WO2021056400A1 - File analysis udp protocol method and apparatus based on pcap format - Google Patents

File analysis udp protocol method and apparatus based on pcap format Download PDF

Info

Publication number
WO2021056400A1
WO2021056400A1 PCT/CN2019/108474 CN2019108474W WO2021056400A1 WO 2021056400 A1 WO2021056400 A1 WO 2021056400A1 CN 2019108474 W CN2019108474 W CN 2019108474W WO 2021056400 A1 WO2021056400 A1 WO 2021056400A1
Authority
WO
WIPO (PCT)
Prior art keywords
udp protocol
data packet
file
analysis result
pcap
Prior art date
Application number
PCT/CN2019/108474
Other languages
French (fr)
Chinese (zh)
Inventor
王电轻
Original Assignee
苏州浪潮智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏州浪潮智能科技有限公司 filed Critical 苏州浪潮智能科技有限公司
Publication of WO2021056400A1 publication Critical patent/WO2021056400A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol

Definitions

  • This application relates to the field of computer technology, and in particular to a method, device, equipment, and readable storage medium for analyzing a UDP protocol based on a pcap format file.
  • some packet capture tools can be used to capture data packets in the network, and then analyze these data packets to analyze the UDP protocol and determine the related faults in the UDP protocol.
  • the existing packet capture tools can only capture data packets from the network, and cannot visually display the packet capture results, which is not conducive to the analysis and fault location of the UDP protocol.
  • the protocol configured in a network does not only include the UDP protocol, so the captured data packet may be a data packet that conforms to other protocols, and the existing packet capture tools cannot accurately identify the data packets corresponding to different protocols, thereby further giving The analysis of UDP protocol brings obstacles to the location of various faults.
  • the purpose of this application is to provide a method, device, equipment, and readable storage medium for analyzing UDP protocol based on pcap format files, so as to improve the efficiency and accuracy of UDP protocol analysis.
  • the specific plan is as follows:
  • this application provides a method for analyzing UDP protocol based on pcap format files, including:
  • the filter has pcap_complie() filtering function and pcap_setfilter() filtering function;
  • the data packet is parsed, the analysis result is obtained, and the analysis result is visually displayed, so that the user can analyze the UDP protocol according to the analysis result.
  • parsing the data packet to obtain the parsing result includes:
  • the visual display of the analysis result includes:
  • capturing a file in pcap format from a network configured with UDP protocol includes:
  • the data packet is discarded.
  • the method further includes:
  • the method further includes:
  • the method further includes:
  • the time period of the failure will be determined according to the playback instruction input by the user;
  • this application provides a file analysis UDP protocol based on pcap format device, including:
  • the capture module is used to capture files in pcap format from the network configured with the UDP protocol:
  • the filter module is used to call the filter to filter the file to obtain the target file;
  • the filter has a pcap_complie() filter function and a pcap_setfilter() filter function;
  • Splitting module used to split the target file into file headers and multiple data packets
  • the judgment module is used to extract any data packet and use the libpcap library to judge whether the data packet conforms to the UDP protocol;
  • the parsing module is used for parsing the data packet if it conforms to the UDP protocol, obtaining the parsing result, and visually displaying the parsing result, so that the user can analyze the UDP protocol according to the parsing result.
  • this application provides a file analysis UDP protocol device based on pcap format, including:
  • Memory used to store computer programs
  • the processor is used to execute a computer program to implement the previously disclosed method for analyzing the UDP protocol based on the pcap format file.
  • the present application provides a readable storage medium for storing a computer program, where the computer program is executed by a processor to implement the aforementioned disclosed method for analyzing a UDP protocol based on a pcap format file.
  • this application provides a method for analyzing UDP protocol based on pcap format files, including: grabbing pcap format files from a network configured with UDP protocol: calling a filter to filter the files to obtain the target file; The filter is equipped with pcap_complie() filtering function and pcap_setfilter() filtering function; split the target file into file headers and multiple data packets; extract any data packet, and use libpcap library to determine whether the data packet conforms to the UDP protocol; if so , The data packet is parsed, the analysis result is obtained, and the analysis result is displayed visually, so that the user can analyze the UDP protocol according to the analysis result.
  • this method grabs a file in pcap format from a network configured with UDP protocol, it first calls a filter to filter the file to obtain a purer target file in pcap format; and then splits the target file into file headers and multiple files.
  • this application in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol, this application first calls the filter to filter the files in pcap format to avoid data that is not in the pcap format from affecting the analysis results; secondly, it uses the libpcap library to determine Whether the data packet conforms to the UDP protocol, so as to prevent the data packet that is not the UDP protocol from affecting the analysis result again. Therefore, this application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults in the UDP protocol. At the same time, this application can also visually display the analysis results of data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
  • the device, equipment and readable storage medium for analyzing UDP protocol based on pcap format file provided by this application also have the above technical effects.
  • Figure 1 is a flow chart of the first method for analyzing UDP protocol based on pcap format files disclosed in this application;
  • FIG. 2 is a detailed flowchart of step S105 in Figure 1;
  • Figure 3 is a flow chart of the second method for analyzing UDP protocol based on pcap format files disclosed in this application;
  • FIG. 4 is a flow chart of the third method for analyzing UDP protocol based on pcap format files disclosed in this application;
  • Figure 5 is a schematic diagram of a file selection interface disclosed in this application.
  • FIG. 6 is a schematic diagram showing the analysis results disclosed in this application.
  • FIG. 7 is a schematic diagram of an apparatus for analyzing UDP protocol based on a pcap format file disclosed in this application;
  • FIG. 8 is a schematic diagram of a device for analyzing UDP protocol based on a pcap format file disclosed in this application.
  • the existing packet capture tools can only capture data packets from the network, but cannot visually display the packet capture results, which is not conducive to the analysis and fault location of the UDP protocol.
  • the protocol configured in a network does not only include the UDP protocol, so the captured data packet may be a data packet that conforms to other protocols, and the existing packet capture tools cannot accurately identify the data packets corresponding to different protocols, thereby further giving
  • the analysis of UDP protocol brings obstacles to the location of various faults. For this reason, this application provides a solution for analyzing UDP protocol based on pcap format files, which can improve the analysis efficiency and accuracy of UDP protocol.
  • an embodiment of the present application discloses a first method for analyzing UDP protocol based on a pcap format file, including:
  • capturing a file in pcap format from a network configured with a UDP protocol includes: using a packet capture tool to capture a file from the network.
  • Packet capture tools such as Wireshark, tcpdump, etc.
  • Pcap is a file format
  • the UDP protocol is User Datagram Protocol (User Datagram Protocol), which is a connectionless transmission protocol.
  • the filter has pcap_complie() filtering function and pcap_setfilter() filtering function.
  • pcap_complie() uses strings containing high-level Boolean expressions and generates low-level bytecodes that can be integrated into the packet driver by the filtering engine.
  • pcap_setfilter() associates a filter with the packet capture session. Once pcap_setfilter() is called, the relevant filter will be applied to all packets from the network.
  • calling the filter to filter files in pcap format can prevent data that is not in pcap format from affecting the analysis results.
  • a file in the pcap format includes a file header and multiple data packets, and each data packet includes a data packet header and data.
  • Each of the data packets is the object used to analyze the protocol, that is, by analyzing the data packets in the pcap format file, you can learn whether the protocol is faulty or not.
  • S106 Visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result;
  • libpcap is a very powerful network sniffing tool library, among which the libpcap series of functions can analyze the content of data packets. Related functions and functions in the Libpcap library can be referred to the prior art.
  • visually displaying the analysis result includes: performing statistics on the analysis result to obtain the statistical result; and displaying the statistical result using a preset visualization tool.
  • a variety of display charts can be set in the visualization tool, such as: line chart, column chart, pie chart, line chart, etc.
  • the statistics of the analysis result may be: data packets with the correct source port number, data packets with the wrong source port number, data packets with the correct destination port number, and data packets with the wrong destination port number within the preset time period.
  • FIG. 2 is a detailed flowchart of step S105 in FIG. 1.
  • the specific implementation steps of S105 in Figure 1 include:
  • the components of the data packet header include: GMTtime, MicroTime, caplen, len, etc.
  • data packets conforming to the UDP protocol include: source port number, destination port number, data packet length, checksum and data, where the source port number, destination port number, data packet length, and checksum are the UDP header.
  • the source port number, destination port number, packet length, checksum, and data can be further determined based on the analysis result including the components and length of the packet header.
  • the filter is first called to filter the files in pcap format to avoid data that is not in the pcap format from affecting the analysis results; secondly, the libpcap library is used It is judged whether the data packet conforms to the UDP protocol, so as to avoid the data packet that is not the UDP protocol from affecting the analysis result. Therefore, the present application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults of the UDP protocol. At the same time, this application can also visually display the analysis results of data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
  • the embodiment of the present application discloses a second method for analyzing UDP protocol based on a pcap format file, including:
  • the filter has pcap_complie() filtering function and pcap_setfilter() filtering function;
  • the first 24 bytes of the pcap format file are the file header, and the file header contains file information.
  • the components of the file header include: Magic, Major, Minor, ThisZone, SnapLen, LinkType, etc.
  • S306 Visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result, and execute S308;
  • data packet modification and sending functions are added, that is, the content described in S308-S314.
  • the data packet editor may be WPE (Winsock Packet Editor, network packet editor).
  • the modified data packet is a misleading data packet, which can mislead the network to process the data packet in the wrong direction. Therefore, if the network processes the modified data packet correctly, it means that the network has not been misled by the modified data packet. , The correct processing result is output, and there is no fault corresponding to the modified data packet; if the network processing the modified data packet is wrong, it means that the network is misled by the modified data packet and the wrong processing result is output , It means that there is a fault corresponding to the modified data packet in the current network.
  • this embodiment in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol, this embodiment first calls the filter to filter files in pcap format to avoid data that is not in pcap format from affecting the analysis results; secondly, it uses The libpcap library judges whether the data packet conforms to the UDP protocol, so as to avoid the data packet that is not the UDP protocol from affecting the analysis result. Therefore, this application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults in the UDP protocol.
  • this application can also visually display the analysis results of the data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
  • This embodiment also adds data packet modification and sending functions, which further facilitates the location of UDP protocol failures.
  • the embodiment of the present application discloses a third method for analyzing UDP protocol based on a pcap format file, including:
  • S402 Invoke the filter to filter the file, and obtain the target file
  • the filter has pcap_complie() filtering function and pcap_setfilter() filtering function;
  • S406 Visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result, and execute S408;
  • S408 Determine the generation timestamp of the analysis result, and store the generation timestamp and the analysis result.
  • S410 Query the target generation timestamp corresponding to the appearance time period
  • a data packet playback function is added, that is, the content described in S408-S411.
  • this embodiment can store the analysis result of each data packet conforming to the UDP protocol, and the generation timestamp corresponding to each analysis result. Therefore, when the UDP protocol configured in the network fails, the user can query the analysis results corresponding to the time period of the failure, so as to determine the failure problem that occurred during this period, and realize the tracing of the failure problem.
  • this embodiment in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol, this embodiment first calls the filter to filter files in pcap format to avoid data that is not in pcap format from affecting the analysis results; secondly, it uses The libpcap library judges whether the data packet conforms to the UDP protocol, so as to avoid the data packet that is not the UDP protocol from affecting the analysis result. Therefore, this application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults in the UDP protocol.
  • this application can also visually display the analysis results of data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
  • This embodiment also adds a data packet playback function, which further facilitates the location of UDP protocol failures.
  • the following analysis tool can be designed.
  • the analysis tool is used in combination with the existing packet capture tool, that is, first use the existing packet capture tool to capture the pcap format file, and then
  • the analysis tool provided in this embodiment is used to analyze the pcap format file.
  • the analysis tool provided in this embodiment includes four software packages, specifically:
  • ExtensionFileFilter class filter can be implemented in com.wangdianqing.packet, and the ExtensionFileFilter class is used to open files in pcap format and filter the files.
  • com.wangdianqing.packet can also be used to parse data packets to output the corresponding analysis results.
  • the com.wangdianqing.pacpparser can implement the Pcappparser class.
  • the Pcappparser class is used to split a pcap format file into a file header and multiple data packets, and each data packet is split into a data packet header and data.
  • the ProtocolJudge class can be implemented in ProtocolJudge.
  • the ProtocolJudge class is used to determine the protocol type, that is, to determine whether the data packet conforms to the UDP protocol.
  • the MyUI class can be implemented in com.wangdianqing.UI.
  • the MyUI class is used to implement a user interaction interface, select a file, create an input stream according to the file path, and display the analysis result according to user requirements.
  • Figure 5 is a schematic diagram of a file selection interface
  • Figure 6 is a schematic diagram of a display of analysis results.
  • the analysis result of a certain data packet is: the protocol is UDP, the source IP address is 127.0.0.1, the destination IP address is 127.0.0.1, the service type is 0x00, the total length is 28, the identifier is 0x9F24, the identifier is 0x00, and TTL.
  • the protocol type is 0x11
  • the first checksum is 0xDDAA
  • the UDP source port number is 12345
  • the destination port number is 53
  • the total length is 8
  • the checksum is 0x0000.
  • the analysis tool can analyze the UDP protocol based on the file in pcap format, and realize a more accurate analysis of the UDP protocol, locate the faults in the UDP protocol, and at the same time, can also analyze the data packets conforming to the UDP protocol.
  • the results are displayed visually, so that users can further determine the faults in the UDP protocol based on the analysis results, which facilitates the location of UDP protocol faults.
  • the UDP protocol-based file analysis device based on pcap format provided by the embodiments of the present application will be introduced below.
  • the following describes a pcap format-based file analysis UDP protocol device and the above-described pcap format-based file analysis device.
  • the methods of the UDP protocol can be cross-referenced.
  • an embodiment of the present application discloses an apparatus for analyzing a UDP protocol based on a pcap format file, including:
  • the capture module 701 is used to capture files in pcap format from the network configured with the UDP protocol:
  • the filtering module 702 is used to call the filter to filter the file to obtain the target file; the filter is provided with a pcap_complie() filtering function and a pcap_setfilter() filtering function;
  • the splitting module 703 is used to split the target file into a file header and multiple data packets
  • the judging module 704 is used to extract any data packet and use the libpcap library to judge whether the data packet complies with the UDP protocol;
  • the parsing module 705 is used for parsing the data packet if the data packet conforms to the UDP protocol, obtaining the parsing result, and visually displaying the parsing result, so that the user can analyze the UDP protocol according to the parsing result.
  • the parsing module includes:
  • Splitting unit used to split the data packet into data packet header and data
  • the first parsing unit is used to parse the data packet header to obtain the components of the data packet header;
  • the second parsing unit is used to parse the data to obtain the length of the data
  • the determining unit is used to determine the components and length of the data packet header as the analysis result.
  • the parsing module includes:
  • the statistical unit is used to perform statistics on the analysis results and obtain statistical results
  • the display unit is used to display the statistical results using a preset visualization tool.
  • the grabbing module is specifically used for:
  • it further includes:
  • the discarding module is used to discard the data packet if the data packet does not conform to the UDP protocol.
  • it further includes:
  • the calling module is used to call the data packet editor according to the data packet modification instruction input by the user;
  • Modification module used to modify the data package using the data package editor, and transmit the modified data package to the network
  • the obtaining module is used to obtain the processing result of the modified data packet by the network
  • the first determining module is configured to determine that the UDP protocol configured in the network is faulty if the processing result is wrong.
  • it further includes:
  • the storage module is used to determine the generation timestamp of the analysis result, and store the generation timestamp and the analysis result.
  • it further includes:
  • the second determination module is used to determine the time period of occurrence of the failure according to the playback instruction input by the user if the UDP protocol configured in the network fails;
  • the query module is used to query the target generation timestamp corresponding to the time period of occurrence
  • the display module is used to visually display the analysis result corresponding to the target generation timestamp.
  • this embodiment provides a device for analyzing UDP protocol based on pcap format files, which can analyze UDP protocol more accurately, locate faults in UDP protocol, and improve the accuracy of UDP protocol analysis, and UDP protocol The location accuracy of the fault.
  • the analysis results of data packets conforming to the UDP protocol can also be visually displayed, so that users can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
  • the following describes a device based on the pcap format file analysis UDP protocol provided by the embodiments of the present application.
  • the device based on the pcap format file analysis UDP protocol described below is the same as the file analysis device based on the pcap format described above.
  • the methods and devices of the UDP protocol can be cross-referenced.
  • an embodiment of the present application discloses a device for analyzing UDP protocol based on a pcap format file, including:
  • the memory 801 is used to store computer programs
  • the processor 802 is configured to execute the computer program to implement the method disclosed in any of the foregoing embodiments.
  • the following introduces a readable storage medium provided by an embodiment of the present application.
  • the readable storage medium described below and the method, device, and device for analyzing UDP protocol based on pcap format described above can be cross-referenced.
  • a readable storage medium used to store a computer program, where the computer program, when executed by a processor, implements the method for analyzing the UDP protocol based on the pcap format file disclosed in the foregoing embodiments.
  • the computer program when executed by a processor, implements the method for analyzing the UDP protocol based on the pcap format file disclosed in the foregoing embodiments.
  • the specific steps of the method reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not described herein again.
  • the steps of the method or algorithm described in combination with the embodiments disclosed herein can be directly implemented by hardware, a software module executed by a processor, or a combination of the two.
  • the software module can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, or all areas in the technical field. Any other form of well-known readable storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A file analysis UDP protocol method, apparatus and device based on a pcap format, and a readable storage medium. The method comprises: capturing a file in a pcap format from a network configured with a UDP protocol; calling a filter to filter the file to obtain a target file; splitting the target file into a file header and a plurality of data packets; extracting any data packet, and determining whether the data packet conforms to a UDP protocol or not by utilizing a libpcap library; and if yes, analyzing the data packet to obtain the analysis result, and visually displaying the analysis result, so that a user analyzes the UDP protocol according to the analysis result. The filter and the libpcap library are utilized to avoid the influence of other data on the analysis result, and the analysis result can be visually displayed, so that the analysis accuracy of the UDP protocol and the positioning accuracy of the UDP protocol fault are improved.

