CN111404940B - Data packet identification method and device, electronic equipment and storage medium - Google Patents
Data packet identification method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111404940B CN111404940B CN202010185994.4A CN202010185994A CN111404940B CN 111404940 B CN111404940 B CN 111404940B CN 202010185994 A CN202010185994 A CN 202010185994A CN 111404940 B CN111404940 B CN 111404940B
- Authority
- CN
- China
- Prior art keywords
- data packet
- packet
- target
- target data
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a data packet identification method, a data packet identification device, an electronic device and a computer readable storage medium, wherein the method comprises the following steps: when a target data packet is received, judging whether the target data packet is the first data packet of the session to which the target data packet belongs; if so, storing a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs into a record of the target session; if not, comparing the packet receiving network port of the target data packet and the safety zone to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet. The data packet identification method improves the identification efficiency of the secondary crossing data packet.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for identifying a data packet, an electronic device, and a computer-readable storage medium.
Background
When network devices such as a firewall and the like are deployed in operation, if the same message passes through the network devices for multiple times, the network devices are called secondary crossing. For a firewall, the second traversal is very likely to cause the problems of network failure or service function failure and the like.
In the related art, whether a packet has passed through a device multiple times is determined by mac address identification of the packet. Not being recognized for the same mac may result in network disruption, etc. Comparing mac addresses with each data packet increases the performance of the loss device, increases the load of the device, and reduces the forwarding efficiency.
Therefore, how to improve the recognition efficiency of the second-pass data packet is a technical problem to be solved by those skilled in the art,
disclosure of Invention
The application aims to provide a data packet identification method and device, an electronic device and a computer readable storage medium, and the identification efficiency of a secondary traversal data packet is improved.
In order to achieve the above object, the present application provides a data packet identification method, including:
when a target data packet is received, judging whether the target data packet is the first data packet of the session to which the target data packet belongs;
if so, storing a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs into a record of the target session;
if not, comparing the packet receiving network port of the target data packet and the safety zone to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet.
Wherein the identifying the packet type of the target packet based on the comparison result comprises:
if the target data packet is a request data packet, judging that the target data packet is the secondary penetration data packet when a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs are not consistent with the record of the target session; the request data packet is a data packet sent by a client to a server;
if the target data packet is a reply data packet, judging that the target data packet is the secondary penetration data packet when a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs are consistent with the record of the target session; the request data packet is a data packet sent by the server to the client.
Wherein, the determining whether the target data packet is the first data packet of the session to which the target data packet belongs includes:
determining communication information of the target data packet, and calculating a session identifier corresponding to the target data packet based on a preset calculation rule by using the communication information;
judging whether the session identifier exists or not; if not, the target data packet is judged to be the first data packet of the session.
Wherein, still include:
acquiring standard characteristic information of a target characteristic item of a secondary penetration data packet;
extracting feature information of a target feature item of the target data packet, and matching the feature information with corresponding standard feature information;
and if the matching is successful, determining that the target data packet is the secondary penetration data packet.
Wherein, still include:
judging whether to start an automatic identification mechanism based on the configuration information;
if yes, executing the step of judging whether the target data packet is the first data packet of the session;
and if not, executing the step of acquiring the standard characteristic information of the target characteristic item of the secondary penetration data packet.
Wherein, the target characteristic item comprises any one item or any combination of any several items of a source IP address, a destination IP address and a packet receiving network port.
In order to achieve the above object, the present application provides a packet identification apparatus, including:
the first judgment module is used for judging whether a target data packet is the first data packet of the session to which the target data packet belongs when the target data packet is received; if yes, starting the working process of the storage module; if not, starting the working process of the comparison module;
the storage module is configured to store a packet receiving network port of the target data packet and a security area to which the packet receiving network port belongs in a record of the target session;
the comparison module is used for comparing the packet receiving network port of the target data packet and the safety region to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet.
