CN102123058A - Test equipment and method for testing network protocol decoder - Google Patents
Test equipment and method for testing network protocol decoder Download PDFInfo
- Publication number
- CN102123058A CN102123058A CN2011100215921A CN201110021592A CN102123058A CN 102123058 A CN102123058 A CN 102123058A CN 2011100215921 A CN2011100215921 A CN 2011100215921A CN 201110021592 A CN201110021592 A CN 201110021592A CN 102123058 A CN102123058 A CN 102123058A
- Authority
- CN
- China
- Prior art keywords
- test
- procotol
- decoder
- configuration file
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses test equipment for testing a network protocol decoder in network equipment, which comprises a protocol template memory, a configuration file memory, a test data generator and a test result generator, wherein one or more protocol templates are memorized in the protocol template memory; a configuration file is memorized in the configuration file memory; the configuration file defines the protocol template required to be used and a test parameter adopted in a test; the test data generator generates a test data packet based on the protocol template and the test parameter defined in the configuration file, and sends the generated test data packet to the network equipment in order that the network protocol decoder in the network equipment decodes the test data packet; and the test result generator generates a test result based on a decoded result from the network equipment and the configuration file. The invention also discloses a corresponding test method.
Description
Technical field
The present invention relates to the network equipment detection field, relate in particular to testing equipment and method that the procotol decoder in the network equipment is tested.
Background technology
Along with networks development, based on network application is also enriched constantly, therefore attack and the attack means at these network applications also constantly increases, in order to improve the accuracy that these attacks are checked, the network safety system such as network intrusion protection system (NIPS) need be decoded to determine whether there is abnormal data in application layer data to various application layer protocols.Network safety system generally can be used for procotol decoder to decoding with the data of these protocol code at different design of protocol, and the procotol decoder can be analysed in depth to find abnormal data wherein the corresponding protocol message.
Before the procotol decoder is come into operation, need test to guarantee that it can normally move it.Test at the procotol decoder is divided into two classes: a class is the test at network attack, and it mainly is that can the test network protocol decoder detect the attack data on the network; Second class is the test at procotol decoder self, purpose be test himself stability and under various extreme and abnormal conditions, whether can go wrong.
At present, had the technology that the procotol decoder is tested, its detailed process is as follows: at first, attack from whole network of real network attack extracting data, these network attack data are analyzed with generation be suitable for test data that the procotol decoder is tested, subsequently the test data that is generated is sent to Network Security Device and handle, and determine test result according to the result of Network Security Device.
The Pcap file is a kind of file format, has wherein write down the relevant information of network data flow.When testing, can utilize network tool such as tcpreplay etc. to read the Pcap file and generate needed network data flow and network data flow is sent to equipment to be tested such as Network Security Device.
Above-mentioned test at the procotol decoder has a plurality of weak points.At first, this test is too coarse.Because what will test is procotol decoder as a Network Security Device part, and above-mentioned measuring technology can only be carried out Black-box Testing at whole Network Security Device, and can not compare meticulous test at the single network protocol decoder; Secondly, the test data that this test is adopted derives from live network, so the test sample book data are limited, and the type that causes this test to be tested is also limited; The 3rd, can this test only correctly be handled network attack for the procotol decoder and test, but whether this procotol decoder self is had problems do not test, cause test not comprehensive, for example this test can not be carried out pressure test to the procotol decoder.
Therefore, need a kind of testing equipment and the method for testing that can test the procotol decoder all sidedly.
Summary of the invention
In view of the above problems, having proposed the present invention overcomes the problems referred to above or solves at least in part or slow down decoding device and the method that the procotol decoder in the network equipment of the problems referred to above is tested so that provide a kind of.
According to an aspect of the present invention, a kind of testing equipment that procotol decoder in the network equipment is tested is provided, this procotol decoder is to decoding with procotol coded data bag, and this testing equipment comprises the model agreement memory of wherein having stored model agreement; Profile memory has wherein been stored configuration file, and this configuration file has defined the test parameter that adopts in the model agreement that will use and the test; Test data generating, from the model agreement memory, read the described model agreement that will use based on configuration file, and generate test packet according to model agreement of being read and test parameter, and the test packet that is generated sent to the network equipment, so that decode by the procotol decoder in the network equipment; And the test result maker, obtain decoded result from the network equipment, and generate test result based on this decoded result and described configuration file.
Testing equipment according to the present invention has adopted the model agreement at agreement, and utilize configuration file to define generation test data parameters needed, therefore can be fast and generate various types of corresponding test packets efficiently, make its can cover test at attack traffic more comprehensively, at the robustness testing and the pressure test of procotol decoder self, thereby can carry out full test and high test accuracy is provided the procotol decoder.In addition, owing to adopted model agreement to define associated the Internet protocol, so the test subscriber only need call corresponding template and revise parameter when design test case, and this has reduced test subscriber's workload greatly.
Alternatively, procotol is the multitiered network agreement, and each model agreement of storing in the model agreement memory is in one deck of multitiered network agreement, define in the configuration file want the use agreement template comprise with the corresponding model agreement of procotol that will test and with the corresponding model agreement of bottom-layer network agreement of this procotol that will measure.
Alternatively, test parameter comprises the decoding desired value, and whether the test result maker comprises that according to decoded result the decoding desired value judges the success of whether decoding of procotol decoder.
Alternatively, test parameter comprises the network attack data, and whether the test result maker is indicated with the corresponding network attack of these network attack data according to decoded result and judged whether the procotol decoder can detect this network attack.
Alternatively, test parameter comprises lopsided data, and whether the test result maker indicates these deformity data to be judged by abnormality processing whether the procotol decoder can correctly handle lopsided data according to decoded result.
Alternatively, test parameter has defined the size and the transmission rate of the test data that will generate, CPU usage and memory usage when decoded result comprises procotol decoder processes test data.
According to another aspect of the present invention, a kind of method of testing that procotol decoder in the network equipment is tested is provided, this procotol decoder is to decoding with procotol coded data bag, and this method of testing comprises step: generate test packet according to the test parameter that adopts in the model agreement that will use that defines in the configuration file and the test; The test packet that is generated is sent to the network equipment, so that decode by the procotol decoder in the network equipment; And obtain decoded result, and generate test result based on this decoded result and described configuration file from the network equipment.
In testing equipment according to the present invention and method of testing, configuration file is all write with the XML form, revises the content of configuration file easily to make things convenient for the test subscriber.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used to illustrate the purpose of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 schematically shows the block diagram that is used for testing equipment that the procotol decoder is tested according to an embodiment of the invention;
Fig. 2 A-2D schematically shows model agreement according to an embodiment of the invention, has provided the relation between each model agreement among Fig. 2 E;
Fig. 3 schematically shows configuration file according to an embodiment of the invention; And
Fig. 4 schematically shows and is used for method of testing that the procotol decoder is tested according to an embodiment of the invention.
Embodiment
The invention will be further described below in conjunction with accompanying drawing and concrete execution mode.
Fig. 1 schematically shows the block diagram that is used for testing equipment 100 that the procotol decoder is tested according to an embodiment of the invention.As shown in Figure 1, testing equipment 100 comprises model agreement memory 110, profile memory 120, test data generating 130 and test result maker 140.
Stored variety of protocol template 112 in the model agreement memory 110, wherein each model agreement is corresponding with a kind of procotol.Procotol is generally multi-layer protocol, i.e. the realization of certain layer protocol depends on its surface layer, i.e. realization of underlying protocol down.Have the various talk various network protocols that realize in the multilayer mode at present, ICP/IP protocol for example at present commonly used on the internet, at the token-ring network agreement of using on the token-ring network, ATM related protocol of on ATM etc., using or the like.The present invention is illustrated in the example execution mode below, but should be understood that the present invention is not subject to this, and the present invention goes for any procotol that realizes in the multi-layer protocol mode fully.
Fig. 2 A-2D provided with the ICP/IP protocol stack in the corresponding model agreement of each layer protocol, wherein Fig. 2 A provided with the ICP/IP protocol stack in the corresponding model agreement of link layer protocol, Fig. 2 B has provided and the corresponding model agreement of IP agreement, Fig. 2 C has provided and the corresponding model agreement of Transmission Control Protocol, and Fig. 2 D provide with application layer protocol in the corresponding model agreement of SMB agreement.Should be noted in the discussion above that these model agreements write in the mode of false code, with the behavior comment line of symbol " # " beginning, and is the default value of corresponding entry in the value that symbol " || " provides afterwards.Write model agreement in the false code mode and be convenient to the tester and create new model agreement, but the present invention is not subject to this, for example these model agreements also can be write with the XML form, and all these write mode all within protection scope of the present invention.
The model agreement that provides according to Fig. 2 A-2D as can be known, each model agreement all defines each field in the respective protocol, and some fields have been provided default value.By with successively the calling of the corresponding protocol module of each layer protocol, can construct a complete packet, wherein because each field value in the agreement needs definition, therefore need with the corresponding parameter that is provided with of these fields.Be suitable for carrying out testing data packet by providing parameters needed (being parameter e) to generate for these model agreements.
Provided the relation between each model agreement among Fig. 2 E, model agreement comprises that network interface layer model agreement, transport layer protocol template and application layer protocol template come corresponding with network interface layer protocol, transport layer protocol and application layer protocol respectively.In the application layer protocol template, have and the corresponding model agreement of this agreement to be tested set, in this is gathered, comprised needing the order tested in the specific protocol, for example: test if desired to using the decoding of layer protocol X, and the order that needs among the agreement X to test is order A, order B and order C, then at order A, B, C exploitation corresponding protocol template, among its structure and the agreement X at A, B, the imperative structures of C definition are the same.At this moment, the relation between the model agreement is shown in Fig. 2 E, in order to generate the test data at order A, just network interface layer model agreement, the transport layer protocol template that need be associated with the underlying protocol of application layer protocol.
Stored the configuration file 122 that is suitable for generating test case in the profile memory 120, test case means usually finishes once the required reciprocal process of complete test process.Generally speaking, a configuration file defines one or more test case, and test case can comprise repeatedly mutual with the tested network equipment, and the repeatedly test data that therefore can relate in a BlueDrama sends and receives, and also may relate to a plurality of BlueDramas.Usually define certain in the configuration file 122 and tested test template that will use and the test parameter that in test, is adopted.Because the procotol of testing is generally multi-layer protocol, configuration file except definition with as the corresponding model agreement of the procotol of test target, also need to define the corresponding model agreement of bottom-layer network agreement with this procotol that will measure.In addition, as mentioned above, when utilizing model agreement to generate packet, also need some parameters, the source and destination IP address that needs of IP agreement for example, needed destination interface of Transmission Control Protocol or the like.In view of the above, configuration file also needs to define the needed various parameters of these generation packets.
Fig. 3 has provided an example of configuration file 122, and as shown in Figure 3, this configuration file 12 is at first with<test case ...〉</test case〉defined the test case that a name is called " smb_tree_connect_andx ".Subsequently, in this test case, with<modules〉...</modules〉model agreement that will use of definition.Then, with<trans ... ... the trans of.</〉 definition and the reciprocal process of the tested network equipment and in the parameter of reciprocal process needs etc., for example, in this example, reciprocal process comprises that the TCP that is established to destination interface 139 links, the initiation order is for the SMB session of Tree_Connect_Andx and close this TCP link.
Provided an example of configuration file 122 though should be noted in the discussion above that Fig. 3 with the XML form, configuration file 122 can also be otherwise, and false code mode for example mentioned above is write.All these write mode all within protection scope of the present invention.
Test data generating 130 reads the configuration file 122 of storage in the profile memory 120.According to the model agreement that will use that defines in the configuration file, from model agreement memory 110, read the corresponding protocol template, utilize the defined reciprocal process of content, configuration file and the relevant parameter of the model agreement of being read subsequently, generate corresponding test data, thereby the test data that is generated is sent to the network equipment 200 to test.Because procotol to be tested is known, and defined each field in the related protocol in the relevant model agreement, utilize configuration file defined, with this agreement in field corresponding parameter or default parameter value, can generate corresponding test data.Utilizing the content that defines in the configuration file to generate test data with corresponding procotol template can be undertaken by any mode known in the art.For example, the test data that generates can be the data flow of Pcap form and leave in the Pcap file, and reads this Pcap file by the network tool such as tcpreplay etc. and obtain the test data stream that generated and this test data stream is sent to the network equipment 200 to test.
The network equipment 200 acceptance test data, and decode by 210 pairs of these test datas of procotol decoder wherein.As mentioned above, because procotol is generally layered protocol, and procotol decoder 210 is decoded at specific protocol usually, therefore, comprises in the network equipment 200 with the corresponding procotol decoder of each layer network agreement coming layer by layer received test data to be decoded.Though what test is wherein certain procotol decoder, will inevitably relate to some other procotol decoders at the decode procedure of test data, for example be used for the procotol decoder that the bottom-layer network agreement is decoded.Usually can at first to these bottom-layer network protocol decoder test, and suppose these procotol decoders do not have problems in order to get rid of the interference of other procotol decoder this moment.
Therefore for example, as mentioned above, the test parameter that defines in the configuration file is the model agreement parameters needed that will use in the configuration file, by defining these parameters according to test environment, thereby generates the test data that is suitable for this test environment.
Alternatively, can testing equipment 100 can be used for the test network protocol decoder and be correctly decoded, at this moment, can in test parameter, set the decoding desired value, comprise the decoding desired value behind the coding in the test data that generates by test data generating 130, and the decoded result that test result maker 140 is obtained comprises the back data that obtain of decoding of the decoding desired value behind this coding, so test result maker 140 can be by checking whether this decoded result is included in decoding desired value in the test parameter and judges the success of whether decoding of this procotol decoder.
Alternatively, can testing equipment 100 can be used for the test network protocol decoder and detect network attack.For this reason, can attack data by define grid in the test parameter of configuration file, test data generating 130 can have the test data of network attack characteristic with generation with the network attack digital coding in test data when generating test data.If the network equipment 200, especially wherein procotol decoder 210 can detect this network attack, then should indicate and (for example detect this network attack from the decoded result of the network equipment 200, generate Warning Event), thus test result maker 140 can according to decoded result whether indicate with configuration file in the corresponding network attack of defined network attack data judge whether procotol decoder 210 can detect described network attack.
Should be noted that, owing to procotol is the reason of layered protocol, when carrying out network attack at certain layer network agreement, generally speaking the network attack data are encoded at this layer, and also should be by handling at the decoder of this layer network agreement, whether such scheme just is based on this and makes, and can detect at the network attack of associated network agreement this procotol decoder 210 and test.
Alternatively, can testing equipment 100 can be used for the test network protocol decoder and correctly handle lopsided data such as overlength or deficiency of data.For this reason, can define lopsided data in the test parameter of configuration file, test data generating 130 can have lopsided digital coding in the test data test data of lopsided data with generation when generating test data.If the network equipment 200, especially wherein procotol decoder 210 can correctly be handled lopsided data when test data is decoded, then the decoded result from the network equipment 200 should indicate the lopsided data of discovery and lopsided data (are for example carried out special disposal, call the parts of special disposal deformity data and handle and produce Warning Event), so whether test result maker 140 can indicate according to decoded result and the lopsided data that define in the configuration file have been carried out abnormality processing judge whether procotol decoder 210 can correctly handle described lopsided data.
As mentioned above, because layered protocol, lopsided data described here are meant the lopsided data of encoding with the procotol of decoding with procotol decoder 210.
In addition, testing equipment 100 can be used for the decoding performance of test network protocol decoder 210, for this reason, can in the test parameter of configuration file, define the size and the transmission rate that generate test data, like this, test data generating 130 can generate the test data with pre-sizing, and occur to the network equipment 200 with set rate when generating test data.If comprise the various operating characteristics when procotol decoder 210 is handled these test datas in the decoded result from the network equipment, for example CPU usage and memory usage etc., then test result maker 140 can generate the test report of the decoding performance of relevant this procotol decoder 210 in view of the above.
Can carry out exemplary illustrated to the various aspects that the network equipment 200 is tested above at testing equipment 100, as can be seen, testing equipment 100 can be all sidedly to the network equipment 200, and especially the procotol decoder 210 in the network equipment 200 is tested.
Should be pointed out that the top given network equipment 200 can be any equipment that need decode to the network data that is received, and be not limited to the Network Security Device such as network intrusion protection system.
Fig. 4 schematically shows and is used for method of testing that the procotol decoder is tested according to an embodiment of the invention, and this method of testing can be carried out in aforesaid testing equipment 100.As shown in Figure 4, this method starts from step S410, wherein generates test packet according to the test parameter that adopts in the model agreement that will use that defines in the configuration file and the test.As above described with reference to figure 3, one or more test case be can define in the configuration file, and the model agreement that in certain test case, will use and the parameter of using by these model agreements defined.Toply provided the concrete example of model agreement with reference to figure 2A-2D, model agreement is corresponding with procotol, has defined the concrete structure of corresponding network agreement in the model agreement.By with successively the calling of the corresponding protocol module of each layer protocol, can construct a complete packet.Model agreement need be provided with each field value in the respective protocol from the parameter of configuration file, so that construct the test packet that is suitable for each test environment.As above described with reference to testing equipment 100, model agreement and configuration file can be stored in respectively in the model agreement memory 110 and profile memory 120 of testing equipment in advance.
As mentioned above, defined one or more test case in the configuration file, and test case can comprise repeatedly mutual with the tested network equipment, and the repeatedly test data that therefore can relate in a BlueDrama sends and receives, and also may relate to a plurality of BlueDramas.Because the procotol of testing is generally multi-layer protocol, configuration file except definition with as the corresponding model agreement of the procotol of test target, also need to define the corresponding model agreement of bottom-layer network agreement with this procotol that will measure.Because procotol to be tested is known, and defined each field in the related protocol in the relevant model agreement, utilize configuration file defined, with this agreement in field corresponding parameter or default parameter value, just can generate corresponding test data.Utilizing the content that defines in the configuration file to generate test data with corresponding procotol template can be undertaken by any mode known in the art.For example, the test data of generation can be the data flow of Pcap form and leave in the Pcap file.This step S410 can be carried out by the test data generating in the testing equipment 130.
In step S420, the test packet that is generated is sent to the network equipment subsequently, so that decode by the procotol decoder in the network equipment.This for example can utilize the network tool such as tcpreplay etc. to read the Pcap file that for example generates in step S410, and the test data stream that is generated to obtain also sends to the network equipment to test with this test data stream.Step S420 also can be carried out by the test data generating in the testing equipment 130.
Network equipment acceptance test data, and by procotol decoder wherein this test data is decoded.As mentioned above, comprise in the network equipment with the corresponding procotol decoder of each layer network agreement coming layer by layer received test data to be decoded.Though what test is wherein certain procotol decoder, will inevitably relate to some other procotol decoders at the decode procedure of test data, for example be used for the procotol decoder that the bottom-layer network agreement is decoded.Usually can at first to these bottom-layer network protocol decoder test, and suppose these procotol decoders do not have problems in order to get rid of the interference of other procotol decoder this moment.
Subsequently, in step S430, obtain decoded result, and generate test result based on this decoded result and described configuration file from the network equipment.This step can be carried out by the test result maker in the testing equipment 140.
Method of testing according to the present invention has utilized model agreement and configuration file to customize the test packet that will generate, and by the various test parameters of definition in configuration file, can comprehensively test the network equipment.
Therefore for example, as mentioned above, the test parameter that defines in the configuration file is the model agreement parameters needed that will use in the configuration file, by defining these parameters according to test environment, thereby generates the test data that is suitable for this test environment.
Alternatively, can this method of testing can be used for the test network protocol decoder and be correctly decoded, at this moment, can in test parameter, set the decoding desired value, decoding desired value after comprising coding in the test data that in step S410, generates, and the decoded result that obtains in step S430 comprises the back data that obtain of decoding of the decoding desired value behind this coding, so generates test result and can comprise by checking whether this decoded result is included in decoding desired value in the test parameter and produces about this procotol decoder successful test result of whether decoding.
Alternatively, can this method of testing can be used for the test network protocol decoder and detect network attack.For this reason, can in the test parameter of configuration file, attack data by define grid, when in step S410, generating test data, the network attack digital coding can be had the test data of network attack characteristic with generation in test data.If the network equipment, especially wherein procotol decoder can detect this network attack, then should indicate and (for example detect this network attack from the decoded result of the network equipment, generate Warning Event), therefore in step S430, generate test result comprise according to decoded result whether indicated with configuration file in the corresponding network attack of defined network attack data generate the test result whether the procotol decoder can detect network attack.
Should be noted that, owing to procotol is the reason of layered protocol, when carrying out network attack at certain layer network agreement, generally speaking the network attack data are encoded at this layer, and also should be by handling at the decoder of this layer network agreement, whether such scheme just is based on this and makes, and can detect at the network attack of associated network agreement this procotol decoder and test.
Alternatively, can this method of testing can be used for the test network protocol decoder and correctly handle lopsided data such as overlength or deficiency of data.For this reason, can in the test parameter of configuration file, define lopsided data, when in step S410, generating test data, lopsided digital coding can be had the test data of lopsided data in the test data with generation.If the network equipment, especially wherein procotol decoder can correctly be handled lopsided data when test data is decoded, then the decoded result from the network equipment should indicate the lopsided data of discovery and lopsided data (are for example carried out special disposal, call the parts of special disposal deformity data and handle and produce Warning Event), the lopsided data that define in therefore can whether indicating configuration file according to decoded result in step S430 have been carried out abnormality processing and have been generated the test result whether the related network protocol decoder can correctly handle described lopsided data.