Description

一种基于pcap格式的文件分析UDP协议的方法及装置Method and device for analyzing UDP protocol based on pcap format file
本申请要求于2019年09月26日提交至中国专利局、申请号为201910915173.9、发明名称为“一种基于pcap格式的文件分析UDP协议的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed to the Chinese Patent Office on September 26, 2019, the application number is 201910915173.9, and the invention title is "a method and device for analyzing UDP protocol based on pcap format files", all of which The content is incorporated in this application by reference.
技术领域Technical field
本申请涉及计算机技术领域,特别涉及一种基于pcap格式的文件分析UDP协议的方法、装置、设备及可读存储介质。This application relates to the field of computer technology, and in particular to a method, device, equipment, and readable storage medium for analyzing a UDP protocol based on a pcap format file.
背景技术Background technique
目前,为了测试网络中配置的UDP协议,可以利用一些抓包工具抓取网络中的数据包,进而对这些数据包进行分析,以分析UDP协议,并确定UDP协议中存在的相关故障。At present, in order to test the UDP protocol configured in the network, some packet capture tools can be used to capture data packets in the network, and then analyze these data packets to analyze the UDP protocol and determine the related faults in the UDP protocol.
但是,现有的抓包工具仅能从网络中抓取数据包,而无法可视化展示抓包结果,这不利于UDP协议的分析和故障定位。并且,一个网络中配置的协议不仅仅包括UDP协议,因此抓到的数据包可能是符合其他协议的数据包,而现有抓包工具也无法精准地识别不同协议对应的数据包,从而进一步给UDP协议的分析各故障定位带来了阻碍。However, the existing packet capture tools can only capture data packets from the network, and cannot visually display the packet capture results, which is not conducive to the analysis and fault location of the UDP protocol. In addition, the protocol configured in a network does not only include the UDP protocol, so the captured data packet may be a data packet that conforms to other protocols, and the existing packet capture tools cannot accurately identify the data packets corresponding to different protocols, thereby further giving The analysis of UDP protocol brings obstacles to the location of various faults.
因此,如何提高UDP协议的分析效率和准确率,是本领域技术人员需要解决的问题。Therefore, how to improve the analysis efficiency and accuracy of the UDP protocol is a problem that needs to be solved by those skilled in the art.
发明内容Summary of the invention
有鉴于此,本申请的目的在于提供一种基于pcap格式的文件分析UDP协议的方法、装置、设备及可读存储介质,以提高UDP协议的分析效率和准确率。其具体方案如下:In view of this, the purpose of this application is to provide a method, device, equipment, and readable storage medium for analyzing UDP protocol based on pcap format files, so as to improve the efficiency and accuracy of UDP protocol analysis. The specific plan is as follows:
第一方面,本申请提供了一种基于pcap格式的文件分析UDP协议的方法,包括:In the first aspect, this application provides a method for analyzing UDP protocol based on pcap format files, including:
从配置UDP协议的网络中抓取pcap格式的文件:Grab a file in pcap format from the network where the UDP protocol is configured:
调用过滤器对文件进行过滤,获得目标文件;过滤器中设有 pcap_complie()过滤函数和pcap_setfilter()过滤函数;Call the filter to filter the file to obtain the target file; the filter has pcap_complie() filtering function and pcap_setfilter() filtering function;
将目标文件拆分为文件头和多个数据包;Split the target file into file headers and multiple data packets;
提取任一个数据包,并利用libpcap库判断数据包是否符合UDP协议;Extract any data packet, and use the libpcap library to determine whether the data packet conforms to the UDP protocol;
若是,则解析数据包,获得解析结果,并将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议。If so, the data packet is parsed, the analysis result is obtained, and the analysis result is visually displayed, so that the user can analyze the UDP protocol according to the analysis result.
优选地,解析数据包,获得解析结果,包括:Preferably, parsing the data packet to obtain the parsing result includes:
将数据包拆分为数据包头和数据;Split the data packet into data packet header and data;
解析数据包头,获得数据包头的组成部分;Parse the data packet header to obtain the components of the data packet header;
解析数据,获得数据的长度;Analyze the data and get the length of the data;
将数据包头的组成部分以及长度确定为解析结果。Determine the components and length of the data packet header as the analysis result.
优选地,将解析结果进行可视化展示,包括:Preferably, the visual display of the analysis result includes:
对解析结果进行统计,获得统计结果;Perform statistics on the analysis results and obtain statistical results;
利用预设可视化工具展示统计结果。Use preset visualization tools to display statistical results.
优选地,从配置UDP协议的网络中抓取pcap格式的文件,包括:Preferably, capturing a file in pcap format from a network configured with UDP protocol includes:
利用抓包工具从网络中抓取文件。Use a packet capture tool to grab files from the Internet.
优选地,若数据包不符合UDP协议,则丢弃数据包。Preferably, if the data packet does not conform to the UDP protocol, the data packet is discarded.
优选地,将解析结果进行可视化展示之后,还包括:Preferably, after visually displaying the analysis result, the method further includes:
根据用户输入的数据包修改指令调用数据包编辑器;Call the data packet editor according to the data packet modification instruction entered by the user;
利用数据包编辑器修改数据包,并将修改后的数据包传输至网络;Use the data packet editor to modify the data package and transmit the modified data package to the network;
获取网络对修改后的数据包的处理结果;Obtain the processing result of the modified data packet by the network;
若处理结果错误,则确定网络中配置的UDP协议存在故障。If the processing result is wrong, it is determined that the UDP protocol configured in the network is faulty.
优选地,将解析结果进行可视化展示之后,还包括:Preferably, after visually displaying the analysis result, the method further includes:
确定解析结果的生成时间戳,并存储生成时间戳和解析结果。Determine the generation timestamp of the analysis result, and store the generation timestamp and the analysis result.
优选地,存储生成时间戳和解析结果之后,还包括:Preferably, after storing the generated timestamp and the analysis result, the method further includes:
若网络中配置的UDP协议出现故障,则根据用户输入的回放指令确定故障的出现时间段;If the UDP protocol configured in the network fails, the time period of the failure will be determined according to the playback instruction input by the user;
查询与出现时间段对应的目标生成时间戳;Query the target generation timestamp corresponding to the time period of occurrence;
将目标生成时间戳对应的解析结果进行可视化展示。Visually display the analysis results corresponding to the target generation timestamp.
第二方面,本申请提供了一种基于pcap格式的文件分析UDP协议的装置,包括:In the second aspect, this application provides a file analysis UDP protocol based on pcap format device, including:
抓取模块,用于从配置UDP协议的网络中抓取pcap格式的文件:The capture module is used to capture files in pcap format from the network configured with the UDP protocol:
过滤模块,用于调用过滤器对文件进行过滤,获得目标文件;过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;The filter module is used to call the filter to filter the file to obtain the target file; the filter has a pcap_complie() filter function and a pcap_setfilter() filter function;
拆分模块,用于将目标文件拆分为文件头和多个数据包;Splitting module, used to split the target file into file headers and multiple data packets;
判断模块,用于提取任一个数据包,并利用libpcap库判断数据包是否符合UDP协议;The judgment module is used to extract any data packet and use the libpcap library to judge whether the data packet conforms to the UDP protocol;
解析模块,用于若数据包符合UDP协议,则解析数据包,获得解析结果,并将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议。The parsing module is used for parsing the data packet if it conforms to the UDP protocol, obtaining the parsing result, and visually displaying the parsing result, so that the user can analyze the UDP protocol according to the parsing result.
第三方面,本申请提供了一种基于pcap格式的文件分析UDP协议的设备,包括:In the third aspect, this application provides a file analysis UDP protocol device based on pcap format, including:
存储器,用于存储计算机程序;Memory, used to store computer programs;
处理器,用于执行计算机程序,以实现前述公开的基于pcap格式的文件分析UDP协议的方法。The processor is used to execute a computer program to implement the previously disclosed method for analyzing the UDP protocol based on the pcap format file.
第四方面,本申请提供了一种可读存储介质,用于保存计算机程序,其中,计算机程序被处理器执行时实现前述公开的基于pcap格式的文件分析UDP协议的方法。In a fourth aspect, the present application provides a readable storage medium for storing a computer program, where the computer program is executed by a processor to implement the aforementioned disclosed method for analyzing a UDP protocol based on a pcap format file.
通过以上方案可知,本申请提供了一种基于pcap格式的文件分析UDP协议的方法,包括:从配置UDP协议的网络中抓取pcap格式的文件:调用过滤器对文件进行过滤,获得目标文件;过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;将目标文件拆分为文件头和多个数据包;提取任一个数据包,并利用libpcap库判断数据包是否符合UDP协议;若是,则解析数据包,获得解析结果,并将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议。It can be seen from the above solution that this application provides a method for analyzing UDP protocol based on pcap format files, including: grabbing pcap format files from a network configured with UDP protocol: calling a filter to filter the files to obtain the target file; The filter is equipped with pcap_complie() filtering function and pcap_setfilter() filtering function; split the target file into file headers and multiple data packets; extract any data packet, and use libpcap library to determine whether the data packet conforms to the UDP protocol; if so , The data packet is parsed, the analysis result is obtained, and the analysis result is displayed visually, so that the user can analyze the UDP protocol according to the analysis result.
可见,该方法从配置有UDP协议的网络中抓取pcap格式的文件后,首先调用过滤器对文件进行过滤,获得较纯净的pcap格式的目标文件;进而将目标文件拆分为文件头和多个数据包;对于任一个数据包,利用libpcap库判断数据包是否符合UDP协议;若是,则解析数据包,并将获得的解析结果进行可视化展示,以便用户根据解析结果分析UDP协议。其中,本申请为了更精准地分析UDP协议,并定位UDP协议中存在的故障,首先调用过滤器对pcap格式的文件进行了过滤,以避免不是pcap格式的数据影响分 析结果;其次利用libpcap库判断数据包是否符合UDP协议,从而再一次避免不是UDP协议的数据包影响分析结果,因此本申请能够提高分析UDP协议的准确性,以及UDP协议故障的定位准确性。同时,本申请还可以将符合UDP协议的数据包的解析结果进行可视化展示,这样用户便可以根据解析结果进一步确定UDP协议中存在的故障,从而为UDP协议故障的定位提供了便利。It can be seen that after this method grabs a file in pcap format from a network configured with UDP protocol, it first calls a filter to filter the file to obtain a purer target file in pcap format; and then splits the target file into file headers and multiple files. A data packet; for any data packet, use the libpcap library to determine whether the data packet conforms to the UDP protocol; if so, parse the data packet and visually display the obtained analysis result so that the user can analyze the UDP protocol according to the analysis result. Among them, in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol, this application first calls the filter to filter the files in pcap format to avoid data that is not in the pcap format from affecting the analysis results; secondly, it uses the libpcap library to determine Whether the data packet conforms to the UDP protocol, so as to prevent the data packet that is not the UDP protocol from affecting the analysis result again. Therefore, this application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults in the UDP protocol. At the same time, this application can also visually display the analysis results of data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
相应地,本申请提供的一种基于pcap格式的文件分析UDP协议的装置、设备及可读存储介质,也同样具有上述技术效果。Correspondingly, the device, equipment and readable storage medium for analyzing UDP protocol based on pcap format file provided by this application also have the above technical effects.
附图说明Description of the drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are the embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on the provided drawings without creative work.
图1为本申请公开的第一种基于pcap格式的文件分析UDP协议的方法流程图;Figure 1 is a flow chart of the first method for analyzing UDP protocol based on pcap format files disclosed in this application;
图2为图1中S105步骤的细化流程图;Figure 2 is a detailed flowchart of step S105 in Figure 1;
图3为本申请公开的第二种基于pcap格式的文件分析UDP协议的方法流程图;Figure 3 is a flow chart of the second method for analyzing UDP protocol based on pcap format files disclosed in this application;
图4为本申请公开的第三种基于pcap格式的文件分析UDP协议的方法流程图;FIG. 4 is a flow chart of the third method for analyzing UDP protocol based on pcap format files disclosed in this application;
图5为本申请公开的一种文件选择界面示意图;Figure 5 is a schematic diagram of a file selection interface disclosed in this application;
图6为本申请公开的一种解析结果展示示意图;FIG. 6 is a schematic diagram showing the analysis results disclosed in this application;
图7为本申请公开的一种基于pcap格式的文件分析UDP协议的装置示意图;FIG. 7 is a schematic diagram of an apparatus for analyzing UDP protocol based on a pcap format file disclosed in this application;
图8为本申请公开的一种基于pcap格式的文件分析UDP协议的设备示意图。FIG. 8 is a schematic diagram of a device for analyzing UDP protocol based on a pcap format file disclosed in this application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例, 而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
目前,现有的抓包工具仅能从网络中抓取数据包,而无法可视化展示抓包结果,这不利于UDP协议的分析和故障定位。并且,一个网络中配置的协议不仅仅包括UDP协议,因此抓到的数据包可能是符合其他协议的数据包,而现有抓包工具也无法精准地识别不同协议对应的数据包,从而进一步给UDP协议的分析各故障定位带来了阻碍。为此,本申请提供了一种基于pcap格式的文件分析UDP协议的方案,能够提高UDP协议的分析效率和准确率。At present, the existing packet capture tools can only capture data packets from the network, but cannot visually display the packet capture results, which is not conducive to the analysis and fault location of the UDP protocol. In addition, the protocol configured in a network does not only include the UDP protocol, so the captured data packet may be a data packet that conforms to other protocols, and the existing packet capture tools cannot accurately identify the data packets corresponding to different protocols, thereby further giving The analysis of UDP protocol brings obstacles to the location of various faults. For this reason, this application provides a solution for analyzing UDP protocol based on pcap format files, which can improve the analysis efficiency and accuracy of UDP protocol.
参见图1所示,本申请实施例公开了第一种基于pcap格式的文件分析UDP协议的方法,包括:As shown in Fig. 1, an embodiment of the present application discloses a first method for analyzing UDP protocol based on a pcap format file, including:
S101、从配置UDP协议的网络中抓取pcap格式的文件:S101. Grab a file in pcap format from a network configured with UDP protocol:
具体的,从配置UDP协议的网络中抓取pcap格式的文件,包括:利用抓包工具从网络中抓取文件。抓包工具如Wireshark、tcpdump等。Pcap为一种文件格式,UDP协议为用户数据报协议(User Datagram Protocol),是一种无连接的传输协议。Specifically, capturing a file in pcap format from a network configured with a UDP protocol includes: using a packet capture tool to capture a file from the network. Packet capture tools such as Wireshark, tcpdump, etc. Pcap is a file format, and the UDP protocol is User Datagram Protocol (User Datagram Protocol), which is a connectionless transmission protocol.
S102、调用过滤器对文件进行过滤,获得目标文件;S102: Invoke the filter to filter the file, and obtain the target file;
其中,过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数。pcap_complie()使用包含高级布尔表达式的字符串,并且产生能被过滤引擎集成到数据包驱动中的低级字节码。pcap_setfilter()把一个过滤器与抓包会话关联起来。一旦pcap_setfilter()被调用,相关的过滤器将被应用到所有的来自网络的数据包上。其中,调用过滤器对pcap格式的文件进行过滤,可以避免不是pcap格式的数据影响分析结果。Among them, the filter has pcap_complie() filtering function and pcap_setfilter() filtering function. pcap_complie() uses strings containing high-level Boolean expressions and generates low-level bytecodes that can be integrated into the packet driver by the filtering engine. pcap_setfilter() associates a filter with the packet capture session. Once pcap_setfilter() is called, the relevant filter will be applied to all packets from the network. Among them, calling the filter to filter files in pcap format can prevent data that is not in pcap format from affecting the analysis results.
S103、将目标文件拆分为文件头和多个数据包;S103. Split the target file into a file header and multiple data packets;
需要说明的是,pcap格式的文件包括文件头和多个数据包,每个数据包包括数据包头和数据。其中的各个数据包是用于分析协议的对象,也就是分析pcap格式的文件中的数据包,就能够获悉协议的故障与否。It should be noted that a file in the pcap format includes a file header and multiple data packets, and each data packet includes a data packet header and data. Each of the data packets is the object used to analyze the protocol, that is, by analyzing the data packets in the pcap format file, you can learn whether the protocol is faulty or not.
S104、提取任一个数据包,并利用libpcap库判断数据包是否符合UDP 协议;若是,则执行S105;若否,则执行S107;S104. Extract any data packet, and use the libpcap library to determine whether the data packet conforms to the UDP protocol; if yes, execute S105; if not, execute S107;
S105、解析数据包,获得解析结果;S105. Parse the data packet to obtain the parsing result;
S106、将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议;S106: Visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result;
S107、丢弃数据包。S107. Discard the data packet.
在本实施例中,当pcap格式的文件中的数据包符合UDP协议时,才对数据包进行进一步解析,否则,丢弃数据包,从而可减少不必要的解析过程。libpcap是非常强大的网络嗅探工具库,其中的libpcap系列函数可以对数据包内容进行解析。Libpcap库中的相关函数及其功能可以参见现有技术。In this embodiment, when the data packet in the pcap format file complies with the UDP protocol, the data packet is further analyzed; otherwise, the data packet is discarded, thereby reducing unnecessary analysis processes. libpcap is a very powerful network sniffing tool library, among which the libpcap series of functions can analyze the content of data packets. Related functions and functions in the Libpcap library can be referred to the prior art.
在一种具体实施方式中,将解析结果进行可视化展示,包括:对解析结果进行统计,获得统计结果;利用预设可视化工具展示统计结果。可视化工具中可设置多种展示图表,如:折线图、柱状图、饼状图、折线图等。In a specific implementation manner, visually displaying the analysis result includes: performing statistics on the analysis result to obtain the statistical result; and displaying the statistical result using a preset visualization tool. A variety of display charts can be set in the visualization tool, such as: line chart, column chart, pie chart, line chart, etc.
其中,对解析结果的统计可以为:统计预设时间段内源端口号正确的数据包、源端口号错误的数据包、目的端口号正确的数据包、目的端口号错误的数据包等。对于这些统计结果,可以用折线图、柱状图、饼状图、折线图等进行展示。Among them, the statistics of the analysis result may be: data packets with the correct source port number, data packets with the wrong source port number, data packets with the correct destination port number, and data packets with the wrong destination port number within the preset time period. For these statistical results, you can use line graphs, histograms, pie charts, line graphs, etc. to display.
请参见图2,图2为图1中S105步骤的细化流程图。图1中的S105的具体实现步骤包括:Please refer to FIG. 2, which is a detailed flowchart of step S105 in FIG. 1. The specific implementation steps of S105 in Figure 1 include:
S201、将数据包拆分为数据包头和数据;S201: Split the data packet into a data packet header and data;
S202、解析数据包头,获得数据包头的组成部分;S202: Parse the data packet header to obtain the components of the data packet header;
S203、解析数据,获得数据的长度;S203: Analyze the data to obtain the length of the data;
S204、将数据包头的组成部分以及长度确定为解析结果。S204: Determine the components and length of the data packet header as the analysis result.
需要说明的是,数据包头的组成部分包括:GMTtime、MicroTime、caplen、len等。It should be noted that the components of the data packet header include: GMTtime, MicroTime, caplen, len, etc.
一般地,符合UDP协议的数据包包括:源端口号,目的端口号,数据包长度,校验和以及数据,其中,源端口号,目的端口号,数据包长度,校验和为UDP首部。基于包含数据包头的组成部分以及长度的解析结果可进一步确定源端口号,目的端口号,数据包长度,校验和以及数据。Generally, data packets conforming to the UDP protocol include: source port number, destination port number, data packet length, checksum and data, where the source port number, destination port number, data packet length, and checksum are the UDP header. The source port number, destination port number, packet length, checksum, and data can be further determined based on the analysis result including the components and length of the packet header.
可见,本实施例为了更精准地分析UDP协议,并定位UDP协议中存 在的故障,首先调用过滤器对pcap格式的文件进行了过滤,以避免不是pcap格式的数据影响分析结果;其次利用libpcap库判断数据包是否符合UDP协议,从而再一次避免不是UDP协议的数据包影响分析结果,因此本申请能够提高分析UDP协议的准确性,以及UDP协议故障的定位准确性。同时,本申请还可以将符合UDP协议的数据包的解析结果进行可视化展示,这样用户便可以根据解析结果进一步确定UDP协议中存在的故障,从而为UDP协议故障的定位提供了便利。It can be seen that, in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol in this embodiment, the filter is first called to filter the files in pcap format to avoid data that is not in the pcap format from affecting the analysis results; secondly, the libpcap library is used It is judged whether the data packet conforms to the UDP protocol, so as to avoid the data packet that is not the UDP protocol from affecting the analysis result. Therefore, the present application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults of the UDP protocol. At the same time, this application can also visually display the analysis results of data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
参见图3所示,本申请实施例公开了第二种基于pcap格式的文件分析UDP协议的方法,包括:Referring to FIG. 3, the embodiment of the present application discloses a second method for analyzing UDP protocol based on a pcap format file, including:
S301、从配置UDP协议的网络中抓取pcap格式的文件:S301. Grab a file in pcap format from a network configured with UDP protocol:
S302、调用过滤器对文件进行过滤,获得目标文件;S302: Invoke the filter to filter the file, and obtain the target file;
其中,过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;Among them, the filter has pcap_complie() filtering function and pcap_setfilter() filtering function;
S303、将目标文件拆分为文件头和多个数据包;S303. Split the target file into a file header and multiple data packets;
其中pcap格式的文件的前24个字节为文件头,文件头包含了文件信息。文件头的组成部分包括:Magic、Major、Minor、ThisZone、SnapLen、LinkType等。The first 24 bytes of the pcap format file are the file header, and the file header contains file information. The components of the file header include: Magic, Major, Minor, ThisZone, SnapLen, LinkType, etc.
S304、提取任一个数据包,并利用libpcap库判断数据包是否符合UDP协议;若是,则执行S305;若否,则执行S307;S304. Extract any data packet, and use the libpcap library to determine whether the data packet conforms to the UDP protocol; if so, execute S305; if not, execute S307;
S305、解析数据包,获得解析结果;S305: Parse the data packet to obtain a parsing result;
S306、将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议,并执行S308;S306: Visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result, and execute S308;
S307、丢弃数据包;S307. Discard the data packet.
S308、接收用户输入的数据包修改指令;S308: Receive a data packet modification instruction input by the user;
S309、根据用户输入的数据包修改指令调用数据包编辑器;S309: Invoke the data packet editor according to the data packet modification instruction input by the user;
S310、利用数据包编辑器修改数据包,并将修改后的数据包传输至网络;S310. Use the data packet editor to modify the data packet, and transmit the modified data packet to the network;
S311、获取网络对修改后的数据包的处理结果;S311. Obtain a processing result of the modified data packet by the network.
S312、判断处理结果是否正确;若是,则执行S313;若否,则执行 S314;S312. Determine whether the processing result is correct; if yes, execute S313; if not, execute S314;
S313、确定网络中配置的UDP协议不存在相应故障;S313. Determine that there is no corresponding fault in the UDP protocol configured in the network;
S314、确定网络中配置的UDP协议存在相应故障。S314. Determine that the UDP protocol configured in the network has a corresponding failure.
在本实施例中,增加了数据包修改和发送功能,即S308-S314描述的内容。具体的,数据包编辑器可以为WPE(Winsock Packet Editor,网络封包编辑器)。修改后的数据包是具有误导性的数据包,其能够误导网络按照错误方向处理数据包,因此若网络对修改后的数据包的处理结果正确,即表明网络并未被修改后的数据包误导,输出了正确的处理结果,不存在与修改后的数据包对应的故障;若网络对修改后的数据包的处理结果错误,即表明网络被修改后的数据包误导,输出了错误的处理结果,那么说明当前网络中存在与修改后的数据包对应的故障。In this embodiment, data packet modification and sending functions are added, that is, the content described in S308-S314. Specifically, the data packet editor may be WPE (Winsock Packet Editor, network packet editor). The modified data packet is a misleading data packet, which can mislead the network to process the data packet in the wrong direction. Therefore, if the network processes the modified data packet correctly, it means that the network has not been misled by the modified data packet. , The correct processing result is output, and there is no fault corresponding to the modified data packet; if the network processing the modified data packet is wrong, it means that the network is misled by the modified data packet and the wrong processing result is output , It means that there is a fault corresponding to the modified data packet in the current network.
需要说明的是,本实施例中的实现步骤与上述实施例相同或类似,必要时可相互参照,故本实施例不再赘述。It should be noted that the implementation steps in this embodiment are the same as or similar to those in the foregoing embodiment, and can be referred to each other when necessary, so this embodiment will not be repeated in this embodiment.
由上可见,本实施例为了更精准地分析UDP协议,并定位UDP协议中存在的故障,首先调用过滤器对pcap格式的文件进行了过滤,以避免不是pcap格式的数据影响分析结果;其次利用libpcap库判断数据包是否符合UDP协议,从而再一次避免不是UDP协议的数据包影响分析结果,因此本申请能够提高分析UDP协议的准确性,以及UDP协议故障的定位准确性。同时,本申请还可以将符合UDP协议的数据包的解析结果进行可视化展示,这样用户便可以根据解析结果进一步确定UDP协议中存在的故障,从而为UDP协议故障的定位提供了便利。本实施例还增加了数据包修改和发送功能,进一步为UDP协议故障的定位提供了便利。It can be seen from the above that in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol, this embodiment first calls the filter to filter files in pcap format to avoid data that is not in pcap format from affecting the analysis results; secondly, it uses The libpcap library judges whether the data packet conforms to the UDP protocol, so as to avoid the data packet that is not the UDP protocol from affecting the analysis result. Therefore, this application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults in the UDP protocol. At the same time, this application can also visually display the analysis results of the data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults. This embodiment also adds data packet modification and sending functions, which further facilitates the location of UDP protocol failures.
参见图4所示,本申请实施例公开了第三种基于pcap格式的文件分析UDP协议的方法,包括:Referring to FIG. 4, the embodiment of the present application discloses a third method for analyzing UDP protocol based on a pcap format file, including:
S401、从配置UDP协议的网络中抓取pcap格式的文件:S401. Grab a file in pcap format from the network configured with the UDP protocol:
S402、调用过滤器对文件进行过滤,获得目标文件;S402: Invoke the filter to filter the file, and obtain the target file;
其中,过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;Among them, the filter has pcap_complie() filtering function and pcap_setfilter() filtering function;
S403、将目标文件拆分为文件头和多个数据包;S403: Split the target file into a file header and multiple data packets;
S404、提取任一个数据包,并利用libpcap库判断数据包是否符合UDP协议;若是,则执行S405;若否,则执行S407;S404. Extract any data packet, and use the libpcap library to determine whether the data packet conforms to the UDP protocol; if so, execute S405; if not, execute S407;
S405、解析数据包,获得解析结果;S405: Parse the data packet to obtain a parsing result;
S406、将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议,并执行S408;S406: Visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result, and execute S408;
S407、丢弃数据包。S407. Discard the data packet.
S408、确定解析结果的生成时间戳,并存储生成时间戳和解析结果。S408: Determine the generation timestamp of the analysis result, and store the generation timestamp and the analysis result.
S409、若网络中配置的UDP协议出现故障,则根据用户输入的回放指令确定故障的出现时间段;S409. If the UDP protocol configured in the network fails, determine the time period of occurrence of the failure according to the playback instruction input by the user;
S410、查询与出现时间段对应的目标生成时间戳;S410: Query the target generation timestamp corresponding to the appearance time period;
S411、将目标生成时间戳对应的解析结果进行可视化展示。S411: Visually display the analysis result corresponding to the target generation timestamp.
在本实施例中,增加了数据包回放功能,即S408-S411描述的内容。具体的,本实施例可存储每个符合UDP协议的数据包的解析结果,以及每个解析结果对应的生成时间戳。因此当网络中配置的UDP协议出现故障,用户便可以查询与故障出现时间段对应的解析结果,从而确定该段时间内出现的故障问题,实现了故障问题的追溯。In this embodiment, a data packet playback function is added, that is, the content described in S408-S411. Specifically, this embodiment can store the analysis result of each data packet conforming to the UDP protocol, and the generation timestamp corresponding to each analysis result. Therefore, when the UDP protocol configured in the network fails, the user can query the analysis results corresponding to the time period of the failure, so as to determine the failure problem that occurred during this period, and realize the tracing of the failure problem.
需要说明的是,本实施例中的实现步骤与上述实施例相同或类似,必要时可相互参照,故本实施例不再赘述。It should be noted that the implementation steps in this embodiment are the same as or similar to those in the foregoing embodiment, and can be referred to each other when necessary, so this embodiment will not be repeated in this embodiment.
由上可见,本实施例为了更精准地分析UDP协议,并定位UDP协议中存在的故障,首先调用过滤器对pcap格式的文件进行了过滤,以避免不是pcap格式的数据影响分析结果;其次利用libpcap库判断数据包是否符合UDP协议,从而再一次避免不是UDP协议的数据包影响分析结果,因此本申请能够提高分析UDP协议的准确性,以及UDP协议故障的定位准确性。同时,本申请还可以将符合UDP协议的数据包的解析结果进行可视化展示,这样用户便可以根据解析结果进一步确定UDP协议中存在的故障,从而为UDP协议故障的定位提供了便利。本实施例还增加了数据包回放功能,进一步为UDP协议故障的定位提供了便利。It can be seen from the above that in order to analyze the UDP protocol more accurately and locate the faults in the UDP protocol, this embodiment first calls the filter to filter files in pcap format to avoid data that is not in pcap format from affecting the analysis results; secondly, it uses The libpcap library judges whether the data packet conforms to the UDP protocol, so as to avoid the data packet that is not the UDP protocol from affecting the analysis result. Therefore, this application can improve the accuracy of analyzing the UDP protocol and the accuracy of locating faults in the UDP protocol. At the same time, this application can also visually display the analysis results of data packets conforming to the UDP protocol, so that the user can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults. This embodiment also adds a data packet playback function, which further facilitates the location of UDP protocol failures.
按照本申请提供的基于pcap格式的文件分析UDP协议的方法可设计如下分析工具,该分析工具与现有抓包工具结合使用,也就是先利用现有 抓包工具抓取pcap格式的文件,再利用本实施例提供的分析工具分析pcap格式的文件。本实施例提供的分析工具包括四个软件包,具体为:According to the method for analyzing the UDP protocol based on the pcap format provided by this application, the following analysis tool can be designed. The analysis tool is used in combination with the existing packet capture tool, that is, first use the existing packet capture tool to capture the pcap format file, and then The analysis tool provided in this embodiment is used to analyze the pcap format file. The analysis tool provided in this embodiment includes four software packages, specifically:
com.wangdianqing.packet;com.wangdianqing.packet;
com.wangdianqing.pacpparser;com.wangdianqing.pacpparser;
ProtocolJudge;ProtocolJudge;
com.wangdianqing.UI。com.wangdianqing.UI.
其中,com.wangdianqing.packet中可实现ExtensionFileFilter类过滤器,ExtensionFileFilter类用于打开pcap格式的文件,对文件进行过滤。Among them, the ExtensionFileFilter class filter can be implemented in com.wangdianqing.packet, and the ExtensionFileFilter class is used to open files in pcap format and filter the files.
com.wangdianqing.packet还可以用于解析数据包,以输出相应的解析结果。com.wangdianqing.packet can also be used to parse data packets to output the corresponding analysis results.
com.wangdianqing.pacpparser可实现Pcappparser类,Pcappparser类用于将pcap格式文件拆分为文件头和多个数据包,每个数据包拆分为数据包头和数据。com.wangdianqing.pacpparser can implement the Pcappparser class. The Pcappparser class is used to split a pcap format file into a file header and multiple data packets, and each data packet is split into a data packet header and data.
ProtocolJudge中可实现ProtocolJudge类,ProtocolJudge类用于判断协议类型,也就是判断数据包是否符合UDP协议。The ProtocolJudge class can be implemented in ProtocolJudge. The ProtocolJudge class is used to determine the protocol type, that is, to determine whether the data packet conforms to the UDP protocol.
com.wangdianqing.UI中可实现MyUI类,MyUI类用于实现用户交互界面,实现选择文件,根据文件路径创建输入流,并根据用户要求展示解析结果。The MyUI class can be implemented in com.wangdianqing.UI. The MyUI class is used to implement a user interaction interface, select a file, create an input stream according to the file path, and display the analysis result according to user requirements.
具体的,本实施例中的分析工具实现的用户交互界面请参见图5和图6。图5为一种文件选择界面示意图,图6为一种解析结果展示示意图。从图6可看出,某一数据包的解析结果为:协议为UDP协议,源IP地址127.0.0.1,目的IP地址127.0.0.1,服务类型0x00,总长度28,标识0x9F24,标志0x00,TTL为64,协议类型0x11,首部校验和0xDDAA,UDP源端口号12345,目的端口号53,总长度8,校验和0x0000。Specifically, please refer to FIG. 5 and FIG. 6 for the user interaction interface implemented by the analysis tool in this embodiment. Figure 5 is a schematic diagram of a file selection interface, and Figure 6 is a schematic diagram of a display of analysis results. It can be seen from Figure 6 that the analysis result of a certain data packet is: the protocol is UDP, the source IP address is 127.0.0.1, the destination IP address is 127.0.0.1, the service type is 0x00, the total length is 28, the identifier is 0x9F24, the identifier is 0x00, and TTL. It is 64, the protocol type is 0x11, the first checksum is 0xDDAA, the UDP source port number is 12345, the destination port number is 53, the total length is 8, and the checksum is 0x0000.
可见,本实施例提供的分析工具可基于pcap格式的文件分析UDP协议,并实现了更精准地分析UDP协议,定位UDP协议中存在的故障,同时,还可以将符合UDP协议的数据包的解析结果进行可视化展示,这样用户便可以根据解析结果进一步确定UDP协议中存在的故障,从而为UDP协议故障的定位提供了便利。It can be seen that the analysis tool provided in this embodiment can analyze the UDP protocol based on the file in pcap format, and realize a more accurate analysis of the UDP protocol, locate the faults in the UDP protocol, and at the same time, can also analyze the data packets conforming to the UDP protocol. The results are displayed visually, so that users can further determine the faults in the UDP protocol based on the analysis results, which facilitates the location of UDP protocol faults.
下面对本申请实施例提供的一种基于pcap格式的文件分析UDP协议的装置进行介绍,下文描述的一种基于pcap格式的文件分析UDP协议的装置与上文描述的一种基于pcap格式的文件分析UDP协议的方法可以相互参照。The UDP protocol-based file analysis device based on pcap format provided by the embodiments of the present application will be introduced below. The following describes a pcap format-based file analysis UDP protocol device and the above-described pcap format-based file analysis device. The methods of the UDP protocol can be cross-referenced.
参见图7所示,本申请实施例公开了一种基于pcap格式的文件分析UDP协议的装置,包括:As shown in FIG. 7, an embodiment of the present application discloses an apparatus for analyzing a UDP protocol based on a pcap format file, including:
抓取模块701,用于从配置UDP协议的网络中抓取pcap格式的文件:The capture module 701 is used to capture files in pcap format from the network configured with the UDP protocol:
过滤模块702,用于调用过滤器对文件进行过滤,获得目标文件;过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;The filtering module 702 is used to call the filter to filter the file to obtain the target file; the filter is provided with a pcap_complie() filtering function and a pcap_setfilter() filtering function;
拆分模块703,用于将目标文件拆分为文件头和多个数据包;The splitting module 703 is used to split the target file into a file header and multiple data packets;
判断模块704,用于提取任一个数据包,并利用libpcap库判断数据包是否符合UDP协议;The judging module 704 is used to extract any data packet and use the libpcap library to judge whether the data packet complies with the UDP protocol;
解析模块705,用于若数据包符合UDP协议,则解析数据包,获得解析结果,并将解析结果进行可视化展示,以便用户根据解析结果分析UDP协议。The parsing module 705 is used for parsing the data packet if the data packet conforms to the UDP protocol, obtaining the parsing result, and visually displaying the parsing result, so that the user can analyze the UDP protocol according to the parsing result.
在一种具体实施方式中,解析模块包括:In a specific implementation, the parsing module includes:
拆分单元,用于将数据包拆分为数据包头和数据;Splitting unit, used to split the data packet into data packet header and data;
第一解析单元,用于解析数据包头,获得数据包头的组成部分;The first parsing unit is used to parse the data packet header to obtain the components of the data packet header;
第二解析单元,用于解析数据,获得数据的长度;The second parsing unit is used to parse the data to obtain the length of the data;
确定单元,用于将数据包头的组成部分以及长度确定为解析结果。The determining unit is used to determine the components and length of the data packet header as the analysis result.
在一种具体实施方式中,解析模块包括:In a specific implementation, the parsing module includes:
统计单元,用于对解析结果进行统计,获得统计结果;The statistical unit is used to perform statistics on the analysis results and obtain statistical results;
展示单元,用于利用预设可视化工具展示统计结果。The display unit is used to display the statistical results using a preset visualization tool.
在一种具体实施方式中,抓取模块具体用于:In a specific implementation manner, the grabbing module is specifically used for:
利用抓包工具从网络中抓取文件。Use a packet capture tool to grab files from the Internet.
在一种具体实施方式中,还包括:In a specific embodiment, it further includes:
丢弃模块,用于若数据包不符合UDP协议,则丢弃数据包。The discarding module is used to discard the data packet if the data packet does not conform to the UDP protocol.
在一种具体实施方式中,还包括:In a specific embodiment, it further includes:
调用模块,用于根据用户输入的数据包修改指令调用数据包编辑器;The calling module is used to call the data packet editor according to the data packet modification instruction input by the user;
修改模块,用于利用数据包编辑器修改数据包,并将修改后的数据包 传输至网络;Modification module, used to modify the data package using the data package editor, and transmit the modified data package to the network;
获取模块,用于获取网络对修改后的数据包的处理结果;The obtaining module is used to obtain the processing result of the modified data packet by the network;
第一确定模块,用于若处理结果错误,则确定网络中配置的UDP协议存在故障。The first determining module is configured to determine that the UDP protocol configured in the network is faulty if the processing result is wrong.
在一种具体实施方式中,还包括:In a specific embodiment, it further includes:
存储模块,用于确定解析结果的生成时间戳,并存储生成时间戳和解析结果。The storage module is used to determine the generation timestamp of the analysis result, and store the generation timestamp and the analysis result.
在一种具体实施方式中,还包括:In a specific embodiment, it further includes:
第二确定模块,用于若网络中配置的UDP协议出现故障,则根据用户输入的回放指令确定故障的出现时间段;The second determination module is used to determine the time period of occurrence of the failure according to the playback instruction input by the user if the UDP protocol configured in the network fails;
查询模块,用于查询与出现时间段对应的目标生成时间戳;The query module is used to query the target generation timestamp corresponding to the time period of occurrence;
展示模块,用于将目标生成时间戳对应的解析结果进行可视化展示。The display module is used to visually display the analysis result corresponding to the target generation timestamp.
其中,关于本实施例中各个模块、单元更加具体的工作过程可以参考前述实施例中公开的相应内容,在此不再进行赘述。For the more specific working process of each module and unit in this embodiment, reference may be made to the corresponding content disclosed in the foregoing embodiment, which will not be repeated here.
可见,本实施例提供了一种基于pcap格式的文件分析UDP协议的装置,该装置能够更精准地分析UDP协议,并定位UDP协议中存在的故障,提高UDP协议的分析准确性,以及UDP协议故障的定位准确性。同时,还可以将符合UDP协议的数据包的解析结果进行可视化展示,这样用户便可以根据解析结果进一步确定UDP协议中存在的故障,从而为UDP协议故障的定位提供了便利。It can be seen that this embodiment provides a device for analyzing UDP protocol based on pcap format files, which can analyze UDP protocol more accurately, locate faults in UDP protocol, and improve the accuracy of UDP protocol analysis, and UDP protocol The location accuracy of the fault. At the same time, the analysis results of data packets conforming to the UDP protocol can also be visually displayed, so that users can further determine the faults in the UDP protocol based on the analysis results, thereby facilitating the location of the UDP protocol faults.
下面对本申请实施例提供的一种基于pcap格式的文件分析UDP协议的设备进行介绍,下文描述的一种基于pcap格式的文件分析UDP协议的设备与上文描述的一种基于pcap格式的文件分析UDP协议的方法及装置可以相互参照。The following describes a device based on the pcap format file analysis UDP protocol provided by the embodiments of the present application. The device based on the pcap format file analysis UDP protocol described below is the same as the file analysis device based on the pcap format described above. The methods and devices of the UDP protocol can be cross-referenced.
参见图8所示,本申请实施例公开了一种基于pcap格式的文件分析UDP协议的设备,包括:As shown in FIG. 8, an embodiment of the present application discloses a device for analyzing UDP protocol based on a pcap format file, including:
存储器801,用于保存计算机程序;The memory 801 is used to store computer programs;
处理器802,用于执行所述计算机程序,以实现上述任意实施例公开的方法。The processor 802 is configured to execute the computer program to implement the method disclosed in any of the foregoing embodiments.
下面对本申请实施例提供的一种可读存储介质进行介绍,下文描述的一种可读存储介质与上文描述的一种基于pcap格式的文件分析UDP协议的方法、装置及设备可以相互参照。The following introduces a readable storage medium provided by an embodiment of the present application. The readable storage medium described below and the method, device, and device for analyzing UDP protocol based on pcap format described above can be cross-referenced.
一种可读存储介质,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现前述实施例公开的基于pcap格式的文件分析UDP协议的方法。关于该方法的具体步骤可以参考前述实施例中公开的相应内容,在此不再进行赘述。A readable storage medium used to store a computer program, where the computer program, when executed by a processor, implements the method for analyzing the UDP protocol based on the pcap format file disclosed in the foregoing embodiments. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not described herein again.
本申请涉及的“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法或设备固有的其它步骤或单元。The “first”, “second”, “third”, “fourth”, etc. (if any) involved in this application are used to distinguish similar objects, and not necessarily used to describe a specific sequence or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances, so that the embodiments described herein can be implemented in a sequence other than the content illustrated or described herein. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusion. For example, a process, method, or device that includes a series of steps or units is not necessarily limited to those clearly listed. , But may include other steps or units that are not clearly listed or are inherent to these processes, methods, or equipment.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions related to "first", "second", etc. in this application are only for descriptive purposes, and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of indicated technical features . Therefore, the features defined with "first" and "second" may explicitly or implicitly include at least one of the features. In addition, the technical solutions between the various embodiments can be combined with each other, but it must be based on what can be achieved by a person of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be achieved, it should be considered that such a combination of technical solutions does not exist. , Is not within the scope of protection required by this application.
本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。The various embodiments in this specification are described in a progressive manner. Each embodiment focuses on the differences from other embodiments, and the same or similar parts between the various embodiments can be referred to each other.
结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可 擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的可读存储介质中。The steps of the method or algorithm described in combination with the embodiments disclosed herein can be directly implemented by hardware, a software module executed by a processor, or a combination of the two. The software module can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, or all areas in the technical field. Any other form of well-known readable storage medium.
本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。Specific examples are used in this article to illustrate the principles and implementation of the application. The descriptions of the above examples are only used to help understand the methods and core ideas of the application; at the same time, for those of ordinary skill in the art, according to the application The idea of, there will be changes in the specific implementation and the scope of application. In summary, the content of this specification should not be construed as a limitation to this application.

Claims (10)

  1. 一种基于pcap格式的文件分析UDP协议的方法,其特征在于,包括:A method for analyzing UDP protocol based on files in pcap format, which is characterized in that it includes:
    从配置UDP协议的网络中抓取pcap格式的文件:Grab a file in pcap format from the network where the UDP protocol is configured:
    调用过滤器对所述文件进行过滤,获得目标文件;所述过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;Calling a filter to filter the file to obtain a target file; the filter is provided with a pcap_complie() filtering function and a pcap_setfilter() filtering function;
    将所述目标文件拆分为文件头和多个数据包;Split the target file into a file header and multiple data packets;
    提取任一个所述数据包,并利用libpcap库判断所述数据包是否符合所述UDP协议;Extract any of the data packets, and use the libpcap library to determine whether the data packets conform to the UDP protocol;
    若是,则解析所述数据包,获得解析结果,并将所述解析结果进行可视化展示,以便用户根据所述解析结果分析所述UDP协议。If so, parse the data packet to obtain the analysis result, and visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result.
  2. 根据权利要求1所述的方法,其特征在于,所述解析所述数据包,获得解析结果,包括:The method according to claim 1, wherein the parsing the data packet to obtain a parsing result comprises:
    将所述数据包拆分为数据包头和数据;Split the data packet into a data packet header and data;
    解析所述数据包头,获得所述数据包头的组成部分;Parse the data packet header to obtain the components of the data packet header;
    解析所述数据,获得所述数据的长度;Parse the data to obtain the length of the data;
    将所述数据包头的组成部分以及所述长度确定为所述解析结果。The component part of the data packet header and the length are determined as the analysis result.
  3. 根据权利要求1所述的方法,其特征在于,所述将所述解析结果进行可视化展示,包括:The method according to claim 1, wherein the visually displaying the analysis result comprises:
    对所述解析结果进行统计,获得统计结果;Perform statistics on the analysis results to obtain statistical results;
    利用预设可视化工具展示所述统计结果。Use a preset visualization tool to display the statistical results.
  4. 根据权利要求1所述的方法,其特征在于,还包括:The method according to claim 1, further comprising:
    若所述数据包不符合所述UDP协议,则丢弃所述数据包。If the data packet does not conform to the UDP protocol, the data packet is discarded.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述将所述解析结果进行可视化展示之后,还包括:The method according to any one of claims 1 to 4, wherein after the visual display of the analysis result, the method further comprises:
    根据用户输入的数据包修改指令调用数据包编辑器;Call the data packet editor according to the data packet modification instruction entered by the user;
    利用所述数据包编辑器修改所述数据包,并将修改后的数据包传输至所述网络;Use the data packet editor to modify the data packet, and transmit the modified data packet to the network;
    获取所述网络对所述修改后的数据包的处理结果;Acquiring a processing result of the modified data packet by the network;
    若所述处理结果错误,则确定所述网络中配置的UDP协议存在故障。If the processing result is wrong, it is determined that the UDP protocol configured in the network is faulty.
  6. 根据权利要求1所述的方法,其特征在于,所述将所述解析结果进行可视化展示之后,还包括:The method according to claim 1, wherein after the visual display of the analysis result, the method further comprises:
    确定所述解析结果的生成时间戳,并存储所述生成时间戳和所述解析结果。The generation timestamp of the analysis result is determined, and the generation timestamp and the analysis result are stored.
  7. 根据权利要求6所述的方法,其特征在于,所述存储所述生成时间戳和所述解析结果之后,还包括:The method according to claim 6, characterized in that, after storing the generation timestamp and the analysis result, the method further comprises:
    若所述网络中配置的UDP协议出现故障,则根据用户输入的回放指令确定故障的出现时间段;If the UDP protocol configured in the network fails, the time period of occurrence of the failure is determined according to the playback instruction input by the user;
    查询与所述出现时间段对应的目标生成时间戳;Query the target generation timestamp corresponding to the occurrence time period;
    将所述目标生成时间戳对应的解析结果进行可视化展示。Visually display the analysis result corresponding to the target generation timestamp.
  8. 一种基于pcap格式的文件分析UDP协议的装置,其特征在于,包括:A device for analyzing UDP protocol based on files in pcap format, which is characterized in that it comprises:
    抓取模块,用于从配置UDP协议的网络中抓取pcap格式的文件:The capture module is used to capture files in pcap format from the network configured with the UDP protocol:
    过滤模块,用于调用过滤器对所述文件进行过滤,获得目标文件;所述过滤器中设有pcap_complie()过滤函数和pcap_setfilter()过滤函数;The filtering module is used to call a filter to filter the file to obtain the target file; the filter is provided with a pcap_complie() filtering function and a pcap_setfilter() filtering function;
    拆分模块,用于将所述目标文件拆分为文件头和多个数据包;A splitting module for splitting the target file into a file header and multiple data packets;
    判断模块,用于提取任一个所述数据包,并利用libpcap库判断所述数据包是否符合所述UDP协议;The judgment module is used to extract any one of the data packets, and use the libpcap library to judge whether the data packet conforms to the UDP protocol;
    解析模块,用于若所述数据包符合所述UDP协议,则解析所述数据包,获得解析结果,并将所述解析结果进行可视化展示,以便用户根据所述解析结果分析所述UDP协议。The parsing module is configured to, if the data packet conforms to the UDP protocol, analyze the data packet to obtain the analysis result, and visually display the analysis result, so that the user can analyze the UDP protocol according to the analysis result.
  9. 一种基于pcap格式的文件分析UDP协议的设备,其特征在于,包括:A file analysis UDP protocol device based on pcap format, which is characterized in that it includes:
    存储器,用于存储计算机程序;Memory, used to store computer programs;
    处理器,用于执行所述计算机程序,以实现如权利要求1至7任一项所述的方法。The processor is configured to execute the computer program to implement the method according to any one of claims 1 to 7.
  10. 一种可读存储介质,其特征在于,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述的方法。A readable storage medium, characterized in that it is used to store a computer program, wherein the computer program is executed by a processor to implement the method according to any one of claims 1 to 7.
PCT/CN2019/108474 2019-09-26 2019-09-27 File analysis udp protocol method and apparatus based on pcap format WO2021056400A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910915173.9 2019-09-26
CN201910915173.9A CN110661683B (en) 2019-09-26 2019-09-26 Method and device for analyzing UDP (user Datagram protocol) protocol by file based on pcap format

Publications (1)

Publication Number Publication Date
WO2021056400A1 true WO2021056400A1 (en) 2021-04-01

Family

ID=69039302

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/108474 WO2021056400A1 (en) 2019-09-26 2019-09-27 File analysis udp protocol method and apparatus based on pcap format

Country Status (2)

Country Link
CN (1) CN110661683B (en)
WO (1) WO2021056400A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685368A (en) * 2020-12-30 2021-04-20 成都科来网络技术有限公司 Method and system for processing complete session of super-large data packet file and readable storage medium
CN113141282B (en) * 2021-05-12 2022-03-18 深圳赛安特技术服务有限公司 Packet capturing method, device, equipment and storage medium based on Libpcap
CN113485282B (en) * 2021-09-07 2021-12-07 西安热工研究院有限公司 Message tracking display method, system, equipment and storage medium for distributed control system
CN113950088B (en) * 2021-09-07 2024-01-23 浙江三维利普维网络有限公司 Base station monitoring analysis method, device, system, electronic device and storage medium
CN114124555A (en) * 2021-11-29 2022-03-01 杭州迪普科技股份有限公司 Message playback method and device, electronic equipment and computer readable medium
CN114328190B (en) * 2021-12-13 2023-02-24 北京安博通科技股份有限公司 Method, system and server for automatically splitting IPS (in-plane switching) event
CN114466325A (en) * 2021-12-21 2022-05-10 天津光电通信技术有限公司 No. seven signaling analysis method and analysis platform based on x86 board card
CN114189568B (en) * 2022-02-14 2022-05-31 北京华御数观科技有限公司 Method and system for rapidly processing UDP (user Datagram protocol) data packet
CN114553559B (en) * 2022-02-25 2023-05-23 北京华云安信息技术有限公司 Method and device for modifying protocol data in router and readable storage medium
CN114666253A (en) * 2022-03-09 2022-06-24 成都安恒信息技术有限公司 Method and system for analyzing software and testing application based on data packet
CN116366346B (en) * 2023-04-04 2024-03-22 中国华能集团有限公司北京招标分公司 DNS traffic reduction method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102821217A (en) * 2012-07-29 2012-12-12 西北工业大学 VoIP flow detection method based on UDP (user datagram protocol) statistical fingerprint hybrid model
CN106302349A (en) * 2015-05-29 2017-01-04 北京京东尚科信息技术有限公司 Method and device analyzed by HTTP bag based on libpcap
US20170264663A1 (en) * 2013-03-14 2017-09-14 Cisco Technology, Inc. Method for streaming packet captures from network access devices to a cloud server over http
CN108287905A (en) * 2018-01-26 2018-07-17 华南理工大学 A kind of extraction of network flow feature and storage method

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100550787C (en) * 2006-08-29 2009-10-14 郑州威科姆技术开发有限公司 Network fault node diagnosis method
CN101146213B (en) * 2006-09-11 2010-05-12 思华科技(上海)有限公司 VoD network and ordering method
CN100570580C (en) * 2007-08-02 2009-12-16 中兴通讯股份有限公司 The proving installation of simple network management protocol software and method of testing thereof
CN101262491A (en) * 2008-04-02 2008-09-10 王京 Application layer network analysis method and system
CN101286896B (en) * 2008-06-05 2010-09-29 上海交通大学 IPSec VPN protocol drastic detecting method based on flows
CN101296227B (en) * 2008-06-19 2010-11-17 上海交通大学 IPSec VPN protocol depth detection method based on packet offset matching
CN101741908B (en) * 2009-12-25 2012-07-11 青岛朗讯科技通讯设备有限公司 Identification method for application layer protocol characteristic
CN102780675B (en) * 2011-05-09 2017-02-08 中兴通讯股份有限公司 Transmission method, device and system for streaming media service
US9426071B1 (en) * 2013-08-22 2016-08-23 Fireeye, Inc. Storing network bidirectional flow data and metadata with efficient processing technique
US10326803B1 (en) * 2014-07-30 2019-06-18 The University Of Tulsa System, method and apparatus for network security monitoring, information sharing, and collective intelligence
CN106301994B (en) * 2015-06-24 2023-11-03 北京京东尚科信息技术有限公司 Network communication abnormity testing method and device
CN106790402B (en) * 2016-11-29 2020-10-23 苏州浪潮智能科技有限公司 Parallel distribution method and system for middleware data of information system structure

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102821217A (en) * 2012-07-29 2012-12-12 西北工业大学 VoIP flow detection method based on UDP (user datagram protocol) statistical fingerprint hybrid model
US20170264663A1 (en) * 2013-03-14 2017-09-14 Cisco Technology, Inc. Method for streaming packet captures from network access devices to a cloud server over http
CN106302349A (en) * 2015-05-29 2017-01-04 北京京东尚科信息技术有限公司 Method and device analyzed by HTTP bag based on libpcap
CN108287905A (en) * 2018-01-26 2018-07-17 华南理工大学 A kind of extraction of network flow feature and storage method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YUAN, SHANGHUA: "UDP Network Packet Capture", COMPUTER PROGRAMMING SKILLS & MAINTENANCE, vol. 2013, no. 12, 18 June 2013 (2013-06-18), pages 72 - 73, XP055795779 *

Also Published As

Publication number Publication date
CN110661683A (en) 2020-01-07
CN110661683B (en) 2021-07-16

Similar Documents

Publication Publication Date Title
WO2021056400A1 (en) File analysis udp protocol method and apparatus based on pcap format
US10868730B2 (en) Methods, systems, and computer readable media for testing network elements of an in-band network telemetry capable network
US8260907B2 (en) Methods, systems and computer program products for triggered data collection and correlation of status and/or state in distributed data processing systems
US20070019559A1 (en) Voice over IP analysis system and method
CN112714047B (en) Industrial control protocol flow based test method, device, equipment and storage medium
US20060083180A1 (en) Packet analysis system
US20100262873A1 (en) Apparatus and method for dividing and displaying ip address
US7062680B2 (en) Expert system for protocols analysis
CN113055238B (en) Network detection method, platform and computer readable storage medium
CN111934936B (en) Network state detection method and device, electronic equipment and storage medium
CN110417801B (en) Server side identification method and device, equipment and storage medium
CN113825129A (en) Industrial internet asset mapping method under 5G network environment
Hoffman et al. Testing iptables
CN115174676A (en) Convergence and shunt method and related equipment thereof
van De Wiel et al. Enabling non-expert analysis of large volumes of intercepted network traffic
US8725901B2 (en) Analysis tool for intra-node application messaging
US9143414B2 (en) Scenario, call, and protocol data unit hierarchical comparator
CN106209456B (en) A kind of kernel state lower network fault detection method and device
CN107612848B (en) Debugging method and device and computer readable storage medium
CN116418567A (en) Network protocol security test system
US8484324B2 (en) Method and apparatus for dial plan debugging
JP4489489B2 (en) Signal analysis apparatus, signal analysis program, and signal analysis processing method
US10917326B1 (en) Methods, systems, and computer readable media for debugging test traffic generation
CN114328190B (en) Method, system and server for automatically splitting IPS (in-plane switching) event
EP4319094A1 (en) Control method and apparatus, and computing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19946536

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19946536

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 19946536

Country of ref document: EP

Kind code of ref document: A1