Wherein the comparison module comprises:
the comparison unit is used for comparing the packet receiving network port of the target data packet and the safety area to which the packet receiving network port belongs with the record of the target session;
a first determining unit, configured to determine that the target data packet is the secondary penetration data packet if the target data packet is a request data packet, and if a packet receiving port of the target data packet and a security area to which the packet receiving port belongs are inconsistent with a record of the target session; the request data packet is a data packet sent by a client to a server;
a second determining unit, configured to determine that the target data packet is the secondary penetration data packet if the target data packet is a reply data packet, and if a packet receiving port of the target data packet and a security area to which the packet receiving port belongs are consistent with a record of the target session; the request data packet is a data packet sent by the server to the client.
To achieve the above object, the present application provides an electronic device including:
a memory for storing a computer program;
a processor for implementing the steps of the above packet identification method when executing the computer program.
To achieve the above object, the present application provides a computer-readable storage medium having a computer program stored thereon, which when executed by a processor, implements the steps of the above packet identification method.
According to the scheme, the data packet identification method provided by the application comprises the following steps: when a target data packet is received, judging whether the target data packet is the first data packet of the session to which the target data packet belongs; if so, storing a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs into a record of the target session; if not, comparing the packet receiving network port of the target data packet and the safety zone to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet.
For a network device, all packets in a session are received through one network port. Therefore, in the present application, when the target data packet is the first data packet of a session, the corresponding packet receiving port and the security area to which the packet receiving port belongs are stored as records corresponding to the session, and when other data packets belonging to the session are subsequently received, the records can be directly extracted to determine the packet receiving port of the data packet and the security area to which the packet receiving port belongs. Whether the target data packet is a secondary traversal data packet can be determined by comparing the packet receiving network port of the target data packet with the packet receiving network port of the session, and comparing the safe region of the packet receiving network port of the target data packet with the safe region of the packet receiving network port of the session, and comparison with mac addresses of all received data packets is not needed, so that the identification efficiency of the secondary traversal data packet is improved. The application also discloses a data packet identification device, an electronic device and a computer readable storage medium, which can also realize the technical effects.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a flow diagram illustrating a method for packet identification in accordance with an exemplary embodiment;
FIG. 2 is an architecture diagram illustrating a packet identification system in accordance with an exemplary embodiment;
FIG. 3 is a flow diagram illustrating another method of packet identification in accordance with an exemplary embodiment;
FIG. 4 is a block diagram illustrating a packet identification device in accordance with an exemplary embodiment;
FIG. 5 is a block diagram illustrating an electronic device in accordance with an exemplary embodiment.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a data packet identification method, which improves the identification efficiency of a secondary traversing data packet.
Referring to fig. 1, a flow chart of a packet identification method according to an exemplary embodiment is shown, as shown in fig. 1, including:
s101: when a target data packet is received, judging whether the target data packet is the first data packet of the session to which the target data packet belongs; if yes, entering S102; if not, the step S103 is entered;
the execution subject of this embodiment is a network device such as a firewall, and the like, and is to identify a received target packet and identify whether the target packet is a secondary traversal packet. In this step, it is determined whether the received target packet is the first packet of the session to which the target packet belongs, and if so, it may be determined that the target packet is a non-secondary-pass packet, and S102 is entered, otherwise, S103 is entered.
S102: storing a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs into a record of the target session;
in this step, since the target packet is the first packet of the session to which the target packet belongs, it can be determined as a non-twice-penetrable packet. It will be appreciated that for a network device, all packets within a session are received through one portal. Therefore, when the target data packet is the first data packet of a session, the corresponding packet receiving port and the safety region to which the packet receiving port belongs are stored as records corresponding to the session, and when other data packets belonging to the session are subsequently received, the records can be directly extracted to determine the packet receiving port of the data packet and the safety region to which the packet receiving port belongs.
S103: comparing the packet receiving network port of the target data packet and the safety region to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet.
In this step, whether the target data packet is a secondary traversal data packet or not can be determined by comparing the packet receiving network port of the target data packet with the packet receiving network port of the session to which the target data packet belongs, and comparing the safe region to which the packet receiving network port of the target data packet belongs with the safe region to which the packet receiving network port of the session belongs.
