CN103618637A - Network flow value acquisition method and device - Google Patents
Network flow value acquisition method and device Download PDFInfo
- Publication number
- CN103618637A CN103618637A CN201310693287.6A CN201310693287A CN103618637A CN 103618637 A CN103618637 A CN 103618637A CN 201310693287 A CN201310693287 A CN 201310693287A CN 103618637 A CN103618637 A CN 103618637A
- Authority
- CN
- China
- Prior art keywords
- agreement
- data amount
- current
- network
- current data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network flow value acquisition method and device applied to network intermediate equipment. The method comprises the following steps: acquiring a current data packet received by the network intermediate equipment; acquiring the current data volume which corresponds to a protocol according to the protocol encapsulated in the current data packet; and acquiring a total current network flow data value which corresponds to the protocol according to the current data volume which corresponds to the protocol, wherein the total current network flow data value is the sum of the current data volume and an initial data volume which corresponds to all data packets prior to the current data packet. Compared with the prior art, the network intermediate equipment is connected with multiple pieces of computer equipment to form a network; according to the method in the invention, the network data packet flow data of the multiple pieces of computer equipment is acquired, and the network flow monitoring applicability is improved.
Description
Technical field
The application relates to network security technology field, especially a kind of network traffics value-acquiring method and device.
Background technology
Along with the development of network technology, network service has become the major way that people carry out information interchange, and communication security causes that people more and more pay close attention to gradually.If network service is in the hole, can cause the computer equipment in this network to be subject to network attack, therefore, need to carry out information monitoring to network safe state, thereby when there is dangerous situation in network service, the line correlation of going forward side by side of pinpointing the problems is in time processed, and guarantees the safety of described network Computer equipment.Wherein, one of described information monitoring content is the monitoring to network traffics.
Inventor finds by research, and at present, the api interface that Network Traffic Monitoring mode mainly provides by computer equipment operating system, monitors by calling described Interface realization data packet flow.But this kind of mode depends on the operating system of using in monitored computer equipment, can only itself monitor monitored computer equipment, can not realize the monitoring to many computer equipments, therefore, the application of existing monitoring mode is low.
Summary of the invention
In view of this, the application provides a kind of network traffics value-acquiring method and device, in order to solve monitoring target in existing Network Traffic Monitoring mode, has limitation problem.The technical scheme that the application provides is as follows:
A network traffics value-acquiring method, is applied to network intermediate equipment, and the method comprises:
Obtain the current data packet that described network intermediate equipment receives;
According to the agreement encapsulating in described current data packet, obtain the current data amount corresponding with described agreement;
According to current data amount corresponding to described agreement, obtain the current network flow data total value corresponding with described agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.。
Said method, preferred, described primary data amount is kept in the gauge outfit of the chained list corresponding with described agreement setting in advance; Wherein, the current data amount that the described agreement of described foundation is corresponding, obtains the current network flow data total value corresponding with described agreement, comprising:
Determine the gauge outfit of the chained list corresponding with described agreement;
In described gauge outfit, obtain described primary data amount; Wherein, each data volume sum corresponding with this agreement in all packets before current data packet described in described primary data amount;
Obtain described current data amount and described primary data amount and value;
According to described and value, upgrade the primary data amount in described gauge outfit.
Said method, preferred, the agreement encapsulating in the described current data packet of described foundation, after obtaining the current data amount corresponding with described agreement, also comprises:
With the form of class object, preserve described agreement and current data amount corresponding to this agreement;
Described class object is put into the table tail of described chained list.
Said method, preferred, in current data amount corresponding to the described agreement of described foundation, after obtaining the current network flow data total value corresponding with described agreement, also comprise:
The current network flow data total value that described agreement is corresponding shows.
The application also provides a kind of network flow value acquisition device, is applied to network intermediate equipment, and this device comprises:
Packet acquiring unit, the current data packet receiving for obtaining described network intermediate equipment;
Data volume acquiring unit, for the agreement encapsulating according to described current data packet, obtains the current data amount corresponding with described agreement;
Data total value acquiring unit, for according to current data amount corresponding to described agreement, obtains the current network flow data total value corresponding with described agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
Said apparatus, preferred, described primary data amount is kept in the gauge outfit of the chained list corresponding with described agreement setting in advance; Wherein, described data total value acquiring unit comprises:
Gauge outfit is determined subelement, for determining the gauge outfit of the chained list corresponding with described agreement;
The first data total value is obtained subelement, for obtaining described primary data amount in described gauge outfit; Wherein, each data volume sum corresponding with this agreement in all packets before current data packet described in described primary data amount;
The second data total value is obtained subelement, for obtain described current data amount and described primary data amount and value;
Upgrade subelement, for according to described and value, upgrade the primary data amount in described gauge outfit.
Said apparatus, preferred, also comprise:
Class object storage unit, for preserving current data amount corresponding to described agreement and this agreement with the form of class object;
Add linked list units, described class object is put into the table tail of described chained list.
Said apparatus, preferred, also comprise:
Display unit, for showing current network flow data total value corresponding to described agreement.
From above technical scheme, the application provides a kind of network traffics value-acquiring method and device, is applied to network intermediate equipment, and described method comprises: obtain the current data packet that this network intermediate equipment receives; According to the agreement encapsulating in this current data packet, obtain the current data amount corresponding with this agreement; According to current data amount corresponding to this agreement, obtain the current network flow data total value corresponding with this agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.Compared with prior art, the described current network flow data total value that the application gets comprises current data packet primary data amount corresponding to all packets before, all packets are the packets through this network intermediate equipment, this network intermediate equipment and many computer equipments are connected to form network, method by the application has realized the network packet data on flows of obtaining many computer equipments, has improved the application of Network Traffic Monitoring.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present application, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiment of the application, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The flow chart of a kind of network traffics value-acquiring method embodiment of the method one that Fig. 1 provides for the application;
The part flow chart of a kind of network traffics value-acquiring method embodiment bis-that Fig. 2 provides for the application;
The part flow chart figure of a kind of network traffics value-acquiring method embodiment tri-that Fig. 3 provides for the application;
The flow chart figure of a kind of network traffics value-acquiring method embodiment tetra-that Fig. 4 provides for the application;
The structural representation of a kind of network flow value acquisition device embodiment five that Fig. 5 provides for the application;
The part-structure schematic diagram of a kind of network flow value acquisition device embodiment six that Fig. 6 provides for the application;
The part-structure schematic diagram of a kind of network flow value acquisition device embodiment seven that Fig. 7 provides for the application;
The structural representation of a kind of network flow value acquisition device embodiment eight that Fig. 8 provides for the application;
Fig. 9 shows a kind of network topology structure figure of the embodiment of the present application;
Figure 10 shows the another kind of network topology structure figure of the embodiment of the present application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only the application's part embodiment, rather than whole embodiment.Embodiment based in the application, those of ordinary skills are not making the every other embodiment obtaining under creative work prerequisite, all belong to the scope of the application's protection.
Refer to Fig. 1, it shows the flow chart of a kind of network traffics value-acquiring method embodiment mono-that the application provides, and the present embodiment is applied to network intermediate equipment, and concrete steps can comprise:
Step 101: obtain the current data packet that described network intermediate equipment receives.
Described network intermediate equipment can be switch, router, hub etc., connects many computer equipments, forms the network that comprises described network intermediate equipment and described many computer equipments.Described computer equipment can receive the packet that described network intermediate equipment sends, and by described package forward to destination address, the package forward that also other equipment can be sent as other computer equipments or server apparatus is to computer equipment arbitrarily in this network.
Described obtain manner can be to utilize the data link layer of packet capture instrument in network tcp/ip layer level structure to carry out catching of packet, for example: libpcap or winpcap.Certainly, described packet capture instrument is including but not limited to above-mentioned two kinds of enumerating.
It should be noted that, described obtaining can be to obtain at the different interface of this network intermediate equipment, wherein, the current data packet getting in exit can be the first packet that the computer equipment of this network intermediate equipment connection sends to other equipment (as other computer equipments or server apparatus) outside this network; The current data packet getting in porch can be the second packet that other equipment outside this network send to the computer equipment in this network.
Step 102: according to the agreement encapsulating in described current data packet, obtain the current data amount corresponding with described agreement.
Described current data wraps in network to be transmitted, and need to be packaged with the various agreement corresponding with network level structure.For example, described packet sends web-page requests access to certain station server, can be packaged with http protocol, Transmission Control Protocol, IP agreement, Ethernet protocol etc.
Resolve described current data packet, described current data includes different agreement head, by the protocol type (upper-layer protocol type) and the known data volume corresponding with this protocol type of data length field (upper-layer protocol data volume) that comprise in described protocol header part.Wherein, obtain the protocol-identifier encapsulating in described current data packet, by described protocol-identifier, can know the protocol type of described protocol-identifier representative.It should be noted that, data length field in IP protocol headers is the total length of whole IP packet, therefore, the last layer that obtains the IP agreement encapsulating in described current data packet is the agreement of transport layer, need to deduct with the numerical value of described data length field described IP protocol headers length value.
Certainly, the numerical value of the data length field comprising in the protocol header of other agreements can be also the total length of this protocol data bag, needs the length value that deducts described protocol headers just can get current data amount corresponding to described agreement.
For example, the current data packet getting is Ethernet data bag, what in described packet, encapsulate is Ethernet protocol, the protocol headers of this Ethernet protocol is divided and is included protocol type field, by obtaining the content of described field, can know that upper strata is the agreement that network layer is used, for example this Ethernet protocol type field value is 0x0800, show that the agreement that network layer is used is IP agreement, data field value is that to be converted to the decimal system be 1244 to 0x04DC(), the data volume that represents network layer is 1244 bytes, the current data amount corresponding with described IP agreement is 1244 bytes, protocol type field value in the protocol header of this IP agreement is 0x06, show that the agreement that transport layer is used is Transmission Control Protocol, data length field value is that to be converted to the decimal system be 88 to 0x58(), the data volume that shows transport layer is 88 bytes.
Step 103: according to current data amount corresponding to described agreement, obtain the current network flow data total value corresponding with described agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
Wherein, described primary data amount is that all packets that receive with this network intermediate equipment before this current data packet are corresponding, is each the data volume sum corresponding with this agreement in described all packets before.For example, described current data packet is A, and described agreement is IP agreement, and current data amount corresponding to described IP agreement getting in described A is 1244 bytes, described primary data amount is 1000 bytes, and the described current net data on flows total value getting is i.e. 2244 bytes of 1244+1000.Wherein, described primary data amount is the summation of data volume corresponding to IP agreement in each packet before A.
From above technical scheme, the present embodiment provides a kind of network traffics value-acquiring method, is applied to network intermediate equipment, and the method comprises: obtain the current data packet that this network intermediate equipment receives; According to the agreement encapsulating in this current data packet, obtain the current data amount corresponding with this agreement; According to current data amount corresponding to this agreement, obtain the current network flow data total value corresponding with this agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
Compared with prior art, the described current network flow data total value that the application gets comprises current data packet primary data amount corresponding to all packets before, described network intermediate equipment and many computer equipments are connected to form network, method by the application has realized the network packet data on flows of obtaining many computer equipments, has improved the application of Network Traffic Monitoring.
It should be noted that, in above-described embodiment, step 101 can be to carry out once every Preset Time section, can be also real-time execution.Preferably, step 101 is carried out in real time, and step 102 and 103 is according to step 101 execution that is triggered.Thereby, can realize the Real-time Obtaining to each packet data amount of this network intermediate equipment reception.
It should be noted that, because the packet getting in step 101 can be to get in the porch of this network intermediate equipment, also can get in exit, thereby the current network flow data total value corresponding with described current data packet that step 103 gets, can be the network traffics that this network intermediate equipment sends out, also can be the network traffics that receive, realize obtaining the dissimilar network flow data value of sending and receiving.
It should be noted that, the described current network flow data total value getting in above-described embodiment is corresponding with agreement, as IP agreement, http protocol etc., has realized network traffics by the monitoring of protocol type.
Refer to Fig. 2, it shows the part flow chart of a kind of network flow data value-acquiring method embodiment bis-that the application provides, this embodiment is applied to network intermediate equipment, described primary data amount is kept in the gauge outfit of the chained list corresponding with described agreement setting in advance, and in embodiment mono-, step 103 can comprise:
Step 201: the gauge outfit of determining the chained list corresponding with described agreement.
Described chained list is the chained list corresponding with described agreement, includes described network flow data total value corresponding to described agreement in the gauge outfit of described chained list.
Step 202: obtain described primary data amount in described gauge outfit; Wherein, each data volume sum corresponding with this agreement in all packets before current data packet described in described primary data amount.
Step 203: obtain described current data amount and described primary data amount and value.
For example, primary data amount corresponding to described agreement getting in step 202 is 1000 bytes, current data amount corresponding to described agreement getting in step 102 is 1244 bytes, and the described current net data on flows total value getting is i.e. 2244 bytes of 1244+1000.
Step 204: according to described and value, upgrade the primary data amount in described gauge outfit.
Described primary data amount is updated to described and value, for example, 1000 bytes is updated to 2244 bytes.
Refer to Fig. 3, the part flow chart that it shows a kind of network flow data value-acquiring method embodiment tri-that the application provides, on the basis of embodiment mono-, can also comprise:
Step 301: preserve described agreement and current data amount corresponding to this agreement with the form of class object.
In described class object, include protocol type field and data volume field, be respectively used to preserve described agreement and current data amount corresponding to this agreement.Wherein, the value that described protocol type field is preserved can be identical with the value of the protocol type field of described current data packet, can be also by the types value setting in advance.It should be noted that, set in advance the corresponding relation between such offset protocol type corresponding with it.For example, set in advance 1 corresponding IP agreement, 2 corresponding Transmission Control Protocol.Certainly, described corresponding relation is including but not limited to above-mentioned form.
For example, described agreement is IP, and described current data amount is 1244 bytes, and the protocol type field value of this class object is set to 0800, or is set to 1; Data volume field value is set to 1244.
Step 302: the table tail of described class object being put into described chained list.
In described class object, include front chained list pointer field and/or rear chained list pointer field, be respectively used to point to previous class object and/or a rear class object of this class object place chained list.The described mode of putting into, can be by rear this class object of chained list pointed of last class object of chained list corresponding to this agreement, can be also that the front chained list pointer field of this class object is pointed to this last class object; Or the combination of above-mentioned two kinds of modes.
Wherein, the execution sequence of described step 301 does not limit, and can be before 103, to carry out after step 102, can be to carry out after step 103 yet.
On the basis of above-mentioned each embodiment, can also comprise: the current network flow data total value that described agreement is corresponding shows.This step can be to carry out after the step 103 of each embodiment.Refer to Fig. 4, it shows the flow chart of a kind of network traffics value-acquiring method embodiment tetra-that the application provides.After the step 103 of embodiment mono-, also comprise:
Step 104: the current network flow data total value that described agreement is corresponding shows.
It should be noted that, described demonstration can be to carry out in real time, and current network flow data total value corresponding to described agreement that soon step 103 is obtained shows, for example, show IP agreement and 2244 bytes; Also can after Preset Time section, once show, for example, in 5 seconds, carry out the demonstration of a current network flow data total value.
In addition, described current network flow data total value can be the described current network flow data total value getting in step 103, can be also to get in the gauge outfit of the chained list from embodiment bis-or embodiment tri-.
Moreover the mode of described demonstration is including but not limited to forms such as word, image or forms.
Refer to Fig. 5, it shows the structural representation of a kind of network flow value acquisition device embodiment tetra-that the application provides, the present embodiment is applied to network intermediate equipment, concrete unit can comprise: packet acquiring unit 501, data volume acquiring unit 502 and data total value acquiring unit 503, wherein:
Described packet acquiring unit 501, the current data packet receiving for obtaining described network intermediate equipment.
Described network intermediate equipment can be switch, router, hub etc., connects many computer equipments, forms the network that comprises described network intermediate equipment and described many computer equipments.Described computer equipment can receive the packet that described network intermediate equipment sends, and by described package forward to destination address, the package forward that also other equipment can be sent as other computer equipments or server apparatus is to computer equipment arbitrarily in this network.
The mode that described packet acquiring unit 501 obtains can be to utilize the data link layer of packet capture instrument in network tcp/ip layer level structure to carry out catching of packet, for example: libpcap or winpcap.Certainly, described packet capture instrument is including but not limited to above-mentioned two kinds of enumerating.
It should be noted that, it can be to obtain at the different interface of this network intermediate equipment that described packet acquiring unit 501 obtains.Wherein, the current data packet getting in exit can be the first packet that the computer equipment of this network intermediate equipment connection sends to other equipment (as other computer equipments or server apparatus) outside this network; The current data packet getting in porch can be the second packet that other equipment outside this network send to the computer equipment in this network.
Described data volume acquiring unit 502, for the agreement encapsulating according to described current data packet, obtains the current data amount corresponding with described agreement.
Described current data wraps in network to be transmitted, and need to be packaged with the various agreement corresponding with network level structure.For example, described packet sends web-page requests access to certain station server, can be packaged with http protocol, Transmission Control Protocol, IP agreement, Ethernet protocol etc.
Described data volume acquiring unit 502 is resolved described current data packet, described current data includes different agreement head, by the protocol type (upper-layer protocol type) and the known data volume corresponding with this protocol type of data length field (upper-layer protocol data volume) that comprise in described protocol header part.Wherein, described data volume acquiring unit 502 obtains the protocol-identifier encapsulating in described current data packet, can know the protocol type of described protocol-identifier representative by described protocol-identifier.It should be noted that, data length field in IP protocol headers is the total length of whole IP packet, therefore, the last layer that described data volume acquiring unit 502 obtains the IP agreement encapsulating in described current data packet is the agreement of transport layer, need to deduct with the numerical value of described data length field described IP protocol headers length value.
Certainly, the numerical value of the data length field comprising in the protocol header of other agreements can be also the total length of this protocol data bag, needs the length value that deducts described protocol headers just can get current data amount corresponding to described agreement.
For example, the current data packet that described data volume acquiring unit 502 gets is Ethernet data bag, what in described packet, encapsulate is Ethernet protocol, the protocol headers of this Ethernet protocol is divided and is included protocol type field, described data volume acquiring unit 502 can know that by obtaining the content of described field upper strata is the agreement that network layer is used, for example this Ethernet protocol type field value is 0x0800, show that the agreement that network layer is used is IP agreement, data field value is that to be converted to the decimal system be 1244 to 0x04DC(), the data volume that represents network layer is 1244 bytes, the current data amount corresponding with described IP agreement is 1244 bytes, protocol type field value in the protocol header of this IP agreement is 0x06, show that the agreement that transport layer is used is Transmission Control Protocol, data length field value is that to be converted to the decimal system be 88 to 0x58(), the data volume that shows transport layer is 88 bytes.
Described data total value acquiring unit 503, for according to current data amount corresponding to described agreement, obtains the current network flow data total value corresponding with described agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
Wherein, the described primary data amount that described data volume acquiring unit 502 gets is that all packets that receive with this network intermediate equipment before this current data packet are corresponding, is each the data volume sum corresponding with this agreement in described all packets before.For example, described current data packet is A, described agreement is IP agreement, current data amount corresponding to described IP agreement that described data volume acquiring unit 502 gets in described A is 1244 bytes, described primary data amount is 1000 bytes, and the described current net data on flows total value that described data total value acquiring unit 503 gets is i.e. 2244 bytes of 1244+1000.Wherein, described primary data amount is the summation of data volume corresponding to IP agreement in each packet before A.
From above technical scheme, the present embodiment provides a kind of network flow value acquisition device, is applied to network intermediate equipment, the current data packet that this device receives by obtaining this network intermediate equipment; According to the agreement encapsulating in this current data packet, obtain the current data amount corresponding with this agreement; According to current data amount corresponding to this agreement, obtain the current network flow data total value corresponding with this agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
Compared with prior art, the described current network flow data total value that the application gets comprises current data packet primary data amount corresponding to all packets before, described network intermediate equipment and many computer equipments are connected to form network, method by the application has realized the network packet data on flows of obtaining many computer equipments, has improved the application of Network Traffic Monitoring.
It should be noted that, packet acquiring unit 501 described in embodiment five can be every the work of Preset Time section once, can be also real-time working.Preferably, described packet acquiring unit 501 real-time workings, described data volume acquiring unit 502 and described data total value acquiring unit 503 is according to the execution that is triggered of described packet acquiring unit 501.Thereby, can realize the Real-time Obtaining to each packet data amount of this network intermediate equipment reception.
It should be noted that, the packet getting due to described packet acquiring unit 501 can be to get in the porch of this network intermediate equipment, also can get in exit, the current network flow data total value that thereby described data total value acquiring unit 503 is that get and described current data packet is corresponding, can be the network traffics that this network intermediate equipment sends out, also can be the network traffics that receive, realize obtaining the dissimilar network flow data value of sending and receiving.
It should be noted that, the described current network flow data total value getting in above-described embodiment is corresponding with agreement, as IP agreement, http protocol etc., has realized network traffics by the monitoring of protocol type.
Refer to Fig. 6, it shows the part-structure schematic diagram of a kind of network flow data value acquisition device embodiment six that the application provides, this embodiment is applied to network intermediate equipment, described primary data amount is kept in the gauge outfit of the chained list corresponding with described agreement setting in advance, and the data total value acquiring unit 503 of embodiment five can comprise: gauge outfit determines that subelement 601, the first data total value are obtained subelement 602, the second data total value is obtained subelement 603 and upgraded subelement 604.Wherein:
Described gauge outfit is determined subelement 601, for determining the gauge outfit of the chained list corresponding with described agreement.
Described chained list is the chained list corresponding with described agreement, includes described network flow data total value corresponding to described agreement in the gauge outfit of described chained list.
Described the first data total value is obtained subelement 602, for obtain described primary data amount in described gauge outfit; Wherein, each data volume sum corresponding with this agreement in all packets before current data packet described in described primary data amount.
Described the second data total value is obtained subelement 603, for obtain described current data amount and described primary data amount and value
For example, it is 1000 bytes that described the first data total value is obtained primary data amount corresponding to described agreement that subelement 602 gets, current data amount corresponding to described agreement that data volume acquiring unit 502 in embodiment five gets is 1244 bytes, and to obtain the described current net data on flows total value that subelement 603 gets be i.e. 2244 bytes of 1244+1000 to described the second data total value.
Described renewal subelement 604, for according to described and value, upgrades the primary data amount in described gauge outfit.
Described renewal subelement 604 is updated to described and value by described primary data amount, for example, 1000 bytes is updated to 2244 bytes.
Refer to Fig. 7, the part-structure schematic diagram that it shows a kind of network flow data value acquisition device embodiment seven that the application provides, on the basis of embodiment five, can also comprise: class object storage unit 701 and add linked list units 702.Wherein:
Described class object storage unit 701, for preserving current data amount corresponding to described agreement and this agreement with the form of class object.
The class object that described class object storage unit 701 is utilized, includes protocol type field and data volume field, is respectively used to preserve described agreement and current data amount corresponding to this agreement.Wherein, the value that described protocol type field is preserved can be identical with the value of the protocol type field of described current data packet, can be also by the types value setting in advance.It should be noted that, set in advance the corresponding relation between such offset protocol type corresponding with it.For example, set in advance 1 corresponding IP agreement, 2 corresponding Transmission Control Protocol.Certainly, described corresponding relation is including but not limited to above-mentioned form.
For example, described agreement is IP, and described current data amount is 1244 bytes, and the protocol type field value of described class object storage unit 701 these class objects is set to 0800, or is set to 1; Data volume field value is set to 1244.
The described linked list units 702 that adds, for putting into described class object on the table tail of described chained list.
The class object that described class object storage unit 701 is utilized, includes front chained list pointer field and/or rear chained list pointer field, is respectively used to point to previous class object and/or a rear class object of this class object place chained list.The described mode of putting into that adds linked list units 702, can be by rear this class object of chained list pointed of last class object of chained list corresponding to this agreement, can be also that the front chained list pointer field of this class object is pointed to this last class object; Or the combination of above-mentioned two kinds of modes.
Wherein, described class object storage unit 701 can be connected with data volume acquiring unit 502, and by described data volume acquiring unit 502, triggered and carry out, can be to be also connected with data total value acquiring unit 503, by described data total value acquiring unit 503, triggered and carry out.
On the basis of above-mentioned each device embodiment, can also comprise: display unit, for current network flow data total value corresponding to described agreement shown.
This display unit can be connected with the data total value acquiring unit in above-mentioned each device embodiment, and the current network flow data total value that described agreement is corresponding shows.Wherein embodiment refers to a Fig. 8, and display unit 504 is connected with described data total value acquiring unit 503.
It should be noted that, the demonstration of described display unit 504 can be to carry out in real time, and current network flow data total value corresponding to described agreement that soon data total value acquiring unit 503 obtains shows, for example, show IP agreement and 2244 bytes; Also can after Preset Time section, once show, for example, in 5 seconds, carry out the demonstration of a current network flow data total value.
In addition, the described current network flow data total value that described display unit 504 shows can be the described current network flow data total value that described data total value acquiring unit 503 gets, and can be also to get in the gauge outfit of the chained list from embodiment six or embodiment seven.
Moreover the mode that described display unit 504 shows is including but not limited to forms such as word, image or forms.
Refer to Fig. 9, it shows a kind of network topology structure figure of the embodiment of the present application.Wherein, described computer equipment 901,902 and 903 is monitored computer equipments, and described network intermediate equipment 904 is connected with described 901,902 and 903 respectively, and described display device 905 is connected with described 904.Wherein, described network intermediate equipment 904 at least includes packet acquiring unit, data volume acquiring unit, data total value acquiring unit and the display unit in said apparatus embodiment, realizes and directly from described network intermediate equipment 904, to obtain the current data packet that this equipment receives and to carry out flow monitoring.Described network intermediate equipment can be switch, router etc.
Refer to Figure 10, it shows the another kind of network topology structure figure of the embodiment of the present application.Wherein, on the basis of Fig. 9, can also comprise monitoring equipment 906, be connected with described network intermediate equipment 904 and described display device 905 respectively.Described monitoring equipment 906 at least comprises packet acquiring unit, data volume acquiring unit, data total value acquiring unit and display unit.Described monitoring equipment 906 need to obtain the current data packet that this equipment receives and carry out flow monitoring from described network intermediate equipment 904.This kind of implementation, can alleviate the work load of described network intermediate equipment, improves monitoring efficiency.
It should be noted that, each embodiment in this specification all adopts the mode of going forward one by one to describe, and each embodiment stresses is the difference with other embodiment, between each embodiment identical similar part mutually referring to.
Above a kind of network traffics value-acquiring method provided by the present invention and device are described in detail, the above-mentioned explanation to the disclosed embodiments, makes professional and technical personnel in the field can realize or use the present invention.To the multiple modification of these embodiment, will be apparent for those skilled in the art, General Principle as defined herein can, in the situation that not departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (8)
1. a network traffics value-acquiring method, is characterized in that, is applied to network intermediate equipment, and the method comprises:
Obtain the current data packet that described network intermediate equipment receives;
According to the agreement encapsulating in described current data packet, obtain the current data amount corresponding with described agreement;
According to current data amount corresponding to described agreement, obtain the current network flow data total value corresponding with described agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
2. method according to claim 1, is characterized in that, described primary data amount is kept in the gauge outfit of the chained list corresponding with described agreement setting in advance; Wherein, the current data amount that the described agreement of described foundation is corresponding, obtains the current network flow data total value corresponding with described agreement, comprising:
Determine the gauge outfit of the chained list corresponding with described agreement;
In described gauge outfit, obtain described primary data amount; Wherein, each data volume sum corresponding with this agreement in all packets before current data packet described in described primary data amount;
Obtain described current data amount and described primary data amount and value;
According to described and value, upgrade the primary data amount in described gauge outfit.
3. method according to claim 2, is characterized in that, the agreement encapsulating in the described current data packet of described foundation, after obtaining the current data amount corresponding with described agreement, also comprises:
With the form of class object, preserve described agreement and current data amount corresponding to this agreement;
Described class object is put into the table tail of described chained list.
4. according to the method described in claims 1 to 3 any one, it is characterized in that, in current data amount corresponding to the described agreement of described foundation, after obtaining the current network flow data total value corresponding with described agreement, also comprise:
The current network flow data total value that described agreement is corresponding shows.
5. a network flow value acquisition device, is characterized in that, is applied to network intermediate equipment, and this device comprises:
Packet acquiring unit, the current data packet receiving for obtaining described network intermediate equipment;
Data volume acquiring unit, for the agreement encapsulating according to described current data packet, obtains the current data amount corresponding with described agreement;
Data total value acquiring unit, for according to current data amount corresponding to described agreement, obtains the current network flow data total value corresponding with described agreement; Wherein, described current network flow data total value is the described current data amount primary data amount sum corresponding with all packets before described current data packet.
6. device according to claim 5, is characterized in that, described primary data amount is kept in the gauge outfit of the chained list corresponding with described agreement setting in advance; Wherein, described data total value acquiring unit comprises:
Gauge outfit is determined subelement, for determining the gauge outfit of the chained list corresponding with described agreement;
The first data total value is obtained subelement, for obtaining described primary data amount in described gauge outfit; Wherein, each data volume sum corresponding with this agreement in all packets before current data packet described in described primary data amount;
The second data total value is obtained subelement, for obtain described current data amount and described primary data amount and value;
Upgrade subelement, for according to described and value, upgrade the primary data amount in described gauge outfit.
7. device according to claim 5, is characterized in that, also comprises:
Class object storage unit, for preserving current data amount corresponding to described agreement and this agreement with the form of class object;
Add linked list units, described class object is put into the table tail of described chained list.
8. according to the device described in claim 5 to 7 any one, it is characterized in that, also comprise:
Display unit, for showing current network flow data total value corresponding to described agreement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310693287.6A CN103618637A (en) | 2013-12-17 | 2013-12-17 | Network flow value acquisition method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310693287.6A CN103618637A (en) | 2013-12-17 | 2013-12-17 | Network flow value acquisition method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103618637A true CN103618637A (en) | 2014-03-05 |
Family
ID=50169341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310693287.6A Pending CN103618637A (en) | 2013-12-17 | 2013-12-17 | Network flow value acquisition method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103618637A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017054580A1 (en) * | 2015-09-28 | 2017-04-06 | 中兴通讯股份有限公司 | Method of acquiring data traffic data and device utilizing same |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501622A (en) * | 2002-11-14 | 2004-06-02 | ��Ϊ��������˾ | Network traffic statistical method of IP device |
| DE102007042588B4 (en) * | 2007-09-07 | 2009-06-04 | Siemens Ag | Apparatus and method for monitoring data flows |
| CN101888303A (en) * | 2009-05-13 | 2010-11-17 | 中国移动通信集团上海有限公司 | Recording method of network traffic information and related device |
| CN103188112A (en) * | 2011-12-28 | 2013-07-03 | 阿里巴巴集团控股有限公司 | Network flow detection method and network flow detection device |
-
2013
- 2013-12-17 CN CN201310693287.6A patent/CN103618637A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501622A (en) * | 2002-11-14 | 2004-06-02 | ��Ϊ��������˾ | Network traffic statistical method of IP device |
| DE102007042588B4 (en) * | 2007-09-07 | 2009-06-04 | Siemens Ag | Apparatus and method for monitoring data flows |
| CN101888303A (en) * | 2009-05-13 | 2010-11-17 | 中国移动通信集团上海有限公司 | Recording method of network traffic information and related device |
| CN103188112A (en) * | 2011-12-28 | 2013-07-03 | 阿里巴巴集团控股有限公司 | Network flow detection method and network flow detection device |
Non-Patent Citations (1)
| Title |
|---|
| 汪继东等: "基于sFLOW技术的网络流量监测系统研究", 《现代计算机》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017054580A1 (en) * | 2015-09-28 | 2017-04-06 | 中兴通讯股份有限公司 | Method of acquiring data traffic data and device utilizing same |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105577413B (en) | Operations, Administration and Maintenance OAM message processing method and processing device | |
| EP3338396B1 (en) | Device and method for establishing connection in load-balancing system | |
| KR20210013207A (en) | Data message detection method, device and system | |
| EP3073698A1 (en) | Method for processing address resolution protocol message, forwarder and controller | |
| CN111083161A (en) | Data transmission processing method and device and Internet of things equipment | |
| US10298508B2 (en) | Communication system, receiving-side apparatus and transmission-side apparatus | |
| CN106161225B (en) | For handling the method, apparatus and system of VXLAN message | |
| CN107104929A (en) | The methods, devices and systems of defending against network attacks | |
| WO2016015511A1 (en) | Method, apparatus and computer storage medium for simulating data packet in network management test event | |
| CN102984025B (en) | The method of testing of gateway device virtual tunnel performance, Apparatus and system | |
| CN107222403A (en) | A kind of data transmission method, system and electronic equipment | |
| CN110381071A (en) | A kind of message transmitting method, device and send method, apparatus | |
| CN107517225B (en) | Protocol conversion method, gateway equipment and storage medium | |
| CN110691139B (en) | Data transmission method, device, equipment and storage medium | |
| CN206313803U (en) | A kind of router for realizing network game acceleration | |
| CN111262715A (en) | Virtual intranet acceleration method and system and computer equipment | |
| JP5067362B2 (en) | Communication terminal, network interface card and method thereof | |
| EP3163801A1 (en) | Packet collection method and system, network device and network management centre | |
| CN103618637A (en) | Network flow value acquisition method and device | |
| CN107786536B (en) | TCP reverse port penetration method and system thereof | |
| CN105991353A (en) | Fault location method and device | |
| CN110581792B (en) | Message transmission method and device | |
| CN105553986B (en) | A kind of limited real time node communication means of multihoming based on UDP | |
| CN104702505B (en) | A kind of message transmitting method and node | |
| CN103227781A (en) | Network diagnose and performance evaluation system and method based on user datagram protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140305 |
|
| RJ01 | Rejection of invention patent application after publication |