions and their functions in the Libpcap library can be found in the prior art.
In a specific embodiment, the visually displaying the analysis result includes: carrying out statistics on the analysis result to obtain a statistical result; and displaying the statistical result by using a preset visual tool. Various display charts can be arranged in the visualization tool, such as: line drawings, bar charts, pie charts, line drawings, and the like.
Wherein, the statistics of the analysis result may be: and counting a data packet with a correct source port number, a data packet with an incorrect source port number, a data packet with a correct destination port number, a data packet with an incorrect destination port number and the like in a preset time period. These statistics may be presented in a line graph, bar graph, pie graph, line graph, and the like.
Referring to fig. 2, fig. 2 is a detailed flowchart of step S105 in fig. 1. The specific implementation step of S105 in fig. 1 includes:
s201, splitting a data packet into a data packet header and data;
s202, analyzing a data packet header to obtain a component of the data packet header;
s203, analyzing the data to obtain the length of the data;
and S204, determining the components and the length of the data packet header as an analysis result.
It should be noted that, the components of the data packet header include: GMTtime, MicroTime, caplen, len, etc.
Generally, a data packet conforming to the UDP protocol includes: the source port number, the destination port number, the packet length, the checksum and the data, wherein the source port number, the destination port number, the packet length, and the checksum are UDP headers. The source port number, destination port number, packet length, checksum and data may be further determined based on the parsing result including the header components and length.
It can be seen that, in order to analyze the UDP protocol more accurately and locate a fault existing in the UDP protocol, the filter is first called to filter the pcap format file, so as to avoid that the analysis result is affected by data that is not in the pcap format; and secondly, judging whether the data packet conforms to the UDP protocol by using the libpcap library, thereby avoiding the influence of the data packet which is not the UDP protocol on the analysis result, and improving the accuracy of analyzing the UDP protocol and the positioning accuracy of the UDP protocol fault. Meanwhile, the analysis result of the data packet conforming to the UDP protocol can be visually displayed, so that a user can further determine the fault existing in the UDP protocol according to the analysis result, and convenience is provided for positioning the fault of the UDP protocol.
Referring to fig. 3, an embodiment of the present application discloses a second method for analyzing a UDP protocol based on a pcap format file, including:
s301, capturing a pcap format file from a network configured with a UDP protocol:
s302, calling a filter to filter the file to obtain a target file;
wherein, the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
s303, splitting the target file into a file header and a plurality of data packets;
the first 24 bytes of the pcap format file are a file header, and the file header contains file information. The file header comprises the following components: magic, Major, Minor, ThisZone, SnapLen, LinkType, etc.
S304, extracting any data packet, and judging whether the data packet conforms to a UDP protocol by using a libpcap library; if yes, go to S305; if not, executing S307;
s305, analyzing the data packet to obtain an analysis result;
s306, visually displaying the analysis result so that a user can analyze the UDP protocol according to the analysis result and executing S308;
s307, discarding the data packet;
s308, receiving a data packet modification instruction input by a user;
s309, calling a data packet editor according to a data packet modification instruction input by a user;
s310, modifying the data packet by using a data packet editor, and transmitting the modified data packet to a network;
s311, acquiring a processing result of the modified data packet by the network;
s312, judging whether the processing result is correct or not; if yes, go to S313; if not, executing S314;
s313, determining that corresponding faults do not exist in the UDP protocol configured in the network;
s314, determining that corresponding faults exist in the UDP protocol configured in the network.
In the present embodiment, the packet modification and transmission functions, i.e., the contents described in S308-S314, are added. Specifically, the Packet Editor may be WPE (Winsock Packet Editor). The modified data packet is a misleading data packet which can mislead the network to process the data packet according to the wrong direction, so that if the processing result of the network on the modified data packet is correct, the misleading of the network by the modified data packet is indicated, the correct processing result is output, and the fault corresponding to the modified data packet does not exist; if the processing result of the modified data packet by the network is wrong, namely the modified data packet of the network is misled, and the wrong processing result is output, the fault corresponding to the modified data packet exists in the current network.
It should be noted that, implementation steps in this embodiment are the same as or similar to those in the above embodiments, and may be referred to each other as necessary, so that detailed description is omitted in this embodiment.
As can be seen from the above, in order to analyze the UDP protocol more accurately and locate a fault in the UDP protocol, the filter is first called to filter the pcap format file, so as to avoid that the analysis result is affected by data that is not in the pcap format; and secondly, judging whether the data packet conforms to the UDP protocol by using the libpcap library, thereby avoiding the influence of the data packet which is not the UDP protocol on the analysis result, and improving the accuracy of analyzing the UDP protocol and the positioning accuracy of the UDP protocol fault. Meanwhile, the analysis result of the data packet conforming to the UDP protocol can be visually displayed, so that a user can further determine the fault existing in the UDP protocol according to the analysis result, and convenience is provided for positioning the fault of the UDP protocol. The embodiment also adds the functions of modifying and sending the data packet, and further provides convenience for positioning the UDP protocol fault.
Referring to fig. 4, an embodiment of the present application discloses a third method for analyzing a UDP protocol based on a pcap format file, including:
s401, capturing a pcap format file from a network configured with a UDP protocol:
s402, calling a filter to filter the file to obtain a target file;
wherein, the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
s403, splitting the target file into a file header and a plurality of data packets;
s404, extracting any data packet, and judging whether the data packet conforms to a UDP protocol by using a libpcap library; if yes, go to S405; if not, executing S407;
s405, analyzing the data packet to obtain an analysis result;
s406, visually displaying the analysis result so that a user can analyze the UDP protocol according to the analysis result and executing S408;
and S407, discarding the data packet.
And S408, determining a generation time stamp of the analysis result, and storing the generation time stamp and the analysis result.
S409, if a UDP (user Datagram protocol) configured in the network fails, determining a failure occurrence time period according to a playback instruction input by a user;
s410, inquiring a target generation time stamp corresponding to the occurrence time period;
s411, visually displaying the analysis result corresponding to the target generation timestamp.
In the present embodiment, a packet playback function, i.e., the contents described in S408-S411, is added. Specifically, the present embodiment may store the parsing result of each data packet conforming to the UDP protocol, and the generation timestamp corresponding to each parsing result. Therefore, when the UDP protocol configured in the network fails, the user can inquire the analysis result corresponding to the failure occurrence time period, thereby determining the failure problem occurring in the time period and realizing the tracing of the failure problem.
It should be noted that, implementation steps in this embodiment are the same as or similar to those in the above embodiments, and may be referred to each other as necessary, so that detailed description is omitted in this embodiment.
As can be seen from the above, in order to analyze the UDP protocol more accurately and locate a fault in the UDP protocol, the filter is first called to filter the pcap format file, so as to avoid that the analysis result is affected by data that is not in the pcap format; and secondly, judging whether the data packet conforms to the UDP protocol by using the libpcap library, thereby avoiding the influence of the data packet which is not the UDP protocol on the analysis result, and improving the accuracy of analyzing the UDP protocol and the positioning accuracy of the UDP protocol fault. Meanwhile, the analysis result of the data packet conforming to the UDP protocol can be visually displayed, so that a user can further determine the fault existing in the UDP protocol according to the analysis result, and convenience is provided for positioning the fault of the UDP protocol. The embodiment also adds a data packet playback function, and further provides convenience for positioning the UDP protocol fault.
According to the method for analyzing the UDP protocol based on the pcap format file, provided by the application, an analysis tool can be designed, and the analysis tool is combined with the existing packet grabbing tool for use, namely, the existing packet grabbing tool is firstly used for grabbing the pcap format file, and then the analysis tool provided by the embodiment is used for analyzing the pcap format file. The analysis tool provided by the embodiment comprises four software packages, specifically:
com.wangdianqing.packet;
com.wangdianqing.pacpparser;
ProtocolJudge;
com.wangdianqing.UI。
a com.wangdianq.packet can realize an ExtensionFileFilter type filter, and the ExtensionFileFilter type filter is used for opening a file in a pcap format and filtering the file.
Wan gdianq. packet can also be used to parse packets to output the corresponding parsing result.
Wangdianqng pacpparser can realize a pcapaprarser class, which is used for splitting a pcap format file into a file header and a plurality of data packets, and each data packet is split into a data packet header and data.
The protocol judge can be realized in the protocol judge, and is used for judging the protocol type, namely judging whether the data packet conforms to the UDP protocol.
Wangdianq.ui can implement the MyUI class, which is used to implement user interaction interface, implement file selection, create input stream according to file path, and display parsing result according to user requirement.
Specifically, please refer to fig. 5 and 6 for a user interaction interface implemented by the analysis tool in this embodiment. Fig. 5 is a schematic view of a file selection interface, and fig. 6 is a schematic view showing an analysis result. As can be seen from fig. 6, the parsing result of a certain packet is: the protocol is UDP, source IP address 127.0.0.1, destination IP address 127.0.0.1, service type 0x00, total length 28, id 0x9F24, flag 0x00, TTL 64, protocol type 0x11, header checksum 0xDDAA, UDP source port number 12345, destination port number 53, total length 8, checksum 0x 0000.
Therefore, the analysis tool provided by the embodiment can analyze the UDP protocol based on the file in the pcap format, realize more accurate analysis of the UDP protocol, locate the fault in the UDP protocol, and simultaneously visually display the analysis result of the data packet conforming to the UDP protocol, so that the user can further determine the fault in the UDP protocol according to the analysis result, thereby providing convenience for locating the fault in the UDP protocol.
In the following, a device for analyzing a UDP protocol based on a pcap format provided in an embodiment of the present application is introduced, and the device for analyzing a UDP protocol based on a pcap format described below and the method for analyzing a UDP protocol based on a pcap format described above may refer to each other.
Referring to fig. 7, an embodiment of the present application discloses an apparatus for analyzing a UDP protocol based on a pcap format file, including:
a fetching module 701, configured to fetch a pcap format file from a network configured with a UDP protocol:
a filtering module 702, configured to call a filter to filter a file to obtain a target file; the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
a splitting module 703, configured to split the target file into a file header and a plurality of data packets;
a judging module 704, configured to extract any data packet, and judge whether the data packet conforms to the UDP protocol by using a libpcap library;
the parsing module 705 is configured to parse the data packet to obtain a parsing result if the data packet conforms to the UDP protocol, and visually display the parsing result so that a user can analyze the UDP protocol according to the parsing result.
In one embodiment, the parsing module comprises:
the splitting unit is used for splitting the data packet into a data packet header and data;
the first analysis unit is used for analyzing the data packet header to obtain the component of the data packet header;
the second analysis unit is used for analyzing the data to obtain the length of the data;
and the determining unit is used for determining the components and the length of the data packet header as the analysis result.
In one embodiment, the parsing module comprises:
the statistical unit is used for carrying out statistics on the analysis result to obtain a statistical result;
and the display unit is used for displaying the statistical result by utilizing a preset visual tool.
In a specific embodiment, the grasping module is specifically configured to:
and grabbing the file from the network by using a packet grabbing tool.
In a specific embodiment, the method further comprises the following steps:
and the discarding module is used for discarding the data packet if the data packet does not conform to the UDP protocol.
In a specific embodiment, the method further comprises the following steps:
the calling module is used for calling the data packet editor according to the data packet modification instruction input by the user;
the modification module is used for modifying the data packet by using the data packet editor and transmitting the modified data packet to the network;
the acquisition module is used for acquiring the processing result of the modified data packet by the network;
and the first determining module is used for determining that the UDP protocol configured in the network has a fault if the processing result is wrong.
In a specific embodiment, the method further comprises the following steps:
and the storage module is used for determining the generation time stamp of the analysis result and storing the generation time stamp and the analysis result.
In a specific embodiment, the method further comprises the following steps:
the second determining module is used for determining the fault occurrence time period according to a playback instruction input by a user if a UDP (user Datagram protocol) configured in the network has a fault;
the query module is used for querying a target generation time stamp corresponding to the occurrence time period;
and the display module is used for visually displaying the analysis result corresponding to the target generation timestamp.
For more specific working processes of each module and unit in this embodiment, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not described here again.
Therefore, the embodiment provides a device for analyzing a UDP protocol based on a file in a pcap format, and the device can analyze the UDP protocol more accurately, locate a fault in the UDP protocol, and improve the accuracy of analyzing the UDP protocol and the accuracy of locating the fault in the UDP protocol. Meanwhile, the analysis result of the data packet conforming to the UDP protocol can be visually displayed, so that a user can further determine the fault existing in the UDP protocol according to the analysis result, and convenience is provided for positioning the fault of the UDP protocol.
In the following, a device for analyzing a UDP protocol based on a pcap format provided in an embodiment of the present application is introduced, and a device for analyzing a UDP protocol based on a pcap format and a method and an apparatus for analyzing a UDP protocol based on a pcap format described above may refer to each other.
Referring to fig. 8, an embodiment of the present application discloses a device for analyzing a UDP protocol based on a pcap format file, including:
a memory 801 for storing a computer program;
a processor 802 for executing the computer program to implement the method disclosed by any of the above embodiments.
In the following, a readable storage medium provided by an embodiment of the present application is introduced, and a readable storage medium described below and the method, apparatus, and device for analyzing a UDP protocol based on a pcap format described above may be referred to each other.
A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the method for analyzing UDP protocol based on pcap format disclosed in the previous embodiments. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
References in this application to "first," "second," "third," "fourth," etc., if any, are intended to distinguish between similar elements and not necessarily to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, or apparatus.
It should be noted that the descriptions in this application referring to "first", "second", etc. are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for analyzing a UDP protocol based on a file in a pcap format is characterized by comprising the following steps:
fetching pcap format files from a network configured with UDP protocol:
calling a filter to filter the file to obtain a target file; the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
splitting the target file into a file header and a plurality of data packets;
extracting any one data packet, and judging whether the data packet conforms to the UDP protocol by using a libpcap library;
and if so, analyzing the data packet to obtain an analysis result, and visually displaying the analysis result so that a user can analyze the UDP protocol according to the analysis result.
2. The method of claim 1, wherein parsing the data packet to obtain a parsing result comprises:
splitting the data packet into a data packet header and data;
analyzing the data packet header to obtain the components of the data packet header;
analyzing the data to obtain the length of the data;
and determining the components of the data packet header and the length as the analysis result.
3. The method according to claim 1, wherein the visually presenting the analysis result comprises:
counting the analysis result to obtain a statistical result;
and displaying the statistical result by utilizing a preset visual tool.
4. The method of claim 1, further comprising:
and if the data packet does not conform to the UDP protocol, discarding the data packet.
5. The method according to any one of claims 1 to 4, wherein after visually displaying the analysis result, the method further comprises:
calling a data packet editor according to a data packet modification instruction input by a user;
modifying the data packet by using the data packet editor, and transmitting the modified data packet to the network;
acquiring a processing result of the modified data packet by the network;
and if the processing result is wrong, determining that the UDP protocol configured in the network has a fault.
6. The method according to claim 1, wherein after visually displaying the analysis result, further comprising:
and determining a generation time stamp of the analysis result, and storing the generation time stamp and the analysis result.
7. The method of claim 6, wherein after storing the generation timestamp and the parsing result, further comprising:
if the UDP protocol configured in the network fails, determining the failure occurrence time period according to a playback instruction input by a user;
querying a target generation timestamp corresponding to the occurrence time period;
and visually displaying the analysis result corresponding to the target generation timestamp.
8. An apparatus for analyzing UDP protocol based on pcap format file, comprising:
the grabbing module is used for grabbing the files in the pcap format from the network configured with the UDP protocol:
the filtering module is used for calling a filter to filter the file to obtain a target file; the filter is provided with a pcap _ match () filter function and a pcap _ setfilter () filter function;
the splitting module is used for splitting the target file into a file header and a plurality of data packets;
the judging module is used for extracting any data packet and judging whether the data packet conforms to the UDP protocol or not by using a libpcap library;
and the analysis module is used for analyzing the data packet to obtain an analysis result if the data packet conforms to the UDP protocol, and visually displaying the analysis result so that a user can analyze the UDP protocol according to the analysis result.
9. An apparatus for analyzing a UDP protocol based on a pcap format file, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the method of any one of claims 1 to 7.
10. A readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the method of any one of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910915173.9A CN110661683B (en) | 2019-09-26 | 2019-09-26 | Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format |
| PCT/CN2019/108474 WO2021056400A1 (en) | 2019-09-26 | 2019-09-27 | File analysis udp protocol method and apparatus based on pcap format |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910915173.9A CN110661683B (en) | 2019-09-26 | 2019-09-26 | Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110661683A true CN110661683A (en) | 2020-01-07 |
| CN110661683B CN110661683B (en) | 2021-07-16 |
Family
ID=69039302
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910915173.9A Active CN110661683B (en) | 2019-09-26 | 2019-09-26 | Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110661683B (en) |
| WO (1) | WO2021056400A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112685368A (en) * | 2020-12-30 | 2021-04-20 | 成都科来网络技术有限公司 | Method and system for processing complete session of super-large data packet file and readable storage medium |
| CN113141282A (en) * | 2021-05-12 | 2021-07-20 | 平安国际智慧城市科技股份有限公司 | Packet capturing method, device, equipment and storage medium based on Libpcap |
| CN113485282A (en) * | 2021-09-07 | 2021-10-08 | 西安热工研究院有限公司 | Message tracking display method, system, equipment and storage medium for distributed control system |
| CN113950088A (en) * | 2021-09-07 | 2022-01-18 | 浙江三维利普维网络有限公司 | Base station monitoring and analyzing method, device, system, electronic device and storage medium |
| CN114124555A (en) * | 2021-11-29 | 2022-03-01 | 杭州迪普科技股份有限公司 | Message playback method and device, electronic equipment and computer readable medium |
| CN114189568A (en) * | 2022-02-14 | 2022-03-15 | 北京安盟信息技术股份有限公司 | Method and system for rapidly processing UDP (user Datagram protocol) data packet |
| CN114328190A (en) * | 2021-12-13 | 2022-04-12 | 北京安博通科技股份有限公司 | Method, system and server for automatically splitting IPS event |
| CN114466325A (en) * | 2021-12-21 | 2022-05-10 | 天津光电通信技术有限公司 | No. seven signaling analysis method and analysis platform based on x86 board card |
| CN114553559A (en) * | 2022-02-25 | 2022-05-27 | 北京华云安信息技术有限公司 | Method and device for modifying protocol data in router and readable storage medium |
| CN114666253A (en) * | 2022-03-09 | 2022-06-24 | 成都安恒信息技术有限公司 | Method and system for analyzing software and testing application based on data packet |
| CN116366346A (en) * | 2023-04-04 | 2023-06-30 | 中国华能集团有限公司北京招标分公司 | DNS traffic reduction method |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136786A (en) * | 2006-08-29 | 2008-03-05 | 郑州威科姆技术开发有限公司 | Network fault node diagnosis method |
| CN101146213A (en) * | 2006-09-11 | 2008-03-19 | 思华科技(上海)有限公司 | VoD network and ordering method |
| CN101145130A (en) * | 2007-08-02 | 2008-03-19 | 中兴通讯股份有限公司 | Simple network management protocol software test device and test method |
| CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
| CN101286896A (en) * | 2008-06-05 | 2008-10-15 | 上海交通大学 | IPSec VPN protocol drastic detecting method based on flows |
| CN101296227A (en) * | 2008-06-19 | 2008-10-29 | 上海交通大学 | IPSec VPN protocol depth detection method based on packet offset matching |
| CN101741908A (en) * | 2009-12-25 | 2010-06-16 | 青岛朗讯科技通讯设备有限公司 | Identification method for application layer protocol characteristic |
| CN102780675A (en) * | 2011-05-09 | 2012-11-14 | 中兴通讯股份有限公司 | Transmission method, device and system for streaming media service |
| US9426071B1 (en) * | 2013-08-22 | 2016-08-23 | Fireeye, Inc. | Storing network bidirectional flow data and metadata with efficient processing technique |
| CN106301994A (en) * | 2015-06-24 | 2017-01-04 | 北京京东尚科信息技术有限公司 | A kind of network service abnormality test method and apparatus |
| CN106790402A (en) * | 2016-11-29 | 2017-05-31 | 郑州云海信息技术有限公司 | Information System Structure middleware data parallel distribution method and system |
| CN108287905A (en) * | 2018-01-26 | 2018-07-17 | 华南理工大学 | A kind of extraction of network flow feature and storage method |
| US10326803B1 (en) * | 2014-07-30 | 2019-06-18 | The University Of Tulsa | System, method and apparatus for network security monitoring, information sharing, and collective intelligence |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102821217B (en) * | 2012-07-29 | 2013-12-25 | 西北工业大学 | VoIP flow detection method based on UDP (user datagram protocol) statistical fingerprint hybrid model |
| US9043439B2 (en) * | 2013-03-14 | 2015-05-26 | Cisco Technology, Inc. | Method for streaming packet captures from network access devices to a cloud server over HTTP |
| CN106302349B (en) * | 2015-05-29 | 2020-06-05 | 北京京东尚科信息技术有限公司 | HTTP packet analysis method and device based on libpcap |
-
2019
- 2019-09-26 CN CN201910915173.9A patent/CN110661683B/en active Active
- 2019-09-27 WO PCT/CN2019/108474 patent/WO2021056400A1/en active Application Filing
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136786A (en) * | 2006-08-29 | 2008-03-05 | 郑州威科姆技术开发有限公司 | Network fault node diagnosis method |
| CN101146213A (en) * | 2006-09-11 | 2008-03-19 | 思华科技(上海)有限公司 | VoD network and ordering method |
| CN101145130A (en) * | 2007-08-02 | 2008-03-19 | 中兴通讯股份有限公司 | Simple network management protocol software test device and test method |
| CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
| CN101286896A (en) * | 2008-06-05 | 2008-10-15 | 上海交通大学 | IPSec VPN protocol drastic detecting method based on flows |
| CN101296227A (en) * | 2008-06-19 | 2008-10-29 | 上海交通大学 | IPSec VPN protocol depth detection method based on packet offset matching |
| CN101741908A (en) * | 2009-12-25 | 2010-06-16 | 青岛朗讯科技通讯设备有限公司 | Identification method for application layer protocol characteristic |
| CN102780675A (en) * | 2011-05-09 | 2012-11-14 | 中兴通讯股份有限公司 | Transmission method, device and system for streaming media service |
| US9426071B1 (en) * | 2013-08-22 | 2016-08-23 | Fireeye, Inc. | Storing network bidirectional flow data and metadata with efficient processing technique |
| US9876701B1 (en) * | 2013-08-22 | 2018-01-23 | Fireeye, Inc. | Arrangement for efficient search and retrieval of indexes used to locate captured packets |
| US10326803B1 (en) * | 2014-07-30 | 2019-06-18 | The University Of Tulsa | System, method and apparatus for network security monitoring, information sharing, and collective intelligence |
| CN106301994A (en) * | 2015-06-24 | 2017-01-04 | 北京京东尚科信息技术有限公司 | A kind of network service abnormality test method and apparatus |
| CN106790402A (en) * | 2016-11-29 | 2017-05-31 | 郑州云海信息技术有限公司 | Information System Structure middleware data parallel distribution method and system |
| CN108287905A (en) * | 2018-01-26 | 2018-07-17 | 华南理工大学 | A kind of extraction of network flow feature and storage method |
Non-Patent Citations (3)
| Title |
|---|
| ERICDM: "PCAP数据包过滤器设置及过滤表达式语法", 《HTTPS://BLOG.CSDN.NET/ERICDM/ARTICLE/DETAILS/9999397》 * |
| MICHA? P. KARPOWICZ: "Preliminary results on the Linux libpcap model identification", 《2015 20TH INTERNATIONAL CONFERENCE ON METHODS AND MODELS IN AUTOMATION AND ROBOTICS (MMAR)》 * |
| 郭凯: "基于WinPcap的数据包捕获系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112685368A (en) * | 2020-12-30 | 2021-04-20 | 成都科来网络技术有限公司 | Method and system for processing complete session of super-large data packet file and readable storage medium |
| CN113141282A (en) * | 2021-05-12 | 2021-07-20 | 平安国际智慧城市科技股份有限公司 | Packet capturing method, device, equipment and storage medium based on Libpcap |
| CN113141282B (en) * | 2021-05-12 | 2022-03-18 | 深圳赛安特技术服务有限公司 | Packet capturing method, device, equipment and storage medium based on Libpcap |
| CN113485282A (en) * | 2021-09-07 | 2021-10-08 | 西安热工研究院有限公司 | Message tracking display method, system, equipment and storage medium for distributed control system |
| CN113485282B (en) * | 2021-09-07 | 2021-12-07 | 西安热工研究院有限公司 | Message tracking display method, system, equipment and storage medium for distributed control system |
| CN113950088A (en) * | 2021-09-07 | 2022-01-18 | 浙江三维利普维网络有限公司 | Base station monitoring and analyzing method, device, system, electronic device and storage medium |
| CN113950088B (en) * | 2021-09-07 | 2024-01-23 | 浙江三维利普维网络有限公司 | Base station monitoring analysis method, device, system, electronic device and storage medium |
| CN114124555A (en) * | 2021-11-29 | 2022-03-01 | 杭州迪普科技股份有限公司 | Message playback method and device, electronic equipment and computer readable medium |