For a network device, all packets in a session are received through one network port. Therefore, in this embodiment of the present application, when the target data packet is the first data packet of a session, the packet receiving port corresponding to the target data packet and the security area to which the packet receiving port belongs are stored as records corresponding to the session, and when other data packets belonging to the session are subsequently received, the records may be directly extracted to determine the packet receiving port of the data packet and the security area to which the packet receiving port belongs. Whether the target data packet is a secondary traversal data packet can be determined by comparing the packet receiving network port of the target data packet with the packet receiving network port of the session, and comparing the safe region of the packet receiving network port of the target data packet with the safe region of the packet receiving network port of the session, and comparison with mac addresses of all received data packets is not needed, so that the identification efficiency of the secondary traversal data packet is improved.
Referring to fig. 2, fig. 2 is an architecture diagram of a packet identification system according to an embodiment of the present disclosure, as shown in fig. 2, the packet identification system includes a router, a firewall, a server, and a client, where the server and the client perform packet interaction through the firewall, and the firewall is a network device in the previous embodiment.
In the application scenario shown in fig. 2, the step of identifying the packet type of the target packet based on the comparison result may include: if the target data packet is a request data packet, judging that the target data packet is the secondary penetration data packet when a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs are not consistent with the record of the target session; the request data packet is a data packet sent by a client to a server; if the target data packet is a reply data packet, judging that the target data packet is the secondary penetration data packet when a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs are consistent with the record of the target session; the request data packet is a data packet sent by the server to the client.
In a specific implementation, if the target data packet is a request data packet, namely a data packet sent from the client to the server, the packet receiving network port of the target data packet and the security area to which the packet receiving network port belongs are compared with the record of the session to which the target data packet belongs, if the results are the same, the data packet is considered to be a normal data packet, and if the results are different, the data packet is considered to be a secondary penetration data packet, and the marking is performed in the target data packet. If the target data packet is a reply data packet, namely a data packet sent from the server to the client, comparing the receiving network port of the target data packet and the security area to which the receiving network port belongs with the record of the session to which the target data packet belongs, if the results are different, the data packet is considered to be a normal data packet, if the results are the same, the data packet is considered to be a secondary penetration data packet, and marking is carried out in the target data packet.
The embodiment of the application discloses a data packet identification method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Specifically, the method comprises the following steps:
referring to fig. 3, a flow chart of another packet identification method according to an exemplary embodiment is shown, as shown in fig. 3, including:
s201: when a target data packet is received, judging whether to start an automatic identification mechanism or not based on configuration information; if yes, entering S202; if not, the process goes to S205;
in this embodiment, the user may configure whether an automatic identification mechanism needs to be performed, if so, the process proceeds to S202, and if not, the process proceeds to S205. When the method is used in a simple scene, an automatic identification mechanism of secondary penetration can be performed, and other complex scenes can be flexibly configured with an identification strategy of a secondary penetration data packet according to configuration. The automatic identification mechanism mainly takes the packet receiving information of the data packet on the device, namely the packet receiving network port and the safety zone to which the packet receiving network port belongs as the basis for whether to penetrate the data packet for the second time.
S202: determining communication information of the target data packet, calculating a session identifier corresponding to the target data packet based on a preset calculation rule by using the communication information, and judging whether the session identifier exists or not; if yes, entering S204; if not, the step S203 is entered;
in specific implementation, for each received data packet, recording communication information, that is, a source IP address, a destination IP address, a source port, and a destination port, calculating the communication information based on a preset calculation rule to obtain a session identifier corresponding to a target data packet, if the session identifier already exists, it is indicated that the target data packet is not a first data packet of a certain session, and then S204 is entered, otherwise, it is determined that the target data packet is a first data packet of a certain session, and then S203 is entered.
S203: storing a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs into a record of the target session;
s204: comparing the packet receiving network port of the target data packet and the safety region to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet.
S205: acquiring standard characteristic information of a target characteristic item of a secondary penetration data packet;
in this embodiment, the user may manually configure the identification basis of the secondary penetration data packet, that is, the target feature item in this step, where the target feature item may include a source IP address, a destination IP address, a packet receiving port, and the like.
S206, extracting the feature information of the target feature item of the target data packet, and matching the feature information with the corresponding standard feature information; and if the matching is successful, determining that the target data packet is the secondary penetration data packet.
In this step, