CN101179449B - Monitoring system, apparatus and method in IP network - Google Patents
Monitoring system, apparatus and method in IP network Download PDFInfo
- Publication number
- CN101179449B CN101179449B CN200710077415A CN200710077415A CN101179449B CN 101179449 B CN101179449 B CN 101179449B CN 200710077415 A CN200710077415 A CN 200710077415A CN 200710077415 A CN200710077415 A CN 200710077415A CN 101179449 B CN101179449 B CN 101179449B
- Authority
- CN
- China
- Prior art keywords
- snoop
- message
- filtering rule
- lig
- data message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a sniffer system, an audiomonitor and a monitoring method in an IP network so as to reduce the transform and influence caused to the prior network element. The system of the embodiment of the invention comprises the processes that: an analysis unit Analysis TAP is used for intercepting the data message that the user equipment receives or sends through a network equipment; the monitoring filtration rule is set according to the monitoring command that the legal monitoring gateway LIG sends down and the data message is resolved and filtered according to the filtration rule, and the data message after being filtered is reported to the LIG; the network equipment is wherein a packet access node which accesses the user equipment and the LIG is used for sending down the monitoring command to the Analysis TAP. The related information for setting the monitoring filtration rule is carried in the monitoring command and the data message that the Analysis TAP reports is forwarded to a monitoring center MC so as to implement the monitoring.
Description
Technical field
The present invention relates to the communications field, particularly relate to monitoring system, device and method in a kind of IP network.
Background technology
Lawful Interception (LI, Lawful Interception), be meant (the LEA of law enforcement agency, LawEnforcement Agency) through corresponding authorities conducting the examination on the ministry's authorization (Authorizing Authority) approval, the law enforcement behavior of the communication service of public correspondence net (PTN, PublicTelecommunications Network) being monitored according to national relevant law and public correspondence networking industry standard.
Data communication legal interception system in the existing IP network as shown in Figure 1, monitoring system comprises Lawful interception gateway (LIG, Lawful Interception Gateway), listening center (MC, MonitoringCenter), Radius server, the network equipment, wherein, the network equipment can be router, packet data serving node (PDSN, Packet Data Serving Node) or ASNGW; And prior graphical user interface (GUI by the office terminal, Graphical User Interface) judiciary is sent to Internet and serve provider's (ISP, Internet Service Provider) the content configuration of the Lawful Interception power of attorney in Lawful interception gateway.
In above-mentioned monitoring system, subscriber equipment routes to IP network via router, in the process that communicates by IP network, the flow process of realize monitoring specifically as shown in Figure 2:
Step 3, Radius server receive this authentication request message, transmit this authentication request message to Lawful interception gateway LIG;
Step 4, LIG receive this authentication request message, are converted into monitoring related news (IRI, Interception Related Information) and report listening center MC;
Step 5, Radius server authentication are passed through, and return authentication response message to router;
Step 6, Radius server send authentication response message to LIG, comprise in the described authentication response message that server-assignment gives the IP address of this intercept target;
Step 7, LIG receive this authentication response message, change into the IRI information reporting and give listening center MC;
Step 8, LIG are according to this authentication response message that receives, determine the intercept target login, and send setting intercept target message to router, carry the information relevant in this setting intercept target message with intercept target, wherein, this relevant information comprises: the Radius server-assignment is given the intercept target user's IP address;
Step 9, router send charging request message AccountingStart to the Radius server after receiving authentication response message;
Step 10, Radius server are transmitted to LIG with the charging request message that receives;
Step 11, LIG change into IRI message with the charging request message that receives, and are transmitted to MC;
Step 12, according to charging policy, every regular hour or certain data traffic, router sends Intermediate Charging ICH message Interim Accounting to the Radius server;
Step 13, Radius server are given LIG with the Intermediate Charging ICH forwards that receives;
Step 14, LIG become IRI message to send to MC the Intermediate Charging ICH message transformation that receives;
After step 15, authentication were passed through, router received the setting intercept target message that LIG sends, and started the monitoring to this intercept target;
Step 16, router duplication are the communication data of this intercept target IP address via self all source addresses and destination address, and its Content of Communication (CC, Call Content) are sent to LIG;
Step 17, LIG will receive Content of Communication CC and be transmitted to MC;
Step 18, router send and stop charging message Accounting Stop to the Radius server, and request stops chargeing;
The termination charging message that step 19, Radius server will be received is transmitted to LIG;
Step 20, LIG receive described termination charging message, are converted into IRI message and send to MC.
Monitor for realizing in the prior art, need be at the software section of Radius Sever, network equipment equipment such as (as Router, PDSN) difference development support monitor function, so that realize alternately monitoring with LIG, but monitor function is integrated among existing Radius Sever, Router, the PDSN, can makes the existing capability of these network elements be affected.
Summary of the invention
In view of this, the main purpose of the embodiment of the invention is to provide a kind of IP network monitoring system, audiomonitor and monitor method, reduces transformation and influence to existing network element.
For solving the problems of the technologies described above, the one side of the embodiment of the invention provides the monitoring system in a kind of IP network, comprising:
Analytic unit Analysis TAP, be used between the network equipment and network side the data message that the intercepting subscriber equipment receives or sends to network side via the network equipment from network side via the network equipment, set the snoop filtering rule according to the snoop command that Lawful interception gateway LIG issues, and according to the described data message of described filtering rule parsing filtration, give described LIG with the filtered data message reporting, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
LIG is used for issuing snoop command to Analysis TAP, carries in the described snoop command and sets snoop filtering rule relevant information, and give listening center MC with the data message forwarding that Analysis TAP reports, and realizes monitoring.
The embodiment of the invention provides the audiomonitor in a kind of IP network on the other hand, comprising: data are duplicated retransmission unit, data analysis unit; Wherein,
Described data are duplicated retransmission unit, be used between the network equipment and network side the intercepting subscriber equipment via the network equipment receive from the data message of network side or the data message that sends to network side, duplicate described data message and be transmitted to data analysis unit, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
Described data analysis unit, receive snoop command and the data that described LIG issues and duplicate the data message that retransmission unit is transmitted, set the snoop filtering rule according to the setting snoop filtering rule relevant information of carrying in the described snoop command, and resolve according to described filtering rule and to filter the data message that receives, give described LIG with the filtered data message reporting, wherein, described setting snoop filtering rule relevant information comprises the filtration keyword.
The another aspect of the embodiment of the invention provides the monitor method in a kind of IP network, comprises the steps:
Analysis TAP sets the snoop filtering rule according to the snoop command that the LIG that receives issues, and carries in the described snoop command and sets snoop filtering rule relevant information;
Between the network equipment and network side the intercepting subscriber equipment via the network equipment receive from the data message of network side or the data message that sends to network side, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
Resolve the described data message of filtration according to described filtering rule, the filtered data message is transmitted to Lawful interception gateway LIG, be transmitted to listening center MC, to realize monitoring by described LIG.
To sum up, adopt the embodiment of the invention, set filtering rule by newly-increased network element Analysis TAP according to snoop command, and according to the monitoring of described filtering rule realization to intercept target, make audiomonitor Analysis TAP be independent of existing Radius Sever, Router, PDSN finish the monitoring to intercept target, reduced transformation and influence, and possessed mobility, improved networking flexibility existing network element.
Description of drawings
Fig. 1 is the data communication legal interception system structure chart in the IP network under the prior art;
Fig. 2 is the data communication Lawful Interception flow chart in the IP network under the prior art;
Fig. 3 is the system construction drawing of system embodiment of the present invention;
Fig. 4 is the structure drawing of device of contrive equipment embodiment;
Fig. 5 is the signaling process figure of third embodiment of the invention;
Fig. 6 is the signaling process figure of fourth embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and the specific embodiments.
The embodiment of the invention at first provides the system that realizes monitoring in a kind of IP network, and as shown in Figure 3, this monitoring system comprises: the network equipment, Radius server, Analysis TAP, Lawful interception gateway LIG; Wherein,
The Radius server receives the authentication and the charging request message that are sent by the network equipment, and according to authentication request message the user is carried out authentication, according to charging request message the user is chargeed;
The network equipment, be connected with IP network, it is the grouping access node that is used to insert subscriber equipment, in embodiments of the present invention, the network equipment can be router, packet data serving node (PDSN, PacketData Serving Node) or access service network critical point (ASNGW, Access ServiceNetwork Gateway);
Analytic unit Analysis TAP, be used to intercept the data message that subscriber equipment receives or sends to network side via the network equipment from network side via the network equipment, set the snoop filtering rule according to the snoop command that LIG issues, and, give described LIG with the filtered data message reporting according to the described data message of described filtering rule parsing filtration;
LIG is used for issuing snoop command to Analysis TAP, and carry in the described snoop command and set snoop filtering rule relevant information, and the data message that reports of the reception Analysis TAP that will arrive and be transmitted to listening center MC, realize monitoring.Wherein, the snoop command that LIG issues to Analysis TAP can be to be handed down to LIG or pre-configured in LIG by MC in advance, also can be that (such as, intercept target IP address) issues according to RadiusTAP intercepting and the intercept target relevant information that reports.
Analytic unit Ahalysis TAP wherein as described in Figure 4, comprises that data duplicate retransmission unit, data analysis unit, particularly, and wherein,
Data are duplicated retransmission unit, be used to intercept subscriber equipment via the network equipment receive from the data message of network side or the data message that sends to network side, duplicate described data message and be transmitted to data analysis unit, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
Data analysis unit, receive snoop command and the data that described LIG issues and duplicate the data message that retransmission unit is transmitted, set the snoop filtering rule according to the setting snoop filtering rule relevant information of carrying in the described snoop command, and resolve according to described filtering rule and to filter the data message that receives, give described LIG with the filtered data message reporting, wherein, described setting snoop filtering rule relevant information comprises the filtration keyword.
Particularly, described data analysis unit comprises: filtering rule processing module, message receiver module, packet parsing module, message generation module, message sending module; Particularly,
Described filtering rule processing module is used to receive the snoop command that LIG issues, and sets the snoop filtering rule according to described setting snoop filtering rule relevant information;
Described message receiver module, the data message forwarding that is used for receiving is given the packet parsing module;
Described packet parsing module is used to inquire about the snoop filtering rule, and resolves the data message that filtration receives according to described filtering rule, and the filtered data message is transmitted to the message generation module;
Described message generation module is converted into Intercept related information IRI with the data message that receives or Content of Communication CC message sends to the message sending module;
The message sending module sends to LIG with IRI or the CC message that receives.
Embodiment one
In conjunction with above-mentioned execution mode, the first embodiment of the present invention provides the monitoring system in a kind of IP network, and in the present embodiment, the network equipment is a router, and with reference to figure 3 and Fig. 4, the concrete course of work of this monitoring system is as follows:
The Radius server receives the user's who is transmitted by router authentication and charging request message, and the user is carried out authentication, charging;
LIG issues snoop command to the filtering rule processing module of Analysis TAP, carries in snoop command and sets snoop filtering rule relevant information;
The filtering rule processing module, receive the snoop command that LIG issues, set the snoop filtering rule according to the setting snoop filtering rule relevant information that described snoop command is carried eventually, wherein comprise in the snoop command that LIG issues and filter keyword " blast ", set the snoop filtering rule according to described filtration keyword and be " report in all data messages and comprise the data message of ' blast ' and the recipient and/or the caller information of this data message " through Analysis TAP;
Data duplicate retransmission unit intercepting subscriber equipment via router receive from the data message of network side or the data message that sends to network side, duplicate described data message and be transmitted to the message receiver module;
The message receiver module is used for receiving data packets and gives IP layer parsing module with this data message forwarding;
IP layer parsing module, the TCP of receiving data packets and analytic message or UDP layer, the snoop filtering rule of query filter rule process module settings, because the snoop filtering rule is " report in all data messages through Analysis TAP and comprise the data message of ' blast ' and the recipient and/or the caller information of this data message ", promptly need to be resolved to the message application layer (such as, the OSI layer 7), because the agreement difference of message own, IP layer parsing module resolved after TCP or the UDP, upper-layer protocol form according to message, this message is sent to the corresponding business parsing module, wherein, the service resolution module can be the HTTP parsing module, the EMAIL parsing module, the FTP parsing module, the WAP parsing module, the Streaming Media parsing module, modules such as VoIP parsing module;
The service resolution module, the data message that reception IP layer parsing module sends is also resolved, and the filtering rule that obtains according to inquiry filters, and the filtered data message is sent to the message generation module; Processing procedure with the Email parsing module is an example, after message is sent to the Email parsing module, carry out packet parsing, filtering rule according to the inquiry acquisition, when in finding the message application layer, comprising " blast " speech, give LIG by the IRI information reporting with sender address and/or the recipient address of this message content and this Email;
The message generation module is converted into IRI with the data message that receives or the CC message sends to the message sending module;
The message sending module sends to LIG with IRI or the CC message that receives;
LIG is transmitted to listening center MC with IRI or the CC message that receives, and realizes monitoring.
In the embodiments of the invention, issue specific setting snoop filtering rule relevant information (filtration keyword), and set filtering rule according to setting snoop filtering rule relevant information, realize the not monitoring of special object by newly-increased network element Analysis TAP by MC; Because audiomonitor Analysis TAP is independent of existing Radius Sever, Router, PDSN finish the monitoring to intercept target, reduced transformation and influence simultaneously, possessed mobility, improved networking flexibility existing network element.
Embodiment two
In conjunction with above-mentioned execution mode, the second embodiment of the present invention provides the monitoring system in the another kind of IP network, different with embodiment one is that the monitoring system of present embodiment also comprises: message analysis unit R adius TAP, and the concrete course of work of this monitoring system is as follows:
The Radius server receives authentication and charging request message by the user of network equipment router forwarding, and the user is carried out authentication, charging;
Radius TAP, the Radius message of intercepting router and Radius server interaction is analyzed, determine intercept target and obtain the address information of intercept target, particularly, described Radius message comprises: the authentication response message that authentication request message that subscriber equipment sends to the Radius server and Radius server return to the user;
Radius TAP intercepts this authentication response message and it is converted into the IRI information reporting to LIG, and the intercept target address information that Radius TAP resolve to obtain reported LIG as setting the snoop filtering Rule Information, LIG carries described intercept target address information in the snoop command that issues;
The filtering rule processing module receives the snoop command that LIG issues, according to the intercept target address information setting filtering rule that wherein carries;
Data duplicate retransmission unit intercepting subscriber equipment via router receive from the data message of network side or the data message that sends to network side, duplicate described data message and be transmitted to the message receiver module;
The message receiver module is used for receiving data packets and gives IP layer parsing module with this data message forwarding;
IP layer parsing module, the TCP of receiving data packets and analytic message or UDP layer, the filtering rule of query filter rule process module settings, the data message that will meet filtering rule sends to generation module, and promptly all data messages that are source address or destination address with this IP address are the data message that meets filtering rule;
The message generation module is converted into IRI with the data message that receives or the CC message sends to the message sending module;
The message sending module sends to LIG with IRI or the CC message that receives;
LIG is transmitted to listening center MC with IRI or the CC message that receives, and realizes monitoring.
In the embodiments of the invention, obtain setting snoop filtering rule relevant information by Radius TAP, finish monitoring by the audiomonitor Analysis TAP that is independent of existing Radius Sever, Router, PDSN to specific intercept target, transformation and influence have been reduced to existing network element, possess mobility, improved networking flexibility.
Embodiment three
Simultaneously, the third embodiment of the present invention also provides in a kind of IP network the method monitored of realizing, idiographic flow as shown in Figure 5:
Step 3, analytic unit Radius TAP intercept this authentication request message, know that by analysis the user profile of carrying in this message and pre-configured intercept target user profile in Radius TAP are consistent, determine that then described subscriber equipment is an intercept target, and send authentication request IRI message Access Request IRI to Lawful interception gateway LIG;
Particularly, described user profile can be user name or other authentication informations;
Step 4, LIG transmit this IRI message to MC;
Step 5, Radius server authentication are passed through, and return authentication response message AccessAccept to router, and carry the IP address information of distributing to this intercept target in this response message;
Step 6, RadiusTAP intercepting are also resolved this authentication response message, will resolve acquisition intercept target address information and report LIG as setting snoop filtering rule relevant information; Particularly, in the present embodiment, Radius TAP is carried on Radius TAP conversion with the address information of this intercept target and sends among the Authentication Response IRI message Access Accept IRI of LIG;
Step 7, LIG give MC with the IRI forwards that receives;
Step 8, LIG resolve the Access Accept IRI message that receives, obtain the IP address of intercept target, the IP address of intercept target is carried on sends to Analysis TAP in the snoop command, start monitoring with notice Analysis TAP, in the present embodiment, snoop command is specially and sets intercept target message;
After the authentication response message that step 9, router reception Radius server return, initiate charging request message Accounting Start to the Radius server;
Step 10, Radius TAP intercept this charging request message, change into the request IRI forwards of chargeing and give LIG;
Step 11, LIG give MC with the IRI forwards that receives;
Step 12, according to charging policy, every regular hour or certain data traffic, router sends Intermediate Charging ICH message Interim Accounting to the Radius server;
Step 13, Radius TAP intercept this Intermediate Charging ICH message, convert it into Intermediate Charging ICH IRI forwards and give LIG;
Step 14, LIG give MC with the Intermediate Charging ICH IRI forwards that receives;
Step 15, Analysis TAP receive the setting intercept target message that LIG sends, according to the intercept target IP address in this message, set the snoop filtering rule for " reporting the data message that receives or send by this intercept target IP address ", this intercept target is monitored according to this filtering rule;
Step 16, Analysis TAP intercept and duplicate all source addresses and destination address is the data message of this intercept target IP address, and its Content of Communication (CC, Call Content) is sent to LIG;
Step 17, LIG send to MC with the Content of Communication CC that receives, and realize monitoring;
Step 18, router send and stop charging message Accounting Stop to the Radius server, and request stops chargeing;
Step 19, Radius TAP intercept this termination charging request message, this request message is changed into the IRI forwards give LIG;
Step 20, LIG receive described termination charging message, are transmitted to MC.
In the embodiments of the invention, obtain setting snoop filtering rule relevant information by Radius TAP, finish monitoring by the audiomonitor Analysis TAP that is independent of existing Radius Sever, Router, PDSN to specific intercept target, transformation and influence have been reduced to existing network element, possess mobility, improved networking flexibility.
Embodiment four
The fourth embodiment of the present invention provides the monitor method in the another kind of IP network, idiographic flow as shown in Figure 6:
Step 3, Radius server authentication are passed through, and then return authentication response message AccessAccept to router, and carry this user device IP address information of distributing in this response message;
After the authentication response message that step 4, router reception Radius server return, send charging request message Accounting Start to the Radius server;
After step 5, authentication were passed through, Analysis TAP monitored this subscriber equipment;
Step 6, Analysis TAP intercept the data message that subscriber equipment receives or sends via router, and resolve filtration according to the filtering rule of having set, and the relevant information that will meet filtering rule sends to LIG; Wherein, the detailed process of setting filtering rule can be:
Before authentication is passed through, LIG receives the snoop command that MC sends, requirement is monitored at the data message that contains specific word " blast ", and LIG is transmitted to Analysis TAP with described snoop command, carries in described snoop command and sets snoop filtering rule relevant information;
Particularly, the snoop command described in the present embodiment specifically can be to set snoop filtering rule message, and described setting snoop filtering rule relevant information can be a keyword such as " blast " filtration;
Analysis TAP sets the snoop filtering rule according to described filtration keyword and is " reporting user data message and reception that comprises specific word such as ' blasts ' or the user profile that sends this message (such as, IP address information) ";
The relevant information that meets filtering rule that step 7, LIG will receive is transmitted to MC, realizes monitoring; Wherein, described relevant information comprises: IRI message and Content of Communication CC;
Step 8, according to charging policy, every regular hour or certain data traffic, router sends Intermediate Charging ICH message Interim Accounting to the Radius server;
Step 9, router send and stop charging message Accounting Stop to the Radius server, and request stops chargeing.
In the embodiments of the invention, issue specific setting snoop filtering rule relevant information (filtration keyword), and set filtering rule according to setting snoop filtering rule relevant information, realize the not monitoring of special object by newly-increased network element Analysis TAP by MC; Because audiomonitor Analysis TAP is independent of existing Radius Sever, Router, PDSN finish the monitoring to intercept target, reduced transformation and influence simultaneously, possessed mobility, improved networking flexibility existing network element.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. the monitoring system in the IP network is characterized in that described monitoring system comprises:
Analytic unit Analysis TAP, be used between the network equipment and network side the data message that the intercepting subscriber equipment receives or sends to network side via the network equipment from network side via the network equipment, set the snoop filtering rule according to the snoop command that Lawful interception gateway LIG issues, and according to the described data message of described filtering rule parsing filtration, give described LIG with the filtered data message reporting, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
LIG is used for issuing snoop command to Analysis TAP, carries in the described snoop command and sets snoop filtering rule relevant information, and give listening center MC with the data message forwarding that Analysis TAP reports, and realizes monitoring.
2. system according to claim 1 is characterized in that, described system further comprises message analysis unit R adius TAP,
Described Radius TAP is used to intercept and resolve the Radius message of the described network equipment and Radius server interaction, and the address information that will resolve the intercept target that obtains reports LIG as setting snoop filtering rule relevant information.
3. system according to claim 1 and 2 is characterized in that, described setting snoop filtering rule relevant information comprises: filter keyword; Correspondingly,
Described analytic unit Analysis TAP intercepts the data message that subscriber equipment receives or sends to network side via the network equipment from network side via the network equipment between the network equipment and network side, set the snoop filtering rule according to described filtration keyword, and behind the TCP layer or UDP layer according to the described data message of described snoop filtering rule parsing, further resolve filtering data message application layer, give described LIG the filtered data message reporting.
4. system according to claim 3 is characterized in that, the described network equipment is: router, packet data serving node or access service network critical point.
5. the audiomonitor in the IP network, it is characterized in that described audiomonitor comprises: data are duplicated retransmission unit, data analysis unit; Wherein,
Described data are duplicated retransmission unit, be used between the network equipment and network side the intercepting subscriber equipment via the network equipment receive from the data message of network side or the data message that sends to network side, duplicate described data message and be transmitted to data analysis unit, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
Described data analysis unit, snoop command and data that reception Lawful interception gateway LIG issues are duplicated the data message that retransmission unit is transmitted, set the snoop filtering rule according to the setting snoop filtering rule relevant information of carrying in the described snoop command, and resolve according to described filtering rule and to filter the data message that receives, give described LIG with the filtered data message reporting, wherein, described setting snoop filtering rule relevant information comprises the filtration keyword.
6. equipment according to claim 5 is characterized in that, described data analysis unit specifically comprises: IP layer parsing module and service resolution module; Wherein,
Described IP layer parsing module, receive data and duplicate the data message that retransmission unit is transmitted, inquiry snoop filtering rule is resolved the TCP layer or the UDP layer of described message according to described filtering rule, and according to the upper-layer protocol form of message described message is sent the corresponding business parsing module;
Described service resolution module receives the data message of described IP layer parsing module transmission and carries out the application layer parsing, filters according to the snoop filtering rule that inquiry obtains, and the filtered data message is transmitted LIG.
7. the monitor method in the IP network is characterized in that described method comprises the steps:
Analytic unit Analysis TAP sets the snoop filtering rule according to the snoop command that the Lawful interception gateway LIG that receives issues, and carries in the described snoop command and sets snoop filtering rule relevant information;
Between the network equipment and network side the intercepting subscriber equipment via the network equipment receive from the data message of network side or the data message that sends to network side, wherein, the described network equipment is for inserting the grouping access node of subscriber equipment;
Resolve the described data message of filtration according to described filtering rule, the filtered data message is transmitted to Lawful interception gateway LIG, be transmitted to listening center MC, to realize monitoring by described LIG.
8. method according to claim 7 is characterized in that, described setting snoop filtering process of rule specifically comprises:
Before authentication was passed through, LIG received the snoop command that MC sends, and is transmitted to AnalysisTAP, carried in the described snoop command and set snoop filtering rule relevant information, and described setting snoop filtering rule relevant information comprises the filtration keyword;
Analysis TAP sets the snoop filtering rule according to described filtration keyword.
9. method according to claim 7 is characterized in that, described setting snoop filtering process of rule specifically comprises:
The Radius message of message analysis unit R adius TAP intercept network equipment and Radius server interaction is analyzed, determine intercept target and obtain the address information of intercept target, the address information of the described intercept target that obtains is reported LIG as setting snoop filtering rule relevant information;
LIG issues snoop command to Analysis TAP, carries the address information of described intercept target in described snoop command;
Analysis TAP is according to described intercept target address information setting snoop filtering rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710077415A CN101179449B (en) | 2007-11-27 | 2007-11-27 | Monitoring system, apparatus and method in IP network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710077415A CN101179449B (en) | 2007-11-27 | 2007-11-27 | Monitoring system, apparatus and method in IP network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101179449A CN101179449A (en) | 2008-05-14 |
| CN101179449B true CN101179449B (en) | 2010-05-26 |
Family
ID=39405548
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710077415A Expired - Fee Related CN101179449B (en) | 2007-11-27 | 2007-11-27 | Monitoring system, apparatus and method in IP network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101179449B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2157804B1 (en) * | 2007-06-08 | 2014-07-16 | Huawei Technologies Co., Ltd. | Method for licit monitoring and device thereof |
| US8416695B2 (en) | 2008-06-30 | 2013-04-09 | Huawei Technologies Co., Ltd. | Method, device and system for network interception |
| CN101621587B (en) * | 2008-06-30 | 2012-08-08 | 成都市华为赛门铁克科技有限公司 | Method, device and system for network monitoring |
| CN103079018B (en) * | 2011-10-25 | 2015-01-28 | 中兴通讯股份有限公司 | Relay package capture method and device for positioning interconnection business exception |
| CN102387157B (en) * | 2011-12-02 | 2014-12-24 | 杭州华三通信技术有限公司 | Data transmission method and equipment |
| CN102577316B (en) * | 2011-12-29 | 2014-06-25 | 华为技术有限公司 | Method, device and system of data interception |
| CN103139207B (en) * | 2013-01-31 | 2016-01-06 | 华为技术有限公司 | Coding/decoding method and device, message parsing method and device and analyzing device |
| CN106533879B (en) * | 2015-09-10 | 2020-04-28 | 中兴通讯股份有限公司 | Method and device for DCN irregular domain intercommunication in PTN equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564525A (en) * | 2004-03-30 | 2005-01-12 | 国电自动化研究院 | Recording method and devicer for multimedia network communication |
| CN1691601A (en) * | 2004-04-27 | 2005-11-02 | 华为技术有限公司 | A system and method realizing legal snooping |
| CN101035036A (en) * | 2007-04-19 | 2007-09-12 | 中兴通讯股份有限公司 | Legal monitoring system and method |
-
2007
- 2007-11-27 CN CN200710077415A patent/CN101179449B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564525A (en) * | 2004-03-30 | 2005-01-12 | 国电自动化研究院 | Recording method and devicer for multimedia network communication |
| CN1691601A (en) * | 2004-04-27 | 2005-11-02 | 华为技术有限公司 | A system and method realizing legal snooping |
| CN101035036A (en) * | 2007-04-19 | 2007-09-12 | 中兴通讯股份有限公司 | Legal monitoring system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101179449A (en) | 2008-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101179449B (en) | Monitoring system, apparatus and method in IP network | |
| US7969968B2 (en) | Lawful interception in wireline broadband networks | |
| US20190334804A1 (en) | Categorizing ip-based network traffic using dns data | |
| US6754834B2 (en) | Technique for generating correlation number for use in lawful interception of telecommunications traffic | |
| US20080276294A1 (en) | Legal intercept of communication traffic particularly useful in a mobile environment | |
| CN102106133B (en) | For with the Lawful intercept of the 2G/3G equipment of the grouping system interworking of evolution | |
| US20150085670A1 (en) | Lte probe | |
| EP1299974A1 (en) | Method and apparatus for intercepting packets in a packet-oriented network | |
| US8789141B2 (en) | Method and apparatus for providing security for an internet protocol service | |
| US7698384B2 (en) | Information collecting system for providing connection information to an application in an IP network | |
| CN111050355A (en) | Method, device and system for dynamically adjusting Qos of mobile terminal | |
| WO2003047205A1 (en) | A system for the unobtrusive interception of data transmissions | |
| WO2016169002A1 (en) | Service allocation method and device | |
| US20040120264A1 (en) | Method for carrying out monitoring in packet-oriented telecommunication and data networks | |
| US20070036311A1 (en) | Flow control in a communications network using a service cluster solution | |
| KR100981535B1 (en) | WiBro Access Control Router | |
| CN100583090C (en) | Interception of databases | |
| CN102204235B (en) | Monitoring method,monitoring system and safe diverter equipment | |
| US20060112429A1 (en) | Central exchange for an ip monitoring | |
| JP2009181226A (en) | Firewall device | |
| JP2009181359A (en) | Peer-to-peer communication control unit | |
| CN101170412A (en) | A method for certification without account input | |
| JP2009182516A (en) | Apparatus for preventing unauthorized entry | |
| CN103220378A (en) | Reporting method and equipment of unified certificated user IP (Internet Protocol) | |
| CN101180851A (en) | Data packets scrambling module and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100526 Termination date: 20101127 |