CN106817353A - For MAC collections and the wireless aps and method of network security audit - Google Patents

For MAC collections and the wireless aps and method of network security audit Download PDF

Info

Publication number
CN106817353A
CN106817353A CN201510863097.3A CN201510863097A CN106817353A CN 106817353 A CN106817353 A CN 106817353A CN 201510863097 A CN201510863097 A CN 201510863097A CN 106817353 A CN106817353 A CN 106817353A
Authority
CN
China
Prior art keywords
mobile terminal
wifi
protocol
mac
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510863097.3A
Other languages
Chinese (zh)
Inventor
肖丹
黄洪发
李斌辉
马啸尘
张东升
景晓军
沈智杰
唐新民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SURFILTER NETWORK TECHNOLOGY Co Ltd
Original Assignee
SURFILTER NETWORK TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SURFILTER NETWORK TECHNOLOGY Co Ltd filed Critical SURFILTER NETWORK TECHNOLOGY Co Ltd
Priority to CN201510863097.3A priority Critical patent/CN106817353A/en
Publication of CN106817353A publication Critical patent/CN106817353A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • H04W48/10Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of wireless aps gathered for MAC with network security audit, including:WIFI module, WIFI network is accessed for detecting claim frame by periodically peripherad mobile terminal broadcast beacon frame or according to the broadcast from mobile terminal by mobile terminal;MAC collection apparatus modules, for after mobile terminal is accessed WIFI network by WIFI module, gathering the WIFI communication data packets from mobile terminal, the MAC Address of mobile terminal are extracted from the BSSID fields in WIFI communication data packets;Network security audit module, the Internet data for gathering the mobile terminal for accessing WIFI network generates user behaviors log and uploads to cloud platform.The function of WIFI coverings, MAC Address collection and network security audit is realized by 1 equipment, it is simple and convenient, and saved cost.It is that public security officer handles a case and gives a clue and support in the future additionally, after by the parsing of the Internet data of user, the user behaviors log and corresponding MAC Address that will be produced are sent to cloud platform simultaneously.

Description

For MAC collections and the wireless aps and method of network security audit
Technical field
Examined with network security the present invention relates to wireless communication technology field, more particularly to a kind of collection for MAC The wireless aps and method of meter.
Background technology
MAC (Media Access Control) address, or be MAC address, hardware address, it is for marking Know the unique identities of the network equipment, gathered by special MAC collecting devices.
Network security audit (Audit) refer to according to certain security strategy, using record, system activity and The information such as User Activity, inspection, examination and environment and the activity of checked operation event, so as to find that system is leaked The process in hole, intrusion behavior or improvement systematic function, is also to examine assessment system security risk and take corresponding One process of measure.In the prior art, it is also to be realized by special network security audit equipment.
Wireless aps are the access points that mobile computer user enters cable network, are mainly used in business WiFi, Inside food and drink, coffee shop, inside buildings and garden, typical range covers tens meters to rice up to a hundred, application Extensively.Current wireless aps provide the user merely WIFI functions mostly, can not gather by WIFI The MAC Address of the user terminal of online, with less the network security audit work(of monitoring user's internet behavior Can, if to provide WIFI coverings, MAC Address collection and network security audit simultaneously in a place Three kinds of functions, then need 3 equipment to realize simultaneously, is inconvenient.
The content of the invention
It is an object of the invention to provide a kind of for wireless aps of the MAC collections with network security audit and side Method is to be capable of achieving WIFI coverings, MAC Address to gather and network security audit with by a wireless aps Function, it is simple and convenient.
In order to achieve the above object, the technical scheme of use is the present invention:
A kind of wireless aps gathered for MAC with network security audit, including:
WIFI module, for by periodically peripherad mobile terminal broadcast beacon frame or according to from shifting The broadcast of dynamic terminal is detected claim frame and mobile terminal is accessed into WIFI network;
MAC collection apparatus modules, for after mobile terminal is accessed WIFI network by WIFI module, gathering WIFI communication data packets from mobile terminal, extract from the BSSID fields in WIFI communication data packets The MAC Address of mobile terminal;And
Network security audit module, is connected to WIFI module and MAC collection apparatus modules, is connect for gathering Enter the Internet data of the mobile terminal of WIFI network, generate user behaviors log and be uploaded to cloud platform.
Preferably, network security audit module includes:
Data acquisition unit, for gathering the Internet data by the user of mobile terminal Internet access;
Protocol identification unit, is connected to data acquisition unit, is analyzed for the Internet data to user, Recognize the protocol type of Internet data, protocol type according to belonging to Internet data sends to right Internet data The protocol analysis plug-in unit answered;
Protocol analysis unit, is connected to protocol identification unit, including multiple protocol analysis plug-in units, for parsing Different types of agreement, generates user behaviors log;And
Data transmission unit, is connected to protocol analysis unit, for user behaviors log to be sent to cloud platform.
Preferably, protocol type include http protocol, TELNET agreements, File Transfer Protocol, smtp protocol, POP3 agreements.
Preferably, MAC collection apparatus module is by parsing 802.11 agreements in WIFI communication data packets Frame head obtains BSSID fields.
Correspondingly, the present invention also offer one kind carries out MAC collections simultaneously using wireless aps and network security is careful The method of meter, including:
Step S1:The WIFI module of wireless aps is by periodically peripherad mobile terminal broadcast beacon frame Or detect according to the broadcast from mobile terminal claim frame mobile terminal is accessed into WIFI network;
Step S2:After mobile terminal is accessed WIFI network by WIFI module, by the MAC of wireless aps Collection apparatus module gathers the WIFI communication data packets from mobile terminal, from WIFI communication data packets BSSID fields extract the MAC Address of mobile terminal;And
Step S3:The mobile terminal of WIFI network is accessed by the network security audit module collection of wireless aps Internet data, generates user behaviors log and is uploaded to cloud platform.
Preferably, step S3 includes:
Step S31:The use that mobile terminal Internet access is passed through by the data acquisition unit collection of network security audit module The Internet data at family;
Step S32:The Internet data of user is divided by the protocol identification unit of network security audit module Analysis, recognizes the protocol type of Internet data, and the protocol type according to belonging to Internet data sends Internet data To corresponding protocol analysis plug-in unit;
Step S33:It is raw by the different types of agreement of protocol analysis unit resolves by network security audit module Into user behaviors log;And
Step S34:User behaviors log is sent to cloud platform by the data transmission unit of network security audit module.
Preferably, protocol type include http protocol, TELNET agreements, File Transfer Protocol, smtp protocol, POP3 agreements.
Preferably, in step s 2, during MAC collection apparatus module is by parsing WIFI communication data packets The frame head of 802.11 agreements obtains BSSID fields.
Implement the embodiment of the present invention, have the advantages that:The wireless aps that the present invention is provided, except with general Outside the function of the offers wireless coverage of logical wireless aps, can be also used for gathering the MAC Address of wireless terminal with Capture carries out the Internet data of the user of online activity by the wireless terminal, and the Internet data of user is parsed Afterwards, the user behaviors log and corresponding MAC Address that will be produced are sent to cloud platform simultaneously, are public security officer in the future Handle a case and give a clue and support.Realize that WIFI is covered, MAC Address is gathered and network is pacified by 1 equipment The function of full audit, it is simple and convenient, and saved cost.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to implementing Example or the accompanying drawing to be used needed for description of the prior art are briefly described, it should be apparent that, describe below In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying On the premise of going out creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
The wireless aps for MAC collections and network security audit that Fig. 1 is provided for one embodiment of the invention Structured flowchart.
Fig. 2 show one embodiment of the invention offer and mobile terminal is accessed into WIFI by WIFI module 110 The Signalling exchange schematic diagram of network.
The wireless aps for MAC collections and network security audit that Fig. 3 is provided for one embodiment of the invention Structured flowchart.
It is the use wireless aps of one embodiment of the invention offer shown in Fig. 4 while carrying out MAC collections and network The flow chart of the method for security audit.
It is the particular flow sheet of the step S3 in the method shown in Fig. 4 shown in Fig. 5.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation Property work under the premise of the every other embodiment that is obtained, belong to the scope of protection of the invention.
The wireless aps for MAC collections and network security audit that Fig. 1 is provided for one embodiment of the invention Structured flowchart.As shown in figure 1, including for the wireless aps 100 of MAC collections and network security audit WIFI module 110, MAC collection apparatus module 120 and network security audit module 130, wherein, network Security audit module 130 is connected to WIFI module 110 and MAC collection apparatus module 120.
Specifically, in the present embodiment, WIFI module 110 is used for by periodically peripherad mobile whole End broadcast beacon frame or detected according to the broadcast from mobile terminal claim frame come by mobile terminal access WIFI nets Network.
Further, Fig. 2 show one embodiment of the invention and provides and passes through WIFI module 110 by mobile terminal Access the Signalling exchange schematic diagram of WIFI network.As shown in Figure 2, on the one hand, mobile terminal can be by prison The broadcast beacon frame that WIFI module 110 sends is listened to obtain the wireless network parameter of surrounding to add WIFI nets Network, on the other hand, mobile terminal can send broadcast and detect claim frame (Probe Request) scanning wireless network, WIFI module 110 is received after detecting claim frame, can send probe response frame (Probe to mobile terminal Response) mobile terminal its network information that can provide is informed;Sent WIFI module 110 is received Probe response frame after, mobile terminal to WIFI module 110 send Authentication ask, WIFI moulds Request of the link authentication mode that block 110 is used according to it to mobile terminal is authenticated;After certification success, Mobile terminal is receiving the auth response frame of the transmission of WIFI module 110, is sent to WIFI module 110 and associated Claim frame;After the association response frame that WIFI module 110 receives mobile terminal transmission, you can to mobile terminal Send data.
Specifically, in the present embodiment, MAC collection apparatus module 120 is used to be incited somebody to action in WIFI module 110 After mobile terminal accesses WIFI network, the WIFI communication data packets from mobile terminal are gathered, from the WIFI BSSID fields in communication data packet extract the MAC Address of the mobile terminal.Further, MAC Collection apparatus module 120 is obtained by parsing the frame head of 802.11 agreements in WIFI communication data packets BSSID fields.
Specifically, in the present embodiment, network security audit module 130 is used to gather access WIFI network The Internet data of mobile terminal, generates user behaviors log and is uploaded to cloud platform.For example, user behaviors log can be wrapped The MAC Address mark user account of user identity, speech that the online footprint of user, user deliver etc. is included to believe Breath.Because MAC Address is the unique identifier that identifies mobile terminal identity, by by the user behaviors log of user Produce the mobile terminal that uses of behavior daily record to associate with user, can be carried for public security officer in the future handles a case For support and clue.
The wireless aps that the present invention is provided, in addition to the function of the offer wireless coverage with common wireless aps, also The MAC Address and capture that can be used for gathering wireless terminal carry out the use of online activity by the wireless terminal The Internet data at family, after the Internet data of user is parsed, by the user behaviors log for producing and corresponding MAC ground Location is sent to cloud platform simultaneously, is that public security officer handles a case and gives a clue and support in the future.By 1 equipment reality The function of existing WIFI coverings, MAC Address collection and network security audit, it is simple and convenient, and saved into This.
The wireless aps for MAC collections and network security audit that Fig. 3 is provided for one embodiment of the invention Structured flowchart.As shown in figure 3, further, network security audit module 130 includes data acquisition unit 132nd, protocol identification unit 134, protocol analysis unit 136 and data transmission unit 138, wherein, association View recognition unit 134 is connected to data acquisition unit 132, and protocol analysis unit 136 is connected to protocol identification list Unit 134, data transmission unit 138 is connected to protocol analysis unit 136.
Specifically, in the present embodiment, data acquisition unit 132 is used to gather by mobile terminal Internet access The Internet data of user, and the Internet data of collection is sent to protocol identification unit 134.
Specifically, in the present embodiment, protocol identification unit 134 is used to divide the Internet data of user Analysis, recognizes the protocol type of the Internet data, and the protocol type according to belonging to the Internet data is by Internet data Send to corresponding protocol analysis plug-in unit.Further, above-mentioned protocol type includes http protocol, TELNET Agreement, File Transfer Protocol, smtp protocol, POP3 agreements.
Specifically, in the present embodiment, protocol analysis unit 136 includes multiple protocol analysis plug-in units, is used for Different types of agreement is parsed, user behaviors log is generated, and send to data transmission unit 138.Further, As a example by parsing http protocol, http protocol parses plug-in unit and is receiving the upper of the collection of data acquisition unit 132 After network data, the information of host, url, title can be extracted, complete the solution to HTTP (GET) log-on message Analysis, lifts account, password, and message file is logined in completion, completes HTTP (POST) data and falls file, By the information of host, url, title, login message file and data fall file while be stored in user behaviors log, then Send to data transmission unit.
Specifically, in the present embodiment, data transmission unit 138 is used to send user behaviors log to cloud platform.
So, by gathering the Internet data of user, Internet data is parsed according to different agreement species, For different agreements, different user behaviors logs are generated, then user behaviors log and corresponding MAC Address are sent Stored to cloud platform.
It is the use wireless aps of one embodiment of the invention offer shown in Fig. 4 while carrying out MAC collections and network The flow chart of the method for security audit.As shown in figure 4, the method is comprised the following steps:
Step S1:Beacon is broadcasted by periodically peripherad mobile terminal by the WIFI module of wireless aps Frame according to the broadcast from mobile terminal detects claim frame mobile terminal is accessed into WIFI network.
Specifically, on the one hand, mobile terminal can be by monitoring the broadcast beacon frame that WIFI module 110 sends WIFI network is added to obtain the wireless network parameter of surrounding, on the other hand, mobile terminal can send broadcast Claim frame (Probe Request) scanning wireless network is detected, WIFI module 110 is received after detecting claim frame, Probe response frame (Probe Response) can be sent to mobile terminal, and to inform mobile terminal, it can be provided The network information;After the probe response frame for receiving the transmission of WIFI module 110, mobile terminal is to WIFI module 110 send Authentication requests, and the link authentication mode that WIFI module 110 is used according to it is to movement The request of terminal is authenticated;After certification success, mobile terminal is receiving the checking of the transmission of WIFI module 110 Response frame, association request frame is sent to WIFI module 110;Mobile terminal hair is received in WIFI module 110 After the association response frame sent, you can send data to mobile terminal.
Step S2:After mobile terminal is accessed WIFI network by WIFI module, by the MAC of wireless aps Collection apparatus module gathers the WIFI communication data packets from mobile terminal, from WIFI communication data packets BSSID fields extract the MAC Address of mobile terminal.
Further, MAC collection apparatus module 120 is by parsing 802.11 in WIFI communication data packets The frame head of agreement obtains BSSID fields.
Step S3:The mobile terminal of WIFI network is accessed by the network security audit module collection of wireless aps Internet data, generates user behaviors log and is uploaded to cloud platform.
Specifically, as shown in figure 5, step S3 includes following sub-step:
Step S31:The use that mobile terminal Internet access is passed through by the data acquisition unit collection of network security audit module The Internet data at family.
Step S32:The Internet data of user is divided by the protocol identification unit of network security audit module Analysis, recognizes the protocol type of Internet data, and the protocol type according to belonging to Internet data sends Internet data To corresponding protocol analysis plug-in unit.
Step S33:By the different types of agreement of protocol analysis unit resolves of network security audit module, generation User behaviors log.
Further, above-mentioned protocol type includes http protocol, TELNET agreements, File Transfer Protocol, SMTP Agreement, POP3 agreements.
Step S34:User behaviors log is sent to cloud platform by the data transmission unit of network security audit module.
The use wireless aps provided by the present invention carry out the side of MAC collections and network security audit simultaneously Method, while WIFI coverings are provided, can also gather the MAC Address of mobile terminal, and parsing user is led to Crossing mobile terminal carries out the Internet data of network activity, and the user behaviors log and MAC Address that will be formed after parsing Transmission is stored to cloud platform, is that public security officer handles a case and gives a clue and support in the future.
The embodiment of the present invention additionally provides a kind of computer program product, including the calculating for storing program code Machine readable storage medium storing program for executing, the instruction that program code includes can be used to perform the method in previous methods embodiment, Implement and can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that, for convenience and simplicity of description, foregoing description System, device and unit specific work process, may be referred to the corresponding process in preceding method embodiment, Will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, device and side Method, can realize by another way.Device embodiment described above is only schematical, example Such as, the division of unit, only a kind of division of logic function, can there is other division side when actually realizing Formula, but for example, multiple units or component can combine or be desirably integrated into another system, or some spies Levying to ignore, or does not perform.It is another, shown or discussed coupling or direct-coupling each other Or communication connection can be that the INDIRECT COUPLING or communication connection of device or unit can by some communication interfaces Being electrical, mechanical or other forms.
As separating component illustrate unit can be or may not be it is physically separate, as unit The part of display can be or may not be physical location, you can with positioned at a place, or also may be used To be distributed on multiple NEs.Some or all of unit therein can according to the actual needs be selected To realize the purpose of this embodiment scheme.
In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, Can also be that unit is individually physically present, it is also possible to which two or more units are integrated in a unit In.
If function, can to realize in the form of SFU software functional unit and as independent production marketing or when using To store in a computer read/write memory medium.Based on such understanding, technical scheme The part for substantially being contributed to prior art in other words or the part of the technical scheme can be produced with software The form of product is embodied, and the computer software product is stored in a storage medium, including some instructions It is used to so that a computer equipment (can be personal computer, server, or network equipment etc.) performs sheet Invent all or part of step of each embodiment method.And foregoing storage medium includes:USB flash disk, movement Hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
More than, specific embodiment only of the invention, but protection scope of the present invention is not limited thereto, Any one skilled in the art the invention discloses technical scope in, change can be readily occurred in Or replace, should all be included within the scope of the present invention.Therefore, protection scope of the present invention Ying Yiquan The protection domain that profit is required is defined.

Claims (8)

1. it is a kind of for MAC collection and network security audit wireless aps, it is characterised in that including:
WIFI module, for by periodically peripherad mobile terminal broadcast beacon frame or according to from shifting The broadcast of dynamic terminal is detected claim frame and mobile terminal is accessed into WIFI network;
MAC collection apparatus modules, for after mobile terminal is accessed WIFI network by WIFI module, gathering WIFI communication data packets from mobile terminal, extract from the BSSID fields in WIFI communication data packets The MAC Address of mobile terminal;And
Network security audit module, is connected to WIFI module and MAC collection apparatus modules, is connect for gathering Enter the Internet data of the mobile terminal of WIFI network, generate user behaviors log and be uploaded to cloud platform.
2. according to claim 1 for MAC collections and the wireless aps of network security audit, it is special Levy and be, network security audit module includes:
Data acquisition unit, for gathering the Internet data by the user of mobile terminal Internet access;
Protocol identification unit, is connected to data acquisition unit, is analyzed for the Internet data to user, Recognize the protocol type of Internet data, protocol type according to belonging to Internet data sends to right Internet data The protocol analysis plug-in unit answered;
Protocol analysis unit, is connected to protocol identification unit, including multiple protocol analysis plug-in units, for parsing Different types of agreement, generates user behaviors log;And
Data transmission unit, is connected to protocol analysis unit, for by user behaviors log and MAC Address send to Cloud platform.
3. according to claim 2 for MAC collections and the wireless aps of network security audit, it is special Levy and be, protocol type include http protocol, TELNET agreements, File Transfer Protocol, smtp protocol, POP3 agreements.
4. the method for cracking Mobile solution PUSH message according to claim 1, it is characterised in that MAC collection apparatus module is obtained by parsing the frame head of 802.11 agreements in WIFI communication data packets BSSID fields.
5. a kind of method that use wireless aps carry out MAC collections and network security audit simultaneously, its feature It is, including:
Step S1:The WIFI module of wireless aps is by periodically peripherad mobile terminal broadcast beacon frame Or detect according to the broadcast from mobile terminal claim frame mobile terminal is accessed into WIFI network;
Step S2:After mobile terminal is accessed WIFI network by WIFI module, by the MAC of wireless aps Collection apparatus module gathers the WIFI communication data packets from mobile terminal, from WIFI communication data packets BSSID fields extract the MAC Address of mobile terminal;And
Step S3:The mobile terminal of WIFI network is accessed by the network security audit module collection of wireless aps Internet data, generates user behaviors log and is uploaded to cloud platform.
6. method according to claim 5, it is characterised in that step S3 includes:
Step S31:The use that mobile terminal Internet access is passed through by the data acquisition unit collection of network security audit module The Internet data at family;
Step S32:The Internet data of user is divided by the protocol identification unit of network security audit module Analysis, recognizes the protocol type of Internet data, and the protocol type according to belonging to Internet data sends Internet data To corresponding protocol analysis plug-in unit;
Step S33:It is raw by the different types of agreement of protocol analysis unit resolves by network security audit module Into user behaviors log;And
Step S34:User behaviors log is sent to cloud platform by the data transmission unit of network security audit module.
7. method according to claim 6, it is characterised in that protocol type include http protocol, TELNET agreements, File Transfer Protocol, smtp protocol, POP3 agreements.
8. method according to claim 5, it is characterised in that in step s 2, MAC features are adopted Collection module obtains BSSID fields by parsing the frame head of 802.11 agreements in WIFI communication data packets.
CN201510863097.3A 2015-11-30 2015-11-30 For MAC collections and the wireless aps and method of network security audit Pending CN106817353A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510863097.3A CN106817353A (en) 2015-11-30 2015-11-30 For MAC collections and the wireless aps and method of network security audit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510863097.3A CN106817353A (en) 2015-11-30 2015-11-30 For MAC collections and the wireless aps and method of network security audit

Publications (1)

Publication Number Publication Date
CN106817353A true CN106817353A (en) 2017-06-09

Family

ID=59108383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510863097.3A Pending CN106817353A (en) 2015-11-30 2015-11-30 For MAC collections and the wireless aps and method of network security audit

Country Status (1)

Country Link
CN (1) CN106817353A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682913A (en) * 2017-09-21 2018-02-09 烽火通信科技股份有限公司 Gather the method and system of terminal device information in the range of wireless signal
CN107819761A (en) * 2017-11-06 2018-03-20 成都西加云杉科技有限公司 Data processing method, device and readable storage medium storing program for executing
CN108989129A (en) * 2018-08-23 2018-12-11 承德石油高等专科学校 A kind of device and method based on the storage of network big data, acquisition and analysis
CN109714448A (en) * 2018-12-26 2019-05-03 深圳创维数字技术有限公司 The internet information statistical method and device of PON terminal
CN109861998A (en) * 2019-01-21 2019-06-07 成都新橙北斗智联有限公司 A kind of plug-in type dynamic analysis system and method based on Big Dipper short message agreement
CN110087282A (en) * 2019-04-24 2019-08-02 新华三技术有限公司 The method and device of information sifting
CN110519257A (en) * 2019-08-22 2019-11-29 北京天融信网络安全技术有限公司 A kind of processing method and processing device of the network information
CN110650056A (en) * 2019-09-30 2020-01-03 广州竞远安全技术股份有限公司 Network identity association normalization method, storage device and mobile terminal
CN110808845A (en) * 2018-08-06 2020-02-18 新疆联海创智信息科技有限公司 MAC address information acquisition system and method based on WiFi equipment
CN111542083A (en) * 2020-03-24 2020-08-14 浙江中烟工业有限责任公司 Method for collecting and analyzing through industrial wireless network air interface

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179461A (en) * 2007-09-14 2008-05-14 东南大学 Wireless LAN access device for remote content monitoring
CN101453409A (en) * 2007-12-07 2009-06-10 ***通信集团公司 Information broadcast method for supporting terminal combined access, apparatus and system thereof
CN101753371A (en) * 2008-12-15 2010-06-23 中兴通讯股份有限公司 Management system based on safe operation and method thereof
CN101826993A (en) * 2010-02-04 2010-09-08 蓝盾信息安全技术股份有限公司 Method, system and device for monitoring security event
CN103338260A (en) * 2013-07-04 2013-10-02 武汉世纪金桥安全技术有限公司 Distributed analytical system and analytical method for URL logs in network auditing
CN104429128A (en) * 2013-06-24 2015-03-18 华为技术有限公司 Wireless access processing method, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179461A (en) * 2007-09-14 2008-05-14 东南大学 Wireless LAN access device for remote content monitoring
CN101453409A (en) * 2007-12-07 2009-06-10 ***通信集团公司 Information broadcast method for supporting terminal combined access, apparatus and system thereof
CN101753371A (en) * 2008-12-15 2010-06-23 中兴通讯股份有限公司 Management system based on safe operation and method thereof
CN101826993A (en) * 2010-02-04 2010-09-08 蓝盾信息安全技术股份有限公司 Method, system and device for monitoring security event
CN104429128A (en) * 2013-06-24 2015-03-18 华为技术有限公司 Wireless access processing method, device and system
CN103338260A (en) * 2013-07-04 2013-10-02 武汉世纪金桥安全技术有限公司 Distributed analytical system and analytical method for URL logs in network auditing

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682913A (en) * 2017-09-21 2018-02-09 烽火通信科技股份有限公司 Gather the method and system of terminal device information in the range of wireless signal
CN107819761A (en) * 2017-11-06 2018-03-20 成都西加云杉科技有限公司 Data processing method, device and readable storage medium storing program for executing
CN110808845A (en) * 2018-08-06 2020-02-18 新疆联海创智信息科技有限公司 MAC address information acquisition system and method based on WiFi equipment
CN108989129A (en) * 2018-08-23 2018-12-11 承德石油高等专科学校 A kind of device and method based on the storage of network big data, acquisition and analysis
CN109714448A (en) * 2018-12-26 2019-05-03 深圳创维数字技术有限公司 The internet information statistical method and device of PON terminal
CN109861998A (en) * 2019-01-21 2019-06-07 成都新橙北斗智联有限公司 A kind of plug-in type dynamic analysis system and method based on Big Dipper short message agreement
CN109861998B (en) * 2019-01-21 2021-06-11 成都新橙北斗智联有限公司 Plug-in type dynamic analysis system and method based on Beidou short message protocol
CN110087282B (en) * 2019-04-24 2021-06-04 新华三技术有限公司 Information screening method and device
CN110087282A (en) * 2019-04-24 2019-08-02 新华三技术有限公司 The method and device of information sifting
CN110519257A (en) * 2019-08-22 2019-11-29 北京天融信网络安全技术有限公司 A kind of processing method and processing device of the network information
CN110519257B (en) * 2019-08-22 2022-04-01 北京天融信网络安全技术有限公司 Network information processing method and device
CN110650056A (en) * 2019-09-30 2020-01-03 广州竞远安全技术股份有限公司 Network identity association normalization method, storage device and mobile terminal
CN111542083A (en) * 2020-03-24 2020-08-14 浙江中烟工业有限责任公司 Method for collecting and analyzing through industrial wireless network air interface
CN111542083B (en) * 2020-03-24 2023-10-20 浙江中烟工业有限责任公司 Method for collecting and analyzing air interface through industrial wireless network

Similar Documents

Publication Publication Date Title
CN106817353A (en) For MAC collections and the wireless aps and method of network security audit
CN105007282B (en) The Malware network behavior detection method and system of network-oriented service provider
CN106790105B (en) Crawler identification interception method and system based on business data
CN102710777B (en) Advertisement push-delivery method and system, as well as advertisement pusher
CN101924757B (en) Method and system for reviewing Botnet
CN105187392B (en) Mobile terminal from malicious software detecting method and its system based on Network Access Point
CN104639498B (en) The method, apparatus and system of a kind of fingerprint matching
CN101605074A (en) The method and system of communication behavioural characteristic monitoring wooden horse Network Based
CN108768921B (en) Malicious webpage discovery method and system based on feature detection
CN107294919A (en) A kind of detection method and device of horizontal authority leak
CN103618792B (en) Data stream identification method and device
CN107332804A (en) The detection method and device of webpage leak
CN112104613B (en) Honey net testing system based on data flow packet analysis and testing method thereof
CN109219050A (en) A kind of WIFI acquisition system and its method based on virtual AP
CN103428249A (en) Collecting method and processing method for HTTP request packet, system and server
CN108712428A (en) A kind of method and device carrying out device type identification to terminal
CN110493085A (en) Statistical method, system, electronic equipment and the medium of IPv6 active users
CN106790073B (en) Blocking method and device for malicious attack of Web server and firewall
CN105813114B (en) A kind of shared host method and device of determining access
CN110034979A (en) A kind of proxy resources monitoring method, device, electronic equipment and storage medium
CN101835144A (en) Method and device for carrying out safety detection on wireless network
CN107995650B (en) Method and device for acquiring neighbor cell identifier
CN110058565B (en) Industrial control PLC system fingerprint simulation method based on Linux operating system
CN102469450B (en) Method and device for recognizing virus characteristics of mobile phone
CN101902759A (en) Wireless network safety analysis method and device based on protocol testing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170609

RJ01 Rejection of invention patent application after publication