As mentioned above, because layered protocol, lopsided data described here are meant the lopsided data of encoding with the procotol of decoding with the procotol decoder.
In addition, this method of testing can be used for the decoding performance of test network protocol decoder 210, for this reason, can in the test parameter of configuration file, define the size and the transmission rate that generate test data, like this, when step S410 generates test data, can generate test data, and occur to the network equipment with set rate with pre-sizing.If the various operating characteristics when comprising these test datas of procotol decoder processes in the decoded result from the network equipment, for example CPU usage and memory usage etc., then in step S430, can generate the test report of the decoding performance of relevant this procotol decoder in view of the above.
The present invention utilizes model agreement and configuration file to generate needed test packet of test and data flow quickly and accurately, can construct the lopsided protocol data bag that is difficult to appearance in the reality, can be used for robustness testing, also can cover attack test and pressure test simultaneously certainly.
Should be noted that, in each parts of testing equipment 100 of the present invention, according to its function that will realize and wherein parts have been carried out logical partitioning, but, the present invention is not subject to this, can repartition or make up each parts as required, for example, can be single parts with some unit constructions, perhaps some parts further can be decomposed into more subassembly.
Each parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving on one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use microprocessor or digital signal processor (DSP) to realize in practice according to some or all some or repertoire of parts in the testing equipment of the embodiment of the invention.The present invention can also be embodied as part or all equipment or the device program (for example, computer program and computer program) that is used to carry out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides on carrier signal, perhaps provides with any other form.
It should be noted the foregoing description the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment under the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to restriction to claim.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.Any order is not represented in the use of word first, second and C grade.Can be title with these word explanations.
Claims (16)
1. testing equipment that the procotol decoder in the network equipment is tested, this procotol decoder is to decoding with procotol coded data bag, and this testing equipment comprises:
The model agreement memory has wherein been stored one or more model agreement;
Profile memory has wherein been stored configuration file, and this configuration file has defined the test parameter that adopts in the model agreement that will use and the test;
Test data generating, from described model agreement memory, read the described model agreement that will use based on described configuration file, and generate test packet according to model agreement of being read and described test parameter, and the test packet that is generated sent to the described network equipment so that by the procotol decoder in the described network equipment to decode; And
The test result maker obtains decoded result from the described network equipment, and generates test result based on this decoded result and described configuration file.
2. protocol decoder testing equipment as claimed in claim 1, wherein said procotol is the multitiered network agreement, and each model agreement of storing in the described model agreement memory is in one deck of described multitiered network agreement, define in the described configuration file want the use agreement template comprise with the corresponding model agreement of procotol that will test and with the corresponding model agreement of bottom-layer network agreement of this procotol that will measure.
3. as claim 1 or 2 described protocol decoder testing equipments, wherein said test parameter comprises each the described model agreement parameters needed that will use.
4. as claim 1 or 2 described protocol decoder testing equipments, wherein said test parameter comprises the decoding desired value, and whether described test result maker comprises that according to described decoded result described decoding desired value judges the success of whether decoding of described procotol decoder.
5. as claim 1 or 2 described protocol decoder testing equipments, wherein said test parameter comprises the network attack data, and whether described test result maker is indicated with the corresponding network attack of described network attack data according to described decoded result and judged whether described procotol decoder can detect described network attack.
6. as claim 1 or 2 described protocol decoder testing equipments, wherein said test parameter comprises lopsided data, and whether described test result maker indicates described lopsided data to be judged by abnormality processing whether described procotol decoder can correctly handle described lopsided data according to described decoded result.
7. as claim 1 or 2 described protocol decoder testing equipments, wherein said test parameter has defined the size and the transmission rate of the test data that will generate, CPU usage and memory usage when described decoded result comprises the described test data of described procotol decoder processes.
8. as claim 1 or 2 described protocol decoder testing equipments, wherein said configuration file is write with the XML form.
9. method of testing that the procotol decoder in the network equipment is tested, this procotol decoder is to decoding with procotol coded data bag, and this method of testing comprises step:
Generate test packet according to the test parameter that adopts in the model agreement that will use that defines in the configuration file and the test;
The test packet that is generated is sent to the described network equipment, so that decode by the procotol decoder in the described network equipment; And
Obtain decoded result, and generate test result based on this decoded result and described configuration file from the described network equipment.
10. method of testing as claimed in claim 9, wherein said procotol is the multitiered network agreement, and each model agreement is in one deck of described multitiered network agreement, the model agreement that will use that defines in the described configuration file comprise with the corresponding model agreement of procotol that will test and with the corresponding model agreement of bottom-layer network agreement of this procotol that will measure.
11. as claim 9 or 10 described method of testings, wherein said test parameter comprises each the described model agreement parameters needed that will use.
12. as claim 9 or 10 described method of testings, wherein said test parameter comprises the decoding desired value, and the described step that generates test result based on this decoded result and described configuration file comprises:
Whether comprise that according to described decoded result described decoding desired value generates the relevant described procotol decoder successful test result of whether decoding.
13. as claim 9 or 10 described method of testings, wherein said test parameter comprises the network attack data, and the described step that generates test result based on this decoded result and described configuration file comprises:
Whether indicate with the corresponding network attack of described network attack data according to described decoded result and to generate the test result whether relevant described procotol decoder can detect described network attack.
14. as claim 9 or 10 described method of testings, wherein said test parameter comprises lopsided data, and the described step that generates test result based on this decoded result and described configuration file comprises:
Whether indicate described lopsided data to be generated the test result whether relevant described procotol decoder can correctly handle described lopsided data according to described decoded result by abnormality processing.
15. as claim 9 or 10 described method of testings, wherein said test parameter has defined the size and the transmission rate of the test data that will generate, and the described step that generates test result based on this decoded result and described configuration file comprises:
CPU usage during according to the described test data of procotol decoder processes that comprise in the described decoded result, described and memory usage generate the test result of the performance of relevant described procotol decoder.
16. as claim 9 or 10 described method of testings, wherein said configuration file is write with the XML form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100215921A CN102123058A (en) | 2011-01-19 | 2011-01-19 | Test equipment and method for testing network protocol decoder |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100215921A CN102123058A (en) | 2011-01-19 | 2011-01-19 | Test equipment and method for testing network protocol decoder |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102123058A true CN102123058A (en) | 2011-07-13 |
Family
ID=44251519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100215921A Pending CN102123058A (en) | 2011-01-19 | 2011-01-19 | Test equipment and method for testing network protocol decoder |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102123058A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105228138A (en) * | 2015-08-28 | 2016-01-06 | 广东电网有限责任公司信息中心 | A kind of safety detecting method of Wireless Communication Equipment and system |
| CN106330593A (en) * | 2015-07-01 | 2017-01-11 | 中兴通讯股份有限公司 | Protocol detection method and device |
| CN106357475A (en) * | 2016-08-31 | 2017-01-25 | 成都科来软件有限公司 | Data packet construction system and working method thereof |
| CN104133772B (en) * | 2014-08-13 | 2017-04-12 | 广东电网公司信息中心 | Automatic test data generation method |
| CN107229650A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Method of testing and device |
| CN107566395A (en) * | 2017-09-28 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of building method of interactive data bag |
| CN110198254A (en) * | 2019-05-31 | 2019-09-03 | 卡斯柯信号有限公司 | A kind of communication protocol inline diagnosis method and diagnostic system |
| CN110224898A (en) * | 2019-06-26 | 2019-09-10 | 南方电网科学研究院有限责任公司 | Specification encryption test method, device, equipment and the storage medium of distribution terminal |
| CN110708307A (en) * | 2019-09-29 | 2020-01-17 | 北京明略软件系统有限公司 | Transcoder generation method and apparatus, electronic device, and storage medium |
| CN112788013A (en) * | 2020-12-30 | 2021-05-11 | 成都科来网络技术有限公司 | WEB side online multi-layer protocol data packet decoding method and device |
| CN114666417A (en) * | 2020-12-04 | 2022-06-24 | 北京嗨动视觉科技有限公司 | Device protocol processing method and device, storage medium and processor |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1750485A (en) * | 2005-07-14 | 2006-03-22 | 牛伟 | Network simulation detection system and method |
| CN101114954A (en) * | 2007-09-06 | 2008-01-30 | 中兴通讯股份有限公司 | Protocol testing device |
| CN101141320A (en) * | 2007-08-07 | 2008-03-12 | 中兴通讯股份有限公司 | Method and device for generating network flux |
-
2011
- 2011-01-19 CN CN2011100215921A patent/CN102123058A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1750485A (en) * | 2005-07-14 | 2006-03-22 | 牛伟 | Network simulation detection system and method |
| CN101141320A (en) * | 2007-08-07 | 2008-03-12 | 中兴通讯股份有限公司 | Method and device for generating network flux |
| CN101114954A (en) * | 2007-09-06 | 2008-01-30 | 中兴通讯股份有限公司 | Protocol testing device |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104133772B (en) * | 2014-08-13 | 2017-04-12 | 广东电网公司信息中心 | Automatic test data generation method |
| CN106330593A (en) * | 2015-07-01 | 2017-01-11 | 中兴通讯股份有限公司 | Protocol detection method and device |
| CN105228138A (en) * | 2015-08-28 | 2016-01-06 | 广东电网有限责任公司信息中心 | A kind of safety detecting method of Wireless Communication Equipment and system |
| CN107229650B (en) * | 2016-03-25 | 2020-12-15 | 创新先进技术有限公司 | Test method and device |
| CN107229650A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Method of testing and device |
| CN106357475A (en) * | 2016-08-31 | 2017-01-25 | 成都科来软件有限公司 | Data packet construction system and working method thereof |
| CN107566395A (en) * | 2017-09-28 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of building method of interactive data bag |
| CN110198254A (en) * | 2019-05-31 | 2019-09-03 | 卡斯柯信号有限公司 | A kind of communication protocol inline diagnosis method and diagnostic system |
| CN110224898A (en) * | 2019-06-26 | 2019-09-10 | 南方电网科学研究院有限责任公司 | Specification encryption test method, device, equipment and the storage medium of distribution terminal |
| CN110708307A (en) * | 2019-09-29 | 2020-01-17 | 北京明略软件系统有限公司 | Transcoder generation method and apparatus, electronic device, and storage medium |
| CN110708307B (en) * | 2019-09-29 | 2021-12-07 | 北京明略软件系统有限公司 | Transcoder generation method and apparatus, electronic device, and storage medium |
| CN114666417A (en) * | 2020-12-04 | 2022-06-24 | 北京嗨动视觉科技有限公司 | Device protocol processing method and device, storage medium and processor |
| CN112788013A (en) * | 2020-12-30 | 2021-05-11 | 成都科来网络技术有限公司 | WEB side online multi-layer protocol data packet decoding method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102123058A (en) | Test equipment and method for testing network protocol decoder | |
| CN101447991B (en) | Test device used for testing intrusion detection system and test method thereof | |
| CN107294808B (en) | Interface test method, device and system | |
| US8006136B2 (en) | Automatic grammar based fault detection and isolation | |
| CN110401581B (en) | Industrial control protocol fuzzy test case generation method based on flow tracing | |
| EP2244418A1 (en) | Database security monitoring method, device and system | |
| CN107026821A (en) | The processing method and processing device of message | |
| CN109063486B (en) | Safety penetration testing method and system based on PLC equipment fingerprint identification | |
| CN104348578B (en) | The method and device of data processing | |
| CN113778879B (en) | Interface fuzzy test method and device | |
| CN107168844B (en) | Performance monitoring method and device | |
| CN112887304A (en) | WEB application intrusion detection method and system based on character-level neural network | |
| CN111884876A (en) | Method, device, equipment and medium for detecting protocol type of network protocol | |
| CN114338104B (en) | Security gateway analysis function verification method, device, equipment and storage medium | |
| TWI626538B (en) | Infrastructure rule generation | |
| CN111625448B (en) | Protocol packet generation method, device, equipment and storage medium | |
| KR20120071175A (en) | Mobile phone loading web-platform, method for offering log information using the same mobile phone, verification system and method for web-platform | |
| CN113760753B (en) | QUIC protocol testing method based on gray box blurring technology | |
| CN108366040B (en) | Programmable firewall logic code detection method and device and electronic equipment | |
| CN111385253A (en) | Vulnerability detection system for network security of power distribution automation system | |
| CN117076333B (en) | Vulnerability verification method based on script breakpoint and browser automation | |
| CN112799956B (en) | Asset identification capability test method, device and system device | |
| CN114499923B (en) | ICMP simulation message generation method and device | |
| CN114221808B (en) | Security policy deployment method and device, computer equipment and readable storage medium | |
| CN116708001B (en) | Industrial control system private protocol vulnerability detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110713 |