CN109787866A - A kind of method and device identifying port - Google Patents
A kind of method and device identifying port Download PDFInfo
- Publication number
- CN109787866A CN109787866A CN201910123286.5A CN201910123286A CN109787866A CN 109787866 A CN109787866 A CN 109787866A CN 201910123286 A CN201910123286 A CN 201910123286A CN 109787866 A CN109787866 A CN 109787866A
- Authority
- CN
- China
- Prior art keywords
- port
- banner
- identified
- response message
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 230000004044 response Effects 0.000 claims abstract description 43
- 238000004590 computer program Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of recognition methods of port provided by the invention and device, by all of the port for scanning equipment to be identified, obtain port list, connection request is sent to each port respectively according to the port list, obtain response message, the service type of each port is identified according to the response message, can comprehensively detect all of the port of equipment to be identified, improves internet security and accuracy is high.
Description
Technical field
The present invention relates to technical field of network security, in particular to a kind of method and device for identifying port.
Background technique
Server is a kind of high-performance computer, and as the node of network, storage handles 80% data on network, letter
Breath, therefore the soul of also referred to as network.It is also possible that saying, server refers to a management resource and provides service for user
Computer software is generally divided into file server, database server and apps server.
Currently, the port of server identification target device relies primarily on manual registration's identification, cause to build privately in network
Offending service device and some port servers reinstalled after system, the new network address of distribution can not detect, lead to network
Safety reduces, and there are safety risks.
Summary of the invention
The technical problems to be solved by the present invention are: providing a kind of method and device for identifying port, can effectively identify
Internet security is improved in different ports.
In order to solve the above-mentioned technical problem, a kind of technical solution that the present invention uses are as follows:
A method of identification port, comprising steps of
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
S3, the service type that each port is identified according to the response message.
In order to solve the above-mentioned technical problem, the another technical solution that the present invention uses are as follows:
A kind of device identifying port, including memory, processor and storage can transport on a memory and on a processor
Capable computer program, the processor perform the steps of when executing described program
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
S3, the service type that each port is identified according to the response message.
The beneficial effects of the present invention are: all of the port by scanning equipment to be identified obtains port list, according to institute
It states port list and sends connection request to each port respectively, obtain response message, identified according to the response message each
The service type of port can comprehensively detect all of the port of equipment to be identified, improve internet security and accuracy is high.
Detailed description of the invention
Fig. 1 is the method flow diagram that the embodiment of the present invention identifies port;
Fig. 2 is the structural schematic diagram for the device that the embodiment of the present invention identifies port;
Label declaration:
1, the device of port is identified;2, memory;3, processor.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained.
The most critical design of the present invention is: obtaining port list, and divide by all of the port for scanning equipment to be identified
Connection request is not sent to each port, obtains response message, information identifies the service type of each port, energy according to response
Enough all of the port for comprehensively detecting equipment to be identified, improve internet security and accuracy is high.
Fig. 1 is please referred to, a method of identification port, comprising steps of
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
S3, the service type that each port is identified according to the response message.
As can be seen from the above description, the beneficial effects of the present invention are: all of the port by scanning equipment to be identified obtains
Port list sends connection request to each port respectively according to the port list, response message is obtained, according to the response
Information identifies the service type of each port, can comprehensively detect all of the port of equipment to be identified, improves network security
Property and accuracy it is high.
Further, step S2 specifically:
It connects the port of the equipment to be identified one by one according to the port list, creates socket socket, the company of transmission
Request is connect, response message is obtained.
Seen from the above description, it by connecting the port of the equipment to be identified one by one according to the port list, creates
Socket socket sends connection request, obtains response message, improve detection efficiency.
Further, the response message be banner packet, the banner packet include the packet header banner and
Banner content, the packet header banner include protocol characteristic code, and the banner content includes spcial character or keyword.
It seen from the above description, is banner packet by setting response message, the banner packet includes
The packet header banner and banner content, the packet header banner include protocol characteristic code, and the banner content includes special word
Symbol or keyword, convenient for improving the subsequent precision for carrying out port identification.
Further, step S3 specifically:
The service class that characteristic matching identifies each port is carried out including the packet header banner and banner content according to described
Type.
Seen from the above description, by carrying out characteristic matching identification including the packet header banner and banner content according to described
The accuracy of identification port can be improved in the service type of each port out.
Further, step S2 further include:
Judge whether the port of the equipment to be identified opens, if so, sending connection request.
Seen from the above description, it by judging whether the port of the equipment to be identified opens, is asked if so, sending connection
It asks, convenient for improving the speed of the port identified.
Referring to figure 2., a kind of device identifying port, including memory, processor and storage are on a memory and can be
The computer program run on processor, the processor perform the steps of when executing described program
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
S3, the service type that each port is identified according to the response message.
As can be seen from the above description, the beneficial effects of the present invention are: all of the port by scanning equipment to be identified obtains
Port list sends connection request to each port respectively according to the port list, response message is obtained, according to the response
Information identifies the service type of each port, can comprehensively detect all of the port of equipment to be identified, improves network security
Property and accuracy it is high.
Further, step S2 specifically:
It connects the port of the equipment to be identified one by one according to the port list, creates socket socket, the company of transmission
Request is connect, response message is obtained.
Seen from the above description, it by connecting the port of the equipment to be identified one by one according to the port list, creates
Socket socket sends connection request, obtains response message, improve detection efficiency.
Further, the response message be banner packet, the banner packet include the packet header banner and
Banner content, the packet header banner include protocol characteristic code, and the banner content includes spcial character or keyword.
It seen from the above description, is banner packet by setting response message, the banner packet includes
The packet header banner and banner content, the packet header banner include protocol characteristic code, and the banner content includes special word
Symbol or keyword, convenient for improving the subsequent precision for carrying out port identification.
Further, step S3 specifically:
The service class that characteristic matching identifies each port is carried out including the packet header banner and banner content according to described
Type.
Seen from the above description, by carrying out characteristic matching identification including the packet header banner and banner content according to described
The accuracy of identification port can be improved in the service type of each port out.
Further, step S2 further include:
Judge whether the port of the equipment to be identified opens, if so, sending connection request.
Seen from the above description, it by judging whether the port of the equipment to be identified opens, is asked if so, sending connection
It asks, convenient for improving the speed of the port identified.
Embodiment one
Fig. 1 is please referred to, a method of identification port, comprising steps of
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
Step S2 specifically:
It connects the port of the equipment to be identified one by one according to the port list, creates socket socket, the company of transmission
Request is connect, response message is obtained, the response message is banner packet, and the banner packet includes the packet header banner
With banner content, the packet header banner includes protocol characteristic code, and the banner content includes spcial character or keyword;
Step S2 further include:
Judge whether the port of the equipment to be identified opens, if so, sending connection request;
S3, the service type that each port is identified according to the response message;
Step S3 specifically:
The service class that characteristic matching identifies each port is carried out including the packet header banner and banner content according to described
Type.
Embodiment two
The present embodiment will further illustrate how the recognition methods of the above-mentioned port of the present invention is in conjunction with specific application scenarios
It realizes:
1, all open ports for scanning equipment to be identified, obtain open port list
2, the open port of the equipment to be identified, creation socket socket are connected one by one according to the open port list
Word, transmission HTTP GET connection request (working method of HTTP is request-response protocol between client and server,
When making requests-responding between client and server, there are two most basic request methods: GET and POST;Wherein, GET is asked
Ask expression from specified resource request data), obtain corresponding ports response banner packet
3, return banner packet is identified, to identify the service type of corresponding ports, and then is effectively detected
The open various services of target device or multiple services out;
3.1, the service type that the port how is identified according to return banner packet is specifically described below
1) packet header banner is analyzed, canonical matches specific protocol characteristic code;
2) banner content, canonical matching service spcial character or keyword are analyzed;
3) banner information is analyzed, in conjunction with 1), 2) two o'clock judges service;
Wherein, condition code, spcial character, keyword need to collect more complete information bank, effectively detect target device
Open various services or multiple services;
Such as:
Example 1, target: the port 192.168.16.106: 21
Method: creation socket socket, 21 port of linking objective host obtain banner content: " 220Xlight
FTP Server 3.8ready...”
FTP condition code is matched by canonical, can identify it is FTP service;
Example 2, target domain name: the port demo.aisec.cn: 80
Method: creation socket socket, 80 port of linking objective host send http get request to banner
Packet header:
“HTTP/1.1 400Bad Request
Date:Thu,01Nov 2018 07:14:38GMT
Content-Type:text/html
Content-Length:381
Connection:close
ETag:"577a85ba-17d"
Server:WAF3.0WEB”
HTTP/1.1 condition code is matched by canonical, can identify it is WEB service.
Embodiment three
Referring to figure 2., a kind of device 1 identifying port, including memory 2, processor 3 and be stored on memory 2 simultaneously
The computer program that can be run on processor 3, the processor 3 realize each step in embodiment one when executing described program
Suddenly.
In conclusion recognition methods and the device of a kind of port provided by the invention, by the institute for scanning equipment to be identified
There is port, obtain port list, connection request is sent to each port respectively according to the port list, obtains response message,
The service type of each port is identified according to the response message, can comprehensively detect all of the port of equipment to be identified,
It improves internet security and accuracy is high, by connecting the port of the equipment to be identified one by one according to the port list, create
Socket socket is built, connection request is sent, obtains response message, improve detection efficiency, by including according to
The packet header banner and banner content carry out the service type that characteristic matching identifies each port, and the standard of identification port can be improved
True property, by judging whether the port of the equipment to be identified opens, if so, connection request is sent, convenient for improving identification
The speed of port.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in relevant technical field, similarly include
In scope of patent protection of the invention.
Claims (10)
1. a kind of method for identifying port, which is characterized in that comprising steps of
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
S3, the service type that each port is identified according to the response message.
2. the method for identification port according to claim 1, which is characterized in that step S2 specifically:
It connects the port of the equipment to be identified one by one according to the port list, creates socket socket, send connection and ask
It asks, obtains response message.
3. the method for identification port according to claim 1, which is characterized in that the response message is banner information
Packet, the banner packet includes the packet header banner and banner content, and the packet header banner includes protocol characteristic code, institute
Stating banner content includes spcial character or keyword.
4. the method for identification port according to claim 3, which is characterized in that step S3 specifically:
The service type that characteristic matching identifies each port is carried out including the packet header banner and banner content according to described.
5. the method for identification port according to claim 1, which is characterized in that step S2 further include:
Judge whether the port of the equipment to be identified opens, if so, sending connection request.
6. a kind of device for identifying port, including memory, processor and storage can be run on a memory and on a processor
Computer program, which is characterized in that the processor performs the steps of when executing described program
The all of the port of S1, scanning equipment to be identified, obtain port list;
S2, connection request is sent to each port respectively according to the port list, obtains response message;
S3, the service type that each port is identified according to the response message.
7. the device of identification port according to claim 6, which is characterized in that step S2 specifically:
It connects the port of the equipment to be identified one by one according to the port list, creates socket socket, send connection and ask
It asks, obtains response message.
8. the device of identification port according to claim 6, which is characterized in that the response message is banner information
Packet, the banner packet includes the packet header banner and banner content, and the packet header banner includes protocol characteristic code, institute
Stating banner content includes spcial character or keyword.
9. the device of identification port according to claim 8, which is characterized in that step S3 specifically:
The service type that characteristic matching identifies each port is carried out including the packet header banner and banner content according to described.
10. the device of identification port according to claim 6, which is characterized in that step S2 further include:
Judge whether the port of the equipment to be identified opens, if so, sending connection request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910123286.5A CN109787866A (en) | 2019-02-18 | 2019-02-18 | A kind of method and device identifying port |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910123286.5A CN109787866A (en) | 2019-02-18 | 2019-02-18 | A kind of method and device identifying port |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109787866A true CN109787866A (en) | 2019-05-21 |
Family
ID=66504600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910123286.5A Pending CN109787866A (en) | 2019-02-18 | 2019-02-18 | A kind of method and device identifying port |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109787866A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430199A (en) * | 2019-08-08 | 2019-11-08 | 杭州安恒信息技术股份有限公司 | Method and system for identifying attack sources of IoT botnets |
| CN110995495A (en) * | 2019-12-10 | 2020-04-10 | 北京知道创宇信息技术股份有限公司 | Network fault detection method and device, electronic equipment and storage medium |
| CN113411414A (en) * | 2021-05-12 | 2021-09-17 | 郑州埃文计算机科技有限公司 | Enterprise special line and data center classification method based on IP Banner heterogeneity |
| CN116668117A (en) * | 2023-05-31 | 2023-08-29 | 上海螣龙科技有限公司 | A multi-level fingerprint identification method, device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090187989A1 (en) * | 2008-01-22 | 2009-07-23 | Sungkyunkwan University Foundation For Corporate Collaboration | System and method for controlling abnormal traffic based on fuzzy logic |
| CN105245595A (en) * | 2015-09-30 | 2016-01-13 | 小米科技有限责任公司 | Service response method and service response device |
-
2019
- 2019-02-18 CN CN201910123286.5A patent/CN109787866A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090187989A1 (en) * | 2008-01-22 | 2009-07-23 | Sungkyunkwan University Foundation For Corporate Collaboration | System and method for controlling abnormal traffic based on fuzzy logic |
| CN105245595A (en) * | 2015-09-30 | 2016-01-13 | 小米科技有限责任公司 | Service response method and service response device |
Non-Patent Citations (1)
| Title |
|---|
| 沈宏伟: "基于Flask的企业内网安全系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430199A (en) * | 2019-08-08 | 2019-11-08 | 杭州安恒信息技术股份有限公司 | Method and system for identifying attack sources of IoT botnets |
| CN110995495A (en) * | 2019-12-10 | 2020-04-10 | 北京知道创宇信息技术股份有限公司 | Network fault detection method and device, electronic equipment and storage medium |
| CN113411414A (en) * | 2021-05-12 | 2021-09-17 | 郑州埃文计算机科技有限公司 | Enterprise special line and data center classification method based on IP Banner heterogeneity |
| CN116668117A (en) * | 2023-05-31 | 2023-08-29 | 上海螣龙科技有限公司 | A multi-level fingerprint identification method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9451036B2 (en) | Method and apparatus for fingerprinting systems and operating systems in a network | |
| CN109787866A (en) | A kind of method and device identifying port | |
| CN102394885B (en) | Information classification protection automatic verification method based on data stream | |
| US20090125496A1 (en) | Network device and method for monitoring of backend transactions in data centers | |
| US8799714B1 (en) | Generating test scenarios from application-layer messages | |
| IL275042A (en) | Self-adaptive application programming interface level security monitoring | |
| CN108052824B (en) | Risk prevention and control method and device and electronic equipment | |
| US20110258315A1 (en) | Network analysis system and method utilizing collected metadata | |
| CN103297270A (en) | Application type recognition method and network equipment | |
| CN111814192B (en) | Training sample generation method and device, and sensitive information detection method and device | |
| WO2015021873A1 (en) | Method, platform server, and system of data pushing | |
| CN103036910B (en) | A kind of user's web access Behavior-Based control method and device | |
| CN106899586A (en) | A kind of dns server software fingerprinting identifying system and method based on machine learning | |
| CN113779616B (en) | Method and device for identifying data | |
| CN116055587B (en) | Method and device for realizing hierarchical classification of API (application program interface) assets | |
| CN114363059B (en) | Attack identification method and device and related equipment | |
| KR102189127B1 (en) | A unit and method for processing rule based action | |
| CN105207829B (en) | Intrusion detection data processing method, device and system | |
| CN114915434B (en) | A network proxy detection method, device, storage medium and computer equipment | |
| Liu et al. | Extracting sent message formats from executables using backward slicing | |
| CN113395367B (en) | HTTPS service identification method and device, storage medium and electronic equipment | |
| CN113630418A (en) | A network service identification method, device, equipment and medium | |
| CN112565106B (en) | Traffic service identification method, device, equipment and computer storage medium | |
| CN104796426B (en) | The detection method at webpage back door | |
| Park et al. | Rule-based user behavior detection system for SaaS application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190521 |