| CN114328190A (en) * | 2021-12-13 | 2022-04-12 | 北京安博通科技股份有限公司 | Method, system and server for automatically splitting IPS event |
| CN114328190B (en) * | 2021-12-13 | 2023-02-24 | 北京安博通科技股份有限公司 | Method, system and server for automatically splitting IPS (in-plane switching) event |
| CN114466325A (en) * | 2021-12-21 | 2022-05-10 | 天津光电通信技术有限公司 | No. seven signaling analysis method and analysis platform based on x86 board card |
| CN114189568B (en) * | 2022-02-14 | 2022-05-31 | 北京华御数观科技有限公司 | Method and system for rapidly processing UDP (user Datagram protocol) data packet |
| CN114189568A (en) * | 2022-02-14 | 2022-03-15 | 北京安盟信息技术股份有限公司 | Method and system for rapidly processing UDP (user Datagram protocol) data packet |
| CN114553559A (en) * | 2022-02-25 | 2022-05-27 | 北京华云安信息技术有限公司 | Method and device for modifying protocol data in router and readable storage medium |
| CN114553559B (en) * | 2022-02-25 | 2023-05-23 | 北京华云安信息技术有限公司 | Method and device for modifying protocol data in router and readable storage medium |
| CN114666253A (en) * | 2022-03-09 | 2022-06-24 | 成都安恒信息技术有限公司 | Method and system for analyzing software and testing application based on data packet |
| CN116366346A (en) * | 2023-04-04 | 2023-06-30 | 中国华能集团有限公司北京招标分公司 | DNS traffic reduction method |
| CN116366346B (en) * | 2023-04-04 | 2024-03-22 | 中国华能集团有限公司北京招标分公司 | DNS traffic reduction method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110661683B (en) | 2021-07-16 |
| WO2021056400A1 (en) | 2021-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110661683B (en) | Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format | |
| US8964582B2 (en) | Data integrity scoring and visualization for network and customer experience monitoring | |
| CN110808879B (en) | Protocol identification method, device, equipment and readable storage medium | |
| CN108363662A (en) | A kind of applied program testing method, storage medium and terminal device | |
| CN112714047A (en) | Industrial control protocol flow based test method, device, equipment and storage medium | |
| EP3364601B1 (en) | Testing method, device and system | |
| CN110417801B (en) | Server side identification method and device, equipment and storage medium | |
| CN113055238B (en) | Network detection method, platform and computer readable storage medium | |
| CN112104670B (en) | Method and device for analyzing rail transit data based on link mapping | |
| CN107360062B (en) | DPI equipment identification result verification method and system and DPI equipment | |
| CN110581792B (en) | Message transmission method and device | |
| CN111343153A (en) | Data packet detection method, device, server and storage medium | |
| CN109614382B (en) | Log segmentation method and device for application | |
| CN113765728A (en) | Network detection method, device, equipment and storage medium | |
| CN111427307A (en) | Industrial control abnormity detection method, device and equipment | |
| CN108111365A (en) | A kind of latency measurement processing method and system | |
| CN115509790A (en) | Method and device for acquiring abnormal information, storage medium and electronic device | |
| CN116319669A (en) | Application feature extraction method based on packet filtering framework | |
| CN114338347A (en) | Ampere platform-based fault information out-of-band acquisition method and device | |
| CN114172980A (en) | Method, system, device, equipment and medium for identifying type of operating system | |
| CN114328190B (en) | Method, system and server for automatically splitting IPS (in-plane switching) event | |
| KR20100127591A (en) | Signature generation apparatus for network behavior of applications, collection server, detection system for network behavior, and signature generation method for network behavior | |
| CN114173346B (en) | Coverage detection method, device, equipment and medium of malicious program monitoring system | |
| CN113542066B (en) | Equipment performance testing method and device and related equipment | |
| CN115913605A (en) | Method and device for recording abnormal messages of industrial control firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |