WO2022121660A1 - Method, apparatus and system for implementing remote automatic packet capture - Google Patents

Method, apparatus and system for implementing remote automatic packet capture Download PDF

Info

Publication number
WO2022121660A1
WO2022121660A1 PCT/CN2021/131762 CN2021131762W WO2022121660A1 WO 2022121660 A1 WO2022121660 A1 WO 2022121660A1 CN 2021131762 W CN2021131762 W CN 2021131762W WO 2022121660 A1 WO2022121660 A1 WO 2022121660A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet capture
remote
remote device
capture
packet
Prior art date
Application number
PCT/CN2021/131762
Other languages
French (fr)
Chinese (zh)
Inventor
杨娅娅
李胜平
姚瑞
章霞
Original Assignee
展讯半导体(成都)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 展讯半导体(成都)有限公司 filed Critical 展讯半导体(成都)有限公司
Publication of WO2022121660A1 publication Critical patent/WO2022121660A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the present invention relates to the technical field of wireless networks, and in particular, to a method, device and system for realizing remote automatic packet capture.
  • Wi-Fi technology is widely used due to its fast transmission speed and wide coverage.
  • the increasing number of wireless users also makes the wireless network environment more and more complex. Therefore, when a problem occurs in the wireless network, it is usually necessary to capture the frames transmitted in the wireless network to analyze the current network operation.
  • the traditional packet capture method requires technicians to build an environment on site to capture packets, which undoubtedly increases labor costs, and cannot analyze the current wireless network environment in a timely manner, resulting in poor real-time performance.
  • the implementation method, device and system for remote automatic packet capture provided by the present invention can realize automatic packet capture, save manpower input and improve work efficiency.
  • the present invention provides a method for realizing remote automatic packet capture.
  • the method is applied to a local master control device, and the method includes:
  • the establishing a connection with the remote device includes: establishing a connection with the remote device in a key-based SSH manner.
  • the packet capture files are classified into management frames, control frames and data frames according to categories, and are respectively stored in different folders.
  • the present invention provides a method for realizing remote automatic packet capture, the method is applied to a remote device, and the method includes:
  • the obtained packet capture file is sent back to the local master control device, so that the local master control device stores the packet capture file, parses and classifies the packet, and obtains frames of different types.
  • the filtering conditions include multi-level filtering parameters: the first level is the mode, the second level is the channel, the third level is the MAC address of the device, and the fourth level is the packet type, wherein the first level and the third level are the message types.
  • the second level is a mandatory parameter, and the third and fourth levels are optional parameters.
  • the trigger condition is a specific time period, a specific packet size or a specific frame.
  • the present invention provides a device for realizing remote automatic packet capture, the device is located in a local master control device, and the device includes:
  • a remote connection module for establishing a connection with a remote device
  • the automatic packet capture module is used to send an automatic packet capture command to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the captured packets will be captured.
  • the file is transferred back to the local master device;
  • the storage module is used to store the packet capture files returned by the remote device
  • the packet parsing module is used to parse and classify the packet capture files returned by the remote device to obtain different types of frames.
  • the packet capture files are classified into management frames, control frames and data frames according to categories, and are respectively stored in different folders.
  • the present invention provides an implementation device for remote automatic packet capture, the device is located in a remote device, and the device includes:
  • the command parsing module is used to parse the automatic packet capture command sent by the local main control device and start the packet capture;
  • the filtering module is used to capture packets according to the preset filtering conditions
  • the condition judgment module is used to judge whether to stop capturing packets according to the preset trigger conditions
  • the file transmission module is used to transmit the obtained packet capture file back to the local master control device after the condition judgment module determines that the packet capture is to be stopped, so that the local master control device can store and parse the packet capture file and classification to get frames of different classes.
  • the filtering conditions include multi-level filtering parameters: the first level is the mode, the second level is the channel, the third level is the MAC address of the device, and the fourth level is the packet type, wherein the first level and the third level are the message types.
  • the second level is a mandatory parameter, and the third and fourth levels are optional parameters.
  • the trigger condition is a specific time period, a specific packet size or a specific frame.
  • the present invention provides an implementation system for remote automatic packet capture, including a local master control device and a remote device, wherein,
  • the local master control device is used to establish a connection with the remote device, issue an automatic packet capture instruction to the remote device, store the packet capture file returned by the remote device, and perform analysis and classification to obtain different types of frames;
  • the remote device is used to parse the automatic packet capture instruction sent by the local main control device, start the packet capture, capture the packet according to the preset filter condition, and judge whether to stop the packet capture according to the preset trigger condition. After stopping the packet capture, send the obtained packet capture file back to the local master device.
  • the local main control device controls the remote device to actively start capturing packets, without the need to manually configure packet capture environment, which can save manpower investment and improve work efficiency;
  • the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs;
  • the local master device can run the automated program Unpack the wireless packets, automatically classify the captured wireless air interface packets, and store different types of packets in different folders, which is convenient to quickly locate the frames to be viewed, simplifies the follow-up work, and saves a lot of money. Labor costs.
  • FIG. 1 is a flowchart of a method for realizing remote automatic packet capture according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for realizing remote automatic packet capture according to another embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for realizing remote automatic packet capture according to yet another embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a device for implementing remote automatic packet capture according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an 802.11 radio frame
  • FIG. 6 is a schematic structural diagram of a device for implementing remote automatic packet capture according to another embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a system for realizing remote automatic packet capture according to an embodiment of the present invention.
  • An embodiment of the present invention provides a method for realizing remote automatic packet capture.
  • the method is applied to a local master control device. As shown in Figure 1, the method includes:
  • the local master device establishes a connection with the remote device.
  • the local main control device sends an automatic packet capture instruction to the remote device, so that the remote device captures packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, captures the captured packets.
  • the file is transferred back to the local master device.
  • the local master control device stores the packet capture file returned by the remote device.
  • the local main control device parses and classifies the packet capture file returned by the remote device, and obtains frames of different types.
  • the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; after the packet capture is completed, the local main control device can run an automated program to unpack the wireless packet, automatically classify the captured wireless air interface packets, and store different types of packets in different It is convenient and quick to locate the frames to be viewed, which simplifies the follow-up work and greatly saves labor costs.
  • An embodiment of the present invention provides a method for realizing remote automatic packet capture.
  • the method is applied to a remote device. As shown in FIG. 2 , the method includes:
  • the remote device parses the automatic packet capture instruction sent by the local master device, and starts packet capture.
  • the remote device captures packets according to preset filter conditions.
  • the remote device determines whether to stop capturing packets according to a preset trigger condition.
  • the remote device After judging that the packet capture is to be stopped, the remote device sends the obtained packet capture file back to the local master control device, so that the local master control device stores the packet capture file, parses and classifies it, and obtains different types of packet capture files. frame.
  • the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency;
  • the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs;
  • the local main control device can run an automated program to process wireless packets. Unpack and automatically classify the captured wireless air interface packets, and store different types of packets in different folders to facilitate and quickly locate the frames to be viewed, simplify subsequent work, and greatly save labor costs.
  • the implementation method of remote automatic packet capture in this embodiment includes:
  • the local master control PC and the remote PC establish a connection through the SSH (Secure Shell, secure shell) protocol.
  • SSH Secure Shell, secure shell
  • the local master control PC issues an automatic packet capture instruction, and controls the remote PC to start the packet capture.
  • the remote PC after receiving the automatic packet capture instruction sent by the master control PC, the remote PC captures packets according to preset filter conditions.
  • step S34 The remote PC determines whether to stop capturing packets according to a preset trigger condition, and if so, executes step S35, otherwise proceeds to step S33.
  • the remote PC sends the obtained packet capture file back to the local master control PC.
  • the local main control PC stores the packet capture file, parses and classifies it, and obtains frames of different types.
  • An embodiment of the present invention further provides a device for realizing remote automatic packet capture, where the device is located in a local master control device, as shown in FIG. 4 , the device includes:
  • a remote connection module 11 for establishing a connection with a remote device
  • the remote connection module 11 connects the remote device through the key-based SSH method, thereby realizing the control of the remote device.
  • the local master device generates a pair of key pairs in advance: a public key and a private key, and then puts the public key in the root directory of the remote device to be accessed, and then automatically generates the authorized_keys file to store the public key.
  • SSH method of key-based login you can save the step of entering a password.
  • the automatic packet capture module 12 is used to send an automatic packet capture instruction to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the captured packets are captured.
  • the package file is sent back to the local master device;
  • the corresponding packet capture parameters are configured on the local master control device, and then the automated packet capture script is run locally, and the command is sent to the remote device. After the remote device receives the automatic packet capture command sent by the local master device, The packet capture tool will be triggered to obtain wireless air interface packets in the environment.
  • the storage module 13 is used to store the packet capture file returned by the remote device
  • the remote device needs to send the packet capture result back to the local main control device, and the storage module is used to save the packet capture file returned by the remote device.
  • the packet parsing module 14 is used for parsing and classifying the packet capture files returned by the remote device to obtain frames of different types.
  • a packet analysis module is set to classify and store the captured packets.
  • the automation scripts are used to divide them into 3 categories: management frames, control frames, and data frames, and store them in different folders. If it is some specific problems, you can continue to refine the above three types of frames, which makes the analysis process convenient and fast. For example: STA
  • Figure 5 shows the structure of an 802.11 wireless frame.
  • the first two bytes are the frame control field.
  • the Type and Sub Type fields of the frame control field specify the type of the frame. 00 is a management frame, 01 is a control frame, and 10 is a data frame. . According to these two fields, all frames can be preliminarily classified into three categories. If you want to view a specific frame, you can search directionally according to the type of the frame, and you can quickly obtain the required information from many wireless frames. Also, once the package is sorted, it is automatically stored in a new folder, named according to its type.
  • the entire packet capture file can be subdivided into multiple sub-files, which can be quickly located to different folders according to user needs, which saves a lot of time and solves the problem of too many packets captured by wireshark, resulting in a large workload for subsequent analysis.
  • the problem is a problem.
  • deauth frame and reassociate frame For example, when conducting a Wi-Fi roaming test, generally only two key frames need to be concerned: deauth frame and reassociate frame. These two frames are management frames, so you can use the packet parsing module to filter out the management frames, and then filter out these two frames from the management frames. If there are reassociate request and reassociate response frames in the packet capture file and there is no deauth frame , the roaming is successful.
  • the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; after the packet capture is completed, the local main control device can run an automated program to unpack the wireless packet, automatically classify the captured wireless air interface packets, and store different types of packets in different It is convenient and quick to locate the frames to be viewed, which simplifies the follow-up work and greatly saves labor costs.
  • the apparatus of this embodiment can be used to implement the technical solution of the above-mentioned method embodiment corresponding to FIG. 1 , and the implementation principle and technical effect thereof are similar, which will not be repeated here.
  • An embodiment of the present invention further provides a device for realizing remote automatic packet capture, where the device is located in a remote device, as shown in FIG. 6 , the device includes:
  • the instruction parsing module 21 is used for parsing the automatic packet capturing instruction sent by the local main control device, and starting the packet capturing;
  • the communication between the local main control device and the remote device mainly depends on the interaction of commands.
  • the command parsing module 21 is responsible for processing the automatic packet capture command sent by the local main control device, and parses out key information and executes it.
  • the filtering module 22 is used to capture packets according to preset filtering conditions
  • the condition judgment module 23 is used for judging whether to stop capturing packets according to a preset trigger condition
  • Packet capture time If you only need to obtain the air interface status of a specific time period, you only need to set the packet capture time to the corresponding time;
  • Capture packet size If there is no special requirement, you can stop capturing packets after capturing a certain size of packets;
  • Specific frame Set the packet capture stop condition according to a certain frame. If the user only needs to capture a specific frame, set the frame as the condition for stopping packet capture. Once the wireless frame is captured, the packet capture will be stopped and the result will be returned.
  • the size of the period T can be dynamically adjusted according to different scenarios, and then periodically determine whether the condition for stopping packet capture is reached, if so, stop packet capture, otherwise, continue to capture wireless air interface packets.
  • the periodic detection scheme can not only judge whether the packet capture can be stopped, but also detect whether the packet capture process is interrupted.
  • the periodicity T can be set according to the empirical value. If theoretically one period T should stop, but it has not stopped after two periods of 2T, it means that there may be some problems in the process of capturing packets, so it is necessary to check the packet capture at this time. environment to avoid packet capture errors.
  • the file transmission module 24 is used to transmit the obtained packet capture file back to the local master control device after the condition judgment module determines that the packet capture is to be stopped, so that the local master control device stores the packet capture file and performs Parse and classify to get frames of different classes.
  • SFTP Secure File Transfer Protocol
  • SSH Secure File Transfer Protocol
  • SFTP Secure File Transfer Protocol
  • the port is the SSH port.
  • SFTP uses encryption to transmit authentication information and transmitted data, so using SFTP is very secure.
  • the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency;
  • the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs;
  • the local main control device can run an automated program to process wireless packets. Unpack and automatically classify the captured wireless air interface packets, and store different types of packets in different folders to facilitate and quickly locate the frames to be viewed, simplify subsequent work, and greatly save labor costs.
  • the apparatus of this embodiment can be used to execute the technical solution of the above-mentioned method embodiment corresponding to FIG. 2 , and the implementation principle and technical effect thereof are similar, which will not be repeated here.
  • An embodiment of the present invention also provides a system for realizing remote automatic packet capture. As shown in FIG. 7 , the system includes a local main control device 01 and a remote device 02, wherein,
  • the local main control device 01 includes a main control PC, which is used to establish a connection with the remote PC in the remote device 03 through the Internet 02, issue an automatic packet capture instruction to the remote PC, and store the captured packet file returned by the remote PC, And parse and classify to get frames of different categories;
  • the remote device 03 includes a remote PC, a router 031 and an intelligent device 032, and is used to parse the automatic packet capture instruction sent by the local master PC, start packet capture, and capture packets according to preset filtering conditions.
  • the trigger condition judges whether to stop the packet capture, and after judging to stop the packet capture, the obtained packet capture file is sent back to the main control PC.
  • the smart device 032 is connected to the router 031 wirelessly, and after the wireless network card is set to the monitor mode, the interaction information between the smart device 032 and the router 031 can be obtained.
  • the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency;
  • the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs;
  • the local main control device can run an automated program to process wireless packets. Unpack and automatically classify the captured wireless air interface packets, and store different types of packets in different folders to facilitate and quickly locate the frames to be viewed, simplify subsequent work, and greatly save labor costs.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

Abstract

Provided are a method, apparatus and system for implementing remote automatic packet capture. The method is applied to a local master control device. The method comprises: establishing a connection with a remote device; issuing an automatic packet capture instruction to the remote device, such that the remote device performs packet capture according to a preset filtering condition, and after it is determined, according to a preset trigger condition, that packet capture needs to be stopped, the remote device returns an acquired packet capture file to a local master control device; storing the packet capture file returned by the remote device; and parsing and classifying the packet capture file returned by the remote device, so as to obtain frames of different types. By means of the present invention, automatic packet capture can be implemented, thereby saving on labor input and improving working efficiency; and after packet capture is completed, a local master control device can run an automatic program to unpack wireless packets, automatically classify captured wireless air interface packets, and store packets of different types in different file folders, thereby facilitating quick positioning of a frame to be checked, simplifying subsequent work, and saving on labor costs.

Description

远程自动化抓包的实现方法、装置及系统Implementation method, device and system for remote automatic packet capture 技术领域technical field
本发明涉及无线网络技术领域,尤其涉及一种远程自动化抓包的实现方法、装置及系统。The present invention relates to the technical field of wireless networks, and in particular, to a method, device and system for realizing remote automatic packet capture.
背景技术Background technique
随着智能手机、平板电脑、智能家居的普遍使用,传统的上网方式已不能满足人们的日常生活,Wi-Fi技术凭借其传输速度快,覆盖范围广而得到广泛应用。不断增加的无线用户,也使得无线网络环境越来越复杂,因此,当无线网络出现问题时,通常需要捕获无线网络中传递的帧来分析当前网络的运作情况。传统的抓包方法,需要技术人员到现场搭建环境来进行抓包,这无疑增加了人力成本,也不能及时地分析当前无线网络环境,实时性较差。With the widespread use of smart phones, tablet computers, and smart homes, traditional Internet access methods can no longer meet people's daily lives. Wi-Fi technology is widely used due to its fast transmission speed and wide coverage. The increasing number of wireless users also makes the wireless network environment more and more complex. Therefore, when a problem occurs in the wireless network, it is usually necessary to capture the frames transmitted in the wireless network to analyze the current network operation. The traditional packet capture method requires technicians to build an environment on site to capture packets, which undoubtedly increases labor costs, and cannot analyze the current wireless network environment in a timely manner, resulting in poor real-time performance.
发明内容SUMMARY OF THE INVENTION
本发明提供的远程自动化抓包的实现方法、装置及系统,能够实现自动化抓包,节省人力投入,提高工作效率。The implementation method, device and system for remote automatic packet capture provided by the present invention can realize automatic packet capture, save manpower input and improve work efficiency.
第一方面,本发明提供一种远程自动化抓包的实现方法,所述方法应用于本地主控设备,所述方法包括:In a first aspect, the present invention provides a method for realizing remote automatic packet capture. The method is applied to a local master control device, and the method includes:
与远程设备建立连接;establish a connection with a remote device;
向远程设备下发自动抓包指令,以使远程设备根据预先设置的过滤条件进行抓包,并在根据预先设置的触发条件判断要停止抓包后将所获取的抓包文件传回本地主控设备;Send an automatic packet capture command to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the obtained packet capture file is sent back to the local master equipment;
对远程设备传回的抓包文件进行存储;Store the packet capture files returned by the remote device;
对远程设备传回的抓包文件进行解析和分类,得到不同类别的帧。Parse and classify the packet capture files returned by the remote device to obtain frames of different types.
可选地,所述与远程设备建立连接包括:通过基于密钥的SSH方式与远程设备建立连接。Optionally, the establishing a connection with the remote device includes: establishing a connection with the remote device in a key-based SSH manner.
可选地,所述抓包文件按类别分为管理帧、控制帧和数据帧,并分别存储在不同的文件夹中。Optionally, the packet capture files are classified into management frames, control frames and data frames according to categories, and are respectively stored in different folders.
第二方面,本发明提供一种远程自动化抓包的实现方法,所述方法应用于远程设备,所述方法包括:In a second aspect, the present invention provides a method for realizing remote automatic packet capture, the method is applied to a remote device, and the method includes:
对本地主控设备发送的自动抓包指令进行解析,启动抓包;Parse the automatic packet capture command sent by the local main control device and start the packet capture;
根据预先设置的过滤条件进行抓包;Capture packets according to preset filter conditions;
根据预先设置的触发条件判断是否要停止抓包;Determine whether to stop capturing packets according to the preset trigger conditions;
在判断要停止抓包后,将得到的抓包文件传回本地主控设备,以使本地主控设备对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。After judging to stop the packet capture, the obtained packet capture file is sent back to the local master control device, so that the local master control device stores the packet capture file, parses and classifies the packet, and obtains frames of different types.
可选地,所述过滤条件包括多级过滤参数:第一级为模式,第二级为信道,第三级为设备的MAC地址,第四级为报文类型,其中,第一级和第二级为必选参数,第三级和第四级为可选参数。Optionally, the filtering conditions include multi-level filtering parameters: the first level is the mode, the second level is the channel, the third level is the MAC address of the device, and the fourth level is the packet type, wherein the first level and the third level are the message types. The second level is a mandatory parameter, and the third and fourth levels are optional parameters.
可选地,所述触发条件为特定时间段、特定包大小或特定帧。Optionally, the trigger condition is a specific time period, a specific packet size or a specific frame.
第三方面,本发明提供一种远程自动化抓包的实现装置,所述装置位于本地主控设备,所述装置包括:In a third aspect, the present invention provides a device for realizing remote automatic packet capture, the device is located in a local master control device, and the device includes:
远程连接模块,用于与远程设备建立连接;A remote connection module for establishing a connection with a remote device;
自动化抓包模块,用于向远程设备发送自动抓包指令,以使远程设备根据预先设置的过滤条件进行抓包,并在根据预先设置的触发条件判断要停止抓包后将所获取的抓包文件传回本地主控设备;The automatic packet capture module is used to send an automatic packet capture command to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the captured packets will be captured. The file is transferred back to the local master device;
存储模块,用于对远程设备传回的抓包文件进行存储;The storage module is used to store the packet capture files returned by the remote device;
包解析模块,用于对远程设备传回的抓包文件进行解析和分类,得到不同 类别的帧。The packet parsing module is used to parse and classify the packet capture files returned by the remote device to obtain different types of frames.
可选地,所述抓包文件按类别分为管理帧、控制帧和数据帧,并分别存储在不同的文件夹中。Optionally, the packet capture files are classified into management frames, control frames and data frames according to categories, and are respectively stored in different folders.
第四方面,本发明提供一种远程自动化抓包的实现装置,所述装置位于远程设备,所述装置包括:In a fourth aspect, the present invention provides an implementation device for remote automatic packet capture, the device is located in a remote device, and the device includes:
指令解析模块,用于对本地主控设备发送的自动抓包指令进行解析,启动抓包;The command parsing module is used to parse the automatic packet capture command sent by the local main control device and start the packet capture;
过滤模块,用于根据预先设置的过滤条件进行抓包;The filtering module is used to capture packets according to the preset filtering conditions;
条件判断模块,用于根据预先设置的触发条件判断是否要停止抓包;The condition judgment module is used to judge whether to stop capturing packets according to the preset trigger conditions;
文件传输模块,用于在所述条件判断模块判断要停止抓包后,将得到的抓包文件传回本地主控设备,以使本地主控设备对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。The file transmission module is used to transmit the obtained packet capture file back to the local master control device after the condition judgment module determines that the packet capture is to be stopped, so that the local master control device can store and parse the packet capture file and classification to get frames of different classes.
可选地,所述过滤条件包括多级过滤参数:第一级为模式,第二级为信道,第三级为设备的MAC地址,第四级为报文类型,其中,第一级和第二级为必选参数,第三级和第四级为可选参数。Optionally, the filtering conditions include multi-level filtering parameters: the first level is the mode, the second level is the channel, the third level is the MAC address of the device, and the fourth level is the packet type, wherein the first level and the third level are the message types. The second level is a mandatory parameter, and the third and fourth levels are optional parameters.
可选地,所述触发条件为特定时间段、特定包大小或特定帧。Optionally, the trigger condition is a specific time period, a specific packet size or a specific frame.
第五方面,本发明提供一种远程自动化抓包的实现系统,包括本地主控设备和远程设备,其中,In a fifth aspect, the present invention provides an implementation system for remote automatic packet capture, including a local master control device and a remote device, wherein,
所述本地主控设备,用于与远程设备建立连接,向远程设备下发自动抓包指令,对远程设备传回的抓包文件进行存储,并进行解析和分类,得到不同类别的帧;The local master control device is used to establish a connection with the remote device, issue an automatic packet capture instruction to the remote device, store the packet capture file returned by the remote device, and perform analysis and classification to obtain different types of frames;
所述远程设备,用于对本地主控设备发送的自动抓包指令进行解析,启动抓包,根据预先设置的过滤条件进行抓包,根据预先设置的触发条件判断是否 要停止抓包,在判断要停止抓包后,将得到的抓包文件传回本地主控设备。The remote device is used to parse the automatic packet capture instruction sent by the local main control device, start the packet capture, capture the packet according to the preset filter condition, and judge whether to stop the packet capture according to the preset trigger condition. After stopping the packet capture, send the obtained packet capture file back to the local master device.
本发明实施例提供的远程自动化抓包的实现方法、装置及系统,本地主控设备与远程设备之间搭建好远程连接之后,本地主控设备控制远程设备主动开始抓包,无需人为配置抓包环境,从而可以节省人力投入,提高工作效率;远程设备设置有多个可选的停止抓包的触发条件,可根据不同的用户需求进行选择;抓包完成后,本地主控设备能够运行自动化程序对无线包进行解包,并对抓取到的无线空口包自动进行分类,将不同的类型的包存储在不同的文件夹中,方便快速定位需要查看的帧,简化了后续工作,大大节省了人力成本。In the implementation method, device, and system for remote automatic packet capture provided by the embodiments of the present invention, after a remote connection is established between the local main control device and the remote device, the local main control device controls the remote device to actively start capturing packets, without the need to manually configure packet capture environment, which can save manpower investment and improve work efficiency; the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs; after the packet capture is completed, the local master device can run the automated program Unpack the wireless packets, automatically classify the captured wireless air interface packets, and store different types of packets in different folders, which is convenient to quickly locate the frames to be viewed, simplifies the follow-up work, and saves a lot of money. Labor costs.
附图说明Description of drawings
图1为本发明一实施例远程自动化抓包的实现方法的流程图;1 is a flowchart of a method for realizing remote automatic packet capture according to an embodiment of the present invention;
图2为本发明另一实施例远程自动化抓包的实现方法的流程图;2 is a flowchart of a method for realizing remote automatic packet capture according to another embodiment of the present invention;
图3为本发明再一实施例远程自动化抓包的实现方法的流程图;3 is a flowchart of a method for realizing remote automatic packet capture according to yet another embodiment of the present invention;
图4为本发明一实施例远程自动化抓包的实现装置的结构示意图;4 is a schematic structural diagram of a device for implementing remote automatic packet capture according to an embodiment of the present invention;
图5为802.11无线帧的结构示意图;FIG. 5 is a schematic structural diagram of an 802.11 radio frame;
图6为本发明另一实施例远程自动化抓包的实现装置的结构示意图;6 is a schematic structural diagram of a device for implementing remote automatic packet capture according to another embodiment of the present invention;
图7为本发明一实施例远程自动化抓包的实现系统的结构示意图。FIG. 7 is a schematic structural diagram of a system for realizing remote automatic packet capture according to an embodiment of the present invention.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments It is only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
本发明实施例提供一种远程自动化抓包的实现方法,所述方法应用于本地 主控设备,如图1所示,所述方法包括:An embodiment of the present invention provides a method for realizing remote automatic packet capture. The method is applied to a local master control device. As shown in Figure 1, the method includes:
S11、本地主控设备与远程设备建立连接。S11. The local master device establishes a connection with the remote device.
S12、本地主控设备向远程设备下发自动抓包指令,以使远程设备根据预先设置的过滤条件进行抓包,并在根据预先设置的触发条件判断要停止抓包后将所获取的抓包文件传回本地主控设备。S12. The local main control device sends an automatic packet capture instruction to the remote device, so that the remote device captures packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, captures the captured packets. The file is transferred back to the local master device.
S13、本地主控设备对远程设备传回的抓包文件进行存储。S13. The local master control device stores the packet capture file returned by the remote device.
S14、本地主控设备对远程设备传回的抓包文件进行解析和分类,得到不同类别的帧。S14 , the local main control device parses and classifies the packet capture file returned by the remote device, and obtains frames of different types.
本发明实施例提供的远程自动化抓包的实现方法,本地主控设备与远程设备之间搭建好远程连接之后,本地主控设备控制远程设备主动开始抓包,无需人为配置抓包环境,从而可以节省人力投入,提高工作效率;抓包完成后,本地主控设备能够运行自动化程序对无线包进行解包,并对抓取到的无线空口包自动进行分类,将不同的类型的包存储在不同的文件夹中,方便快速定位需要查看的帧,简化了后续工作,大大节省了人力成本。In the method for realizing remote automatic packet capture provided by the embodiment of the present invention, after a remote connection is established between the local master control device and the remote device, the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; after the packet capture is completed, the local main control device can run an automated program to unpack the wireless packet, automatically classify the captured wireless air interface packets, and store different types of packets in different It is convenient and quick to locate the frames to be viewed, which simplifies the follow-up work and greatly saves labor costs.
本发明实施例提供一种远程自动化抓包的实现方法,所述方法应用于远程设备,如图2所示,所述方法包括:An embodiment of the present invention provides a method for realizing remote automatic packet capture. The method is applied to a remote device. As shown in FIG. 2 , the method includes:
S21、远程设备对本地主控设备发送的自动抓包指令进行解析,启动抓包。S21. The remote device parses the automatic packet capture instruction sent by the local master device, and starts packet capture.
S22、远程设备根据预先设置的过滤条件进行抓包。S22. The remote device captures packets according to preset filter conditions.
S23、远程设备根据预先设置的触发条件判断是否要停止抓包。S23. The remote device determines whether to stop capturing packets according to a preset trigger condition.
S21、在判断要停止抓包后,远程设备将得到的抓包文件传回本地主控设备,以使本地主控设备对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。S21. After judging that the packet capture is to be stopped, the remote device sends the obtained packet capture file back to the local master control device, so that the local master control device stores the packet capture file, parses and classifies it, and obtains different types of packet capture files. frame.
本发明实施例提供的远程自动化抓包的实现方法,本地主控设备与远程设 备之间搭建好远程连接之后,本地主控设备控制远程设备主动开始抓包,无需人为配置抓包环境,从而可以节省人力投入,提高工作效率;远程设备设置有多个可选的停止抓包的触发条件,可根据不同的用户需求进行选择;抓包完成后,本地主控设备能够运行自动化程序对无线包进行解包,并对抓取到的无线空口包自动进行分类,将不同的类型的包存储在不同的文件夹中,方便快速定位需要查看的帧,简化了后续工作,大大节省了人力成本。In the method for realizing remote automatic packet capture provided by the embodiment of the present invention, after a remote connection is established between the local master control device and the remote device, the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs; after the packet capture is completed, the local main control device can run an automated program to process wireless packets. Unpack and automatically classify the captured wireless air interface packets, and store different types of packets in different folders to facilitate and quickly locate the frames to be viewed, simplify subsequent work, and greatly save labor costs.
下面结合具体实施例对本发明远程自动化抓包的实现方法进行详细说明。The method for realizing remote automatic packet capture of the present invention will be described in detail below with reference to specific embodiments.
如图3所示,本实施例远程自动化抓包的实现方法包括:As shown in Figure 3, the implementation method of remote automatic packet capture in this embodiment includes:
S31、本地主控PC与远程PC通过SSH(Secure Shell,安全外壳)协议方式建立连接。S31. The local master control PC and the remote PC establish a connection through the SSH (Secure Shell, secure shell) protocol.
S32、本地主控PC下发自动抓包指令,控制远程PC启动抓包。S32, the local master control PC issues an automatic packet capture instruction, and controls the remote PC to start the packet capture.
S33、远程PC接收到主控PC下发的自动抓包指令后,根据预先设置的过滤条件进行抓包。S33 , after receiving the automatic packet capture instruction sent by the master control PC, the remote PC captures packets according to preset filter conditions.
S34、远程PC根据预先设置的触发条件判断是否要停止抓包,若是,则执行步骤S35,否则继续执行步骤S33。S34. The remote PC determines whether to stop capturing packets according to a preset trigger condition, and if so, executes step S35, otherwise proceeds to step S33.
S35、停止抓包。S35. Stop capturing packets.
S36、远程PC将得到的抓包文件传回本地主控PC。S36, the remote PC sends the obtained packet capture file back to the local master control PC.
S37、本地主控PC对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。S37 , the local main control PC stores the packet capture file, parses and classifies it, and obtains frames of different types.
本发明实施例还提供一种远程自动化抓包的实现装置,所述装置位于本地主控设备,如图4所示,所述装置包括:An embodiment of the present invention further provides a device for realizing remote automatic packet capture, where the device is located in a local master control device, as shown in FIG. 4 , the device includes:
远程连接模块11,用于与远程设备建立连接;a remote connection module 11 for establishing a connection with a remote device;
所述远程连接模块11通过基于密钥的SSH方式,连接远程设备,从而实现对 远程设备的控制。本地主控设备预先生成一对密钥对:公钥和私钥,然后把公钥放在需要访问的远程设备的根目录下,然后会自动生成authorized_keys文件,用于存放公钥。使用基于密钥登录的SSH方式,可以省去输入密码的步骤。The remote connection module 11 connects the remote device through the key-based SSH method, thereby realizing the control of the remote device. The local master device generates a pair of key pairs in advance: a public key and a private key, and then puts the public key in the root directory of the remote device to be accessed, and then automatically generates the authorized_keys file to store the public key. By using the SSH method of key-based login, you can save the step of entering a password.
自动化抓包模块12,用于向远程设备发送自动抓包指令,以使远程设备根据预先设置的过滤条件进行抓包,并在根据预先设置的触发条件判断要停止抓包后将所获取的抓包文件传回本地主控设备;The automatic packet capture module 12 is used to send an automatic packet capture instruction to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the captured packets are captured. The package file is sent back to the local master device;
由于远程环境中存在多个无线设备,因此不可避免地会遇到各种各样的问题,如掉线、无线客户端接收不到信号、无法连接无线信号、Wi-Fi网速慢等等。在遇到问题时,往往需要抓取无线网络中的空口包进行分析。因此,这里采用自动化的方式进行抓包。具体地,本地主控设备端配置好相应的抓包参数,然后在本地运行自动化抓包脚本,将指令下发给远程设备,远程设备接收到本地主控设备传送过来的自动抓包指令后,就会触发抓包工具获取环境中的无线空口包。Since there are multiple wireless devices in the remote environment, it is inevitable to encounter various problems, such as dropped calls, wireless clients cannot receive signals, cannot connect to wireless signals, slow Wi-Fi network speeds, and more. When encountering problems, it is often necessary to capture the air interface packets in the wireless network for analysis. Therefore, an automated way to capture packets is used here. Specifically, the corresponding packet capture parameters are configured on the local master control device, and then the automated packet capture script is run locally, and the command is sent to the remote device. After the remote device receives the automatic packet capture command sent by the local master device, The packet capture tool will be triggered to obtain wireless air interface packets in the environment.
存储模块13,用于对远程设备传回的抓包文件进行存储;The storage module 13 is used to store the packet capture file returned by the remote device;
抓包完成后,远程设备需将抓包结果传回本地主控设备,所述存储模块用以保存远程设备传回的抓包文件。After the packet capture is completed, the remote device needs to send the packet capture result back to the local main control device, and the storage module is used to save the packet capture file returned by the remote device.
包解析模块14,用于对远程设备传回的抓包文件进行解析和分类,得到不同类别的帧。The packet parsing module 14 is used for parsing and classifying the packet capture files returned by the remote device to obtain frames of different types.
由于无线网络环境中的无线设备较多,因此抓到的空口包是数量庞大且较为复杂的,如果不对其进行相应的处理,反而不利于从中过滤出有效信息。针对这种情况,并综合考虑无线帧的特性,设置包解析模块对抓包文件进行分类并存储。Since there are many wireless devices in the wireless network environment, the captured air interface packets are huge and complex. If they are not processed accordingly, it is not conducive to filtering out valid information from them. In view of this situation, and taking into account the characteristics of wireless frames, a packet analysis module is set to classify and store the captured packets.
具体地,如果用户没有特定需求,则使用自动化脚本将其分为3类:管理帧、 控制帧、数据帧,并存储在不同的文件夹中。如果是一些特定问题,还可以继续对以上三类帧进行细化,从而使得分析过程变得方便快捷。例如:STASpecifically, if the user has no specific requirements, the automation scripts are used to divide them into 3 categories: management frames, control frames, and data frames, and store them in different folders. If it is some specific problems, you can continue to refine the above three types of frames, which makes the analysis process convenient and fast. For example: STA
(station,站点)端获取IP地址过程中出现问题时,这时候只需要从数据帧过滤出DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)帧即可。When there is a problem in the process of obtaining the IP address at the (station, station) end, it is only necessary to filter out the DHCP (Dynamic Host Configuration Protocol) frame from the data frame.
图5是802.11无线帧的结构,前两个字节为帧控制字段,在帧控制字段的Type和Sub Type字段,指定了帧的类型,00为管理帧,01为控制帧,10为数据帧。根据这两个字段,可以初步将所有帧分为三类。如果要查看具体某个帧,则可以根据该帧的类型,定向查找,可以从众多无线帧中快速获取所需的信息。此外,完成包的分类后,会自动将其存储在一个新的文件夹中,并根据其类型进行命名。通过这种方式,可以将整个抓包文件,细分为多个子文件,根据用户需要,快速定位到不同的文件夹,节省了大量时间,解决了wireshark抓包过多,导致后续分析工作量大的问题。Figure 5 shows the structure of an 802.11 wireless frame. The first two bytes are the frame control field. The Type and Sub Type fields of the frame control field specify the type of the frame. 00 is a management frame, 01 is a control frame, and 10 is a data frame. . According to these two fields, all frames can be preliminarily classified into three categories. If you want to view a specific frame, you can search directionally according to the type of the frame, and you can quickly obtain the required information from many wireless frames. Also, once the package is sorted, it is automatically stored in a new folder, named according to its type. In this way, the entire packet capture file can be subdivided into multiple sub-files, which can be quickly located to different folders according to user needs, which saves a lot of time and solves the problem of too many packets captured by wireshark, resulting in a large workload for subsequent analysis. The problem.
例如,在进行Wi-Fi漫游测试时,一般只需要关注两个关键帧:deauth帧以及reassociate帧。这两个帧都属于管理帧,因此可以先利用包解析模块过滤出管理帧,然后再从管理帧中过滤出这两种帧,如果抓包文件中有reassociate request和reassociate reponse帧且没有deauth帧,则说明漫游成功。For example, when conducting a Wi-Fi roaming test, generally only two key frames need to be concerned: deauth frame and reassociate frame. These two frames are management frames, so you can use the packet parsing module to filter out the management frames, and then filter out these two frames from the management frames. If there are reassociate request and reassociate response frames in the packet capture file and there is no deauth frame , the roaming is successful.
本发明实施例提供的远程自动化抓包的实现装置,本地主控设备与远程设备之间搭建好远程连接之后,本地主控设备控制远程设备主动开始抓包,无需人为配置抓包环境,从而可以节省人力投入,提高工作效率;抓包完成后,本地主控设备能够运行自动化程序对无线包进行解包,并对抓取到的无线空口包自动进行分类,将不同的类型的包存储在不同的文件夹中,方便快速定位需要查看的帧,简化了后续工作,大大节省了人力成本。In the implementation device for remote automatic packet capture provided by the embodiment of the present invention, after a remote connection is established between the local master control device and the remote device, the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; after the packet capture is completed, the local main control device can run an automated program to unpack the wireless packet, automatically classify the captured wireless air interface packets, and store different types of packets in different It is convenient and quick to locate the frames to be viewed, which simplifies the follow-up work and greatly saves labor costs.
本实施例的装置,可以用于执行上述图1对应方法实施例的技术方案,其 实现原理和技术效果类似,此处不再赘述。The apparatus of this embodiment can be used to implement the technical solution of the above-mentioned method embodiment corresponding to FIG. 1 , and the implementation principle and technical effect thereof are similar, which will not be repeated here.
本发明实施例还提供一种远程自动化抓包的实现装置,所述装置位于远程设备,如图6所示,所述装置包括:An embodiment of the present invention further provides a device for realizing remote automatic packet capture, where the device is located in a remote device, as shown in FIG. 6 , the device includes:
指令解析模块21,用于对本地主控设备发送的自动抓包指令进行解析,启动抓包;The instruction parsing module 21 is used for parsing the automatic packet capturing instruction sent by the local main control device, and starting the packet capturing;
本地主控设备和远程设备的通信主要依靠于指令的交互,指令解析模块21负责对本地主控设备传送过来的自动抓包指令进行处理,从中解析出关键信息并执行。The communication between the local main control device and the remote device mainly depends on the interaction of commands. The command parsing module 21 is responsible for processing the automatic packet capture command sent by the local main control device, and parses out key information and executes it.
过滤模块22,用于根据预先设置的过滤条件进行抓包;The filtering module 22 is used to capture packets according to preset filtering conditions;
远程环境中的无线设备较多时,此时会存在大量的无线数据交互,如果在抓包之前不进行过滤,将会抓到很多无用包,浪费资源。因此,在抓包之前需要设置过滤条件,从而抓取符合条件的包。过滤条件采用多级过滤参数,可根据不同场景进行选择。其中,第一级为模式,mode={bgn,ac,…},第二级为信道,channel={1~13,36~44,149~165},第三级为所关注设备的MAC地址,第四级为报文类型。其中,第一级和第二级为必选参数,第三级和第四级为可选参数。When there are many wireless devices in the remote environment, there will be a lot of wireless data interaction at this time. If no filtering is performed before capturing packets, a lot of useless packets will be captured and resources will be wasted. Therefore, filter conditions need to be set before capturing packets, so as to capture eligible packets. The filter conditions use multi-level filter parameters, which can be selected according to different scenarios. Among them, the first level is the mode, mode={bgn, ac, ...}, the second level is the channel, channel={1~13, 36~44, 149~165}, the third level is the MAC address of the concerned device , and the fourth level is the message type. Among them, the first and second levels are mandatory parameters, and the third and fourth levels are optional parameters.
条件判断模块23,用于根据预先设置的触发条件判断是否要停止抓包;The condition judgment module 23 is used for judging whether to stop capturing packets according to a preset trigger condition;
由于不同场景下,对所抓取的包要求也不相同,因此需要提前在脚本中设置多个可选的停止抓包的触发条件。在实际工作中,可根据不同的场景需求进行选择,或根据抓包时间,或根据抓包的大小,或者是根据某个帧等等。Since the requirements for the captured packets are different in different scenarios, it is necessary to set multiple optional trigger conditions for stopping packet capture in the script in advance. In actual work, it can be selected according to different scene requirements, or according to the time of packet capture, or according to the size of the captured packet, or according to a certain frame and so on.
抓包时间:如果只需要获取某个特定时间段的空口情况,则只需要将抓包时间设置为相对应的时间;Packet capture time: If you only need to obtain the air interface status of a specific time period, you only need to set the packet capture time to the corresponding time;
抓包大小:如果没有特殊的需求,那么就可以在抓取到一定大小的包后, 停止抓包;Capture packet size: If there is no special requirement, you can stop capturing packets after capturing a certain size of packets;
特定帧:根据某个帧设置抓包停止条件。如果用户只需要抓取某个特定帧,则将该帧设置为停止抓包的条件,一旦抓取到该无线帧,就停止抓包,并返回结果。Specific frame: Set the packet capture stop condition according to a certain frame. If the user only needs to capture a specific frame, set the frame as the condition for stopping packet capture. Once the wireless frame is captured, the packet capture will be stopped and the result will be returned.
具体地,可以根据不同的场景动态调整周期T的大小,然后再周期性地判断是否达到停止抓包的条件,如果达到,则停止抓包,否则,继续抓取无线空口包。周期性检测方案不仅可以判断是否可以停止抓包,还可以检测抓包过程是否中断。周期性T可以根据经验值设置,如果理论上1个周期T就应该停止,但超过两个周期2T还未停止,则说明抓包过程中可能出现了一些问题,因此这个时候就需要排查抓包环境,避免抓包出错。Specifically, the size of the period T can be dynamically adjusted according to different scenarios, and then periodically determine whether the condition for stopping packet capture is reached, if so, stop packet capture, otherwise, continue to capture wireless air interface packets. The periodic detection scheme can not only judge whether the packet capture can be stopped, but also detect whether the packet capture process is interrupted. The periodicity T can be set according to the empirical value. If theoretically one period T should stop, but it has not stopped after two periods of 2T, it means that there may be some problems in the process of capturing packets, so it is necessary to check the packet capture at this time. environment to avoid packet capture errors.
文件传输模块24,用于在所述条件判断模块判断要停止抓包后,将得到的抓包文件传回本地主控设备,以使本地主控设备对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。The file transmission module 24 is used to transmit the obtained packet capture file back to the local master control device after the condition judgment module determines that the packet capture is to be stopped, so that the local master control device stores the packet capture file and performs Parse and classify to get frames of different classes.
抓包停止后,使用SFTP(Secure File Transfer Protocol,安全文件传输协议)的方式将抓包文件传回本地主控设备。在SSH软件包中,已经包含了一个叫作SFTP的安全文件信息传输子系统,SFTP是SSH的一部分,无需额外配置,端口使用的是SSH端口。SFTP是使用加密传输认证信息和传输的数据,所以,使用SFTP是非常安全的。After the packet capture is stopped, use the SFTP (Secure File Transfer Protocol) method to transfer the packet capture file back to the local master device. In the SSH package, a secure file information transfer subsystem called SFTP is already included. SFTP is a part of SSH and requires no additional configuration. The port is the SSH port. SFTP uses encryption to transmit authentication information and transmitted data, so using SFTP is very secure.
本发明实施例提供的远程自动化抓包的实现装置,本地主控设备与远程设备之间搭建好远程连接之后,本地主控设备控制远程设备主动开始抓包,无需人为配置抓包环境,从而可以节省人力投入,提高工作效率;远程设备设置有多个可选的停止抓包的触发条件,可根据不同的用户需求进行选择;抓包完成后,本地主控设备能够运行自动化程序对无线包进行解包,并对抓取到的无线 空口包自动进行分类,将不同的类型的包存储在不同的文件夹中,方便快速定位需要查看的帧,简化了后续工作,大大节省了人力成本。In the implementation device for remote automatic packet capture provided by the embodiment of the present invention, after a remote connection is established between the local master control device and the remote device, the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs; after the packet capture is completed, the local main control device can run an automated program to process wireless packets. Unpack and automatically classify the captured wireless air interface packets, and store different types of packets in different folders to facilitate and quickly locate the frames to be viewed, simplify subsequent work, and greatly save labor costs.
本实施例的装置,可以用于执行上述图2对应方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The apparatus of this embodiment can be used to execute the technical solution of the above-mentioned method embodiment corresponding to FIG. 2 , and the implementation principle and technical effect thereof are similar, which will not be repeated here.
本发明实施例还提供一种远程自动化抓包的实现系统,如图7所示,所述系统包括本地主控设备01和远程设备02,其中,An embodiment of the present invention also provides a system for realizing remote automatic packet capture. As shown in FIG. 7 , the system includes a local main control device 01 and a remote device 02, wherein,
所述本地主控设备01包括主控PC,用于通过互联网02与远程设备03中的远程PC建立连接,向远程PC下发自动抓包指令,对远程PC传回的抓包文件进行存储,并进行解析和分类,得到不同类别的帧;The local main control device 01 includes a main control PC, which is used to establish a connection with the remote PC in the remote device 03 through the Internet 02, issue an automatic packet capture instruction to the remote PC, and store the captured packet file returned by the remote PC, And parse and classify to get frames of different categories;
所述远程设备03包括远程PC、路由器031和智能设备032,用于对本地主控PC发送的自动抓包指令进行解析,启动抓包,根据预先设置的过滤条件进行抓包,根据预先设置的触发条件判断是否要停止抓包,在判断要停止抓包后,将得到的抓包文件传回主控PC。The remote device 03 includes a remote PC, a router 031 and an intelligent device 032, and is used to parse the automatic packet capture instruction sent by the local master PC, start packet capture, and capture packets according to preset filtering conditions. The trigger condition judges whether to stop the packet capture, and after judging to stop the packet capture, the obtained packet capture file is sent back to the main control PC.
其中,智能设备032通过无线方式连接到路由器031,将无线网卡设置为监听模式后,就可以获取到智能设备032与路由器031之间的交互信息。The smart device 032 is connected to the router 031 wirelessly, and after the wireless network card is set to the monitor mode, the interaction information between the smart device 032 and the router 031 can be obtained.
本发明实施例提供的远程自动化抓包的实现系统,本地主控设备与远程设备之间搭建好远程连接之后,本地主控设备控制远程设备主动开始抓包,无需人为配置抓包环境,从而可以节省人力投入,提高工作效率;远程设备设置有多个可选的停止抓包的触发条件,可根据不同的用户需求进行选择;抓包完成后,本地主控设备能够运行自动化程序对无线包进行解包,并对抓取到的无线空口包自动进行分类,将不同的类型的包存储在不同的文件夹中,方便快速定位需要查看的帧,简化了后续工作,大大节省了人力成本。In the implementation system for remote automatic packet capture provided by the embodiment of the present invention, after a remote connection is established between the local master control device and the remote device, the local master control device controls the remote device to actively start capturing packets, without the need to manually configure the packet capture environment, so that the Save manpower investment and improve work efficiency; the remote device is set with multiple optional trigger conditions for stopping packet capture, which can be selected according to different user needs; after the packet capture is completed, the local main control device can run an automated program to process wireless packets. Unpack and automatically classify the captured wireless air interface packets, and store different types of packets in different folders to facilitate and quickly locate the frames to be viewed, simplify subsequent work, and greatly save labor costs.
本领域普通技术人员可以理解实现上述方法实施例中的全部或部分流程, 是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the above method embodiments can be implemented by instructing relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. During execution, the processes of the embodiments of the above-mentioned methods may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art who is familiar with the technical scope disclosed by the present invention can easily think of changes or substitutions. All should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (12)

  1. 一种远程自动化抓包的实现方法,所述方法应用于本地主控设备,其特征在于,所述方法包括:A method for realizing remote automatic packet capture, the method being applied to a local master control device, characterized in that the method comprises:
    与远程设备建立连接;establish a connection with a remote device;
    向远程设备下发自动抓包指令,以使远程设备根据预先设置的过滤条件进行抓包,并在根据预先设置的触发条件判断要停止抓包后将所获取的抓包文件传回本地主控设备;Send an automatic packet capture command to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the obtained packet capture file is sent back to the local master equipment;
    对远程设备传回的抓包文件进行存储;Store the packet capture files returned by the remote device;
    对远程设备传回的抓包文件进行解析和分类,得到不同类别的帧。Parse and classify the packet capture files returned by the remote device to obtain frames of different types.
  2. 根据权利要求1所述的方法,其特征在于,所述与远程设备建立连接包括:通过基于密钥的SSH方式与远程设备建立连接。The method according to claim 1, wherein the establishing a connection with the remote device comprises: establishing a connection with the remote device in a key-based SSH manner.
  3. 根据权利要求1或2所述的方法,其特征在于,所述抓包文件按类别分为管理帧、控制帧和数据帧,并分别存储在不同的文件夹中。The method according to claim 1 or 2, wherein the packet capture files are divided into management frames, control frames and data frames according to categories, and are respectively stored in different folders.
  4. 一种远程自动化抓包的实现方法,所述方法应用于远程设备,其特征在于,所述方法包括:A method for realizing remote automatic packet capture, the method being applied to a remote device, characterized in that the method comprises:
    对本地主控设备发送的自动抓包指令进行解析,启动抓包;Parse the automatic packet capture command sent by the local master device, and start the packet capture;
    根据预先设置的过滤条件进行抓包;Capture packets according to preset filter conditions;
    根据预先设置的触发条件判断是否要停止抓包;Determine whether to stop capturing packets according to the preset trigger conditions;
    在判断要停止抓包后,将得到的抓包文件传回本地主控设备,以使本地主控设备对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。After judging to stop the packet capture, the obtained packet capture file is sent back to the local master control device, so that the local master control device stores the packet capture file, parses and classifies it, and obtains frames of different types.
  5. 根据权利要求4所述的方法,其特征在于,所述过滤条件包括多级过滤参数:第一级为模式,第二级为信道,第三级为设备的MAC地址,第四级为报文类型,其中,第一级和第二级为必选参数,第三级和第四级为可选参数。The method according to claim 4, wherein the filtering conditions include multi-level filtering parameters: the first level is the mode, the second level is the channel, the third level is the MAC address of the device, and the fourth level is the message Type, where the first and second levels are mandatory parameters, and the third and fourth levels are optional parameters.
  6. 根据权利要求4或5所述的方法,其特征在于,所述触发条件为特定时间段、特定包大小或特定帧。The method according to claim 4 or 5, wherein the trigger condition is a specific time period, a specific packet size or a specific frame.
  7. 一种远程自动化抓包的实现装置,所述装置位于本地主控设备,其特征在于,所述装置包括:A device for realizing remote automatic packet capture, the device is located in a local master control device, characterized in that the device comprises:
    远程连接模块,用于与远程设备建立连接;Remote connection module, used to establish connection with remote equipment;
    自动化抓包模块,用于向远程设备发送自动抓包指令,以使远程设备根据预先设置的过滤条件进行抓包,并在根据预先设置的触发条件判断要停止抓包后将所获取的抓包文件传回本地主控设备;The automatic packet capture module is used to send an automatic packet capture command to the remote device, so that the remote device can capture packets according to the preset filter conditions, and after judging to stop the packet capture according to the preset trigger conditions, the captured packets will be captured. The file is transferred back to the local master device;
    存储模块,用于对远程设备传回的抓包文件进行存储;The storage module is used to store the packet capture files returned by the remote device;
    包解析模块,用于对远程设备传回的抓包文件进行解析和分类,得到不同类别的帧。The packet parsing module is used to parse and classify the packet capture files returned by the remote device to obtain different types of frames.
  8. 根据权利要求7所述的装置,其特征在于,所述抓包文件按类别分为管理帧、控制帧和数据帧,并分别存储在不同的文件夹中。The device according to claim 7, wherein the packet capture files are classified into management frames, control frames and data frames according to categories, and are respectively stored in different folders.
  9. 一种远程自动化抓包的实现装置,所述装置位于远程设备,其特征在于,所述装置包括:A device for realizing remote automatic packet capture, the device is located in a remote device, wherein the device comprises:
    指令解析模块,用于对本地主控设备发送的自动抓包指令进行解析,启动抓包;The command parsing module is used to parse the automatic packet capture command sent by the local main control device and start the packet capture;
    过滤模块,用于根据预先设置的过滤条件进行抓包;The filtering module is used to capture packets according to the preset filtering conditions;
    条件判断模块,用于根据预先设置的触发条件判断是否要停止抓包;The condition judgment module is used to judge whether to stop capturing packets according to the preset trigger conditions;
    文件传输模块,用于在所述条件判断模块判断要停止抓包后,将得到的抓包文件传回本地主控设备,以使本地主控设备对所述抓包文件进行存储,并进行解析和分类,得到不同类别的帧。The file transmission module is used to transmit the obtained packet capture file back to the local master control device after the condition judgment module determines that the packet capture is to be stopped, so that the local master control device can store and parse the packet capture file and classification to get frames of different classes.
  10. 根据权利要求9所述的装置,其特征在于,所述过滤条件包括多级过滤 参数:第一级为模式,第二级为信道,第三级为设备的MAC地址,第四级为报文类型,其中,第一级和第二级为必选参数,第三级和第四级为可选参数。The device according to claim 9, wherein the filtering conditions include multi-level filtering parameters: the first level is the mode, the second level is the channel, the third level is the MAC address of the device, and the fourth level is the message Type, where the first and second levels are mandatory parameters, and the third and fourth levels are optional parameters.
  11. 根据权利要求9或10所述的装置,其特征在于,所述触发条件为特定时间段、特定包大小或特定帧。The apparatus according to claim 9 or 10, wherein the trigger condition is a specific time period, a specific packet size or a specific frame.
  12. 一种远程自动化抓包的实现系统,其特征在于,包括本地主控设备和远程设备,其中,A realization system for remote automatic packet capture, characterized in that it includes a local master control device and a remote device, wherein,
    所述本地主控设备,用于与远程设备建立连接,向远程设备下发自动抓包指令,对远程设备传回的抓包文件进行存储,并进行解析和分类,得到不同类别的帧;The local master control device is used to establish a connection with the remote device, issue an automatic packet capture instruction to the remote device, store the packet capture file returned by the remote device, and perform analysis and classification to obtain different types of frames;
    所述远程设备,用于对本地主控设备发送的自动抓包指令进行解析,启动抓包,根据预先设置的过滤条件进行抓包,根据预先设置的触发条件判断是否要停止抓包,在判断要停止抓包后,将得到的抓包文件传回本地主控设备。The remote device is used to parse the automatic packet capture instruction sent by the local main control device, start the packet capture, capture the packet according to the preset filter condition, and judge whether to stop the packet capture according to the preset trigger condition. After stopping the packet capture, send the obtained packet capture file back to the local master device.
PCT/CN2021/131762 2020-12-10 2021-11-19 Method, apparatus and system for implementing remote automatic packet capture WO2022121660A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011436759.6 2020-12-10
CN202011436759.6A CN112688916A (en) 2020-12-10 2020-12-10 Method, device and system for realizing remote automatic packet capturing

Publications (1)

Publication Number Publication Date
WO2022121660A1 true WO2022121660A1 (en) 2022-06-16

Family

ID=75447562

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/131762 WO2022121660A1 (en) 2020-12-10 2021-11-19 Method, apparatus and system for implementing remote automatic packet capture

Country Status (2)

Country Link
CN (1) CN112688916A (en)
WO (1) WO2022121660A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112688916A (en) * 2020-12-10 2021-04-20 展讯半导体(成都)有限公司 Method, device and system for realizing remote automatic packet capturing
CN116155682A (en) * 2021-11-23 2023-05-23 中兴通讯股份有限公司 Data packet capturing method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1705266A (en) * 2004-05-29 2005-12-07 华为技术有限公司 Method for acquiring specified message from remote and uses and system thereof
US20060179432A1 (en) * 2005-02-04 2006-08-10 Randall Walinga System and method for controlling and monitoring an application in a network
CN102412999A (en) * 2011-12-23 2012-04-11 华为技术有限公司 Packet capturing based remote fault location method, system and device
CN112688916A (en) * 2020-12-10 2021-04-20 展讯半导体(成都)有限公司 Method, device and system for realizing remote automatic packet capturing

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101114932B (en) * 2006-07-27 2012-09-19 华为数字技术有限公司 Method and system for implementing remote capturing packet
CN101170491A (en) * 2007-11-22 2008-04-30 中兴通讯股份有限公司 A packet snapping method for network interface board
CN102594702B (en) * 2012-03-16 2015-09-02 上海大亚科技有限公司 The system and method for network packet crawl is realized based on embedded radio equipment
US10673881B2 (en) * 2016-08-11 2020-06-02 Hopzero, Inc. Method and system for limiting the range of data transmissions
CN106506653A (en) * 2016-11-15 2017-03-15 汉柏科技有限公司 Packet snapping method and device
CN108512709A (en) * 2017-02-24 2018-09-07 中兴通讯股份有限公司 A kind of method and device of wlan network monitoring
CN109451348A (en) * 2018-10-29 2019-03-08 视联动力信息技术股份有限公司 A kind of video flow detection method and apparatus
CN110071847A (en) * 2019-03-20 2019-07-30 深圳市飞比电子科技有限公司 Message processing method, device, terminal device and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1705266A (en) * 2004-05-29 2005-12-07 华为技术有限公司 Method for acquiring specified message from remote and uses and system thereof
US20060179432A1 (en) * 2005-02-04 2006-08-10 Randall Walinga System and method for controlling and monitoring an application in a network
CN102412999A (en) * 2011-12-23 2012-04-11 华为技术有限公司 Packet capturing based remote fault location method, system and device
CN112688916A (en) * 2020-12-10 2021-04-20 展讯半导体(成都)有限公司 Method, device and system for realizing remote automatic packet capturing

Also Published As

Publication number Publication date
CN112688916A (en) 2021-04-20

Similar Documents

Publication Publication Date Title
WO2022121660A1 (en) Method, apparatus and system for implementing remote automatic packet capture
WO2020135575A1 (en) System and method for obtaining network topology, and server
CN111917727A (en) Electric power Internet of things safety intelligent image transmission system and method based on 5G and WiFi
CN103475751B (en) A kind of method and device of IP address switching
WO2017097023A1 (en) Perception-free authentication method and system, and control method and system based on method
CN111585771B (en) Centralized authentication system of Internet of things equipment based on U2F physical token
WO2010105443A1 (en) Managed unit device, self-optimization method and system
WO2016101545A1 (en) Device management method, apparatus, and system
WO2022116953A1 (en) Packet processing method, device, system, and storage medium
WO2019237683A1 (en) Protocol packet, and method for managing virtual client terminal device
US11843671B1 (en) Apparatuses, computer-implemented methods, and computer program products for improved multi-user channel management
CN109245953A (en) A kind of network collocating method and device
CN106230640B (en) Security rule port configuration method and device
CN113630418B (en) Network service identification method, device, equipment and medium
US20240089178A1 (en) Network service processing method, system, and gateway device
CN108184091B (en) Video monitoring equipment deployment method and device
CN111224891B (en) Flow application identification system and method based on dynamic learning triples
WO2018196463A1 (en) Method and apparatus for network access, storage medium, and processor
US20230413120A1 (en) Methods and systems for communication session management
CN110768870B (en) Quality monitoring method and device for intelligent special line
WO2021226784A1 (en) Node configuration method and apparatus, distributed system, and computer readable medium
WO2023155699A1 (en) Method and apparatus for mining security vulnerability of air interface protocol, and mobile terminal
CN108040031A (en) One kind is based on portal protocol realization AC black and white lists control methods
US11411797B2 (en) Device management method and related device
CN113608778A (en) Application management method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21902367

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21902367

Country of ref document: EP

Kind code of ref document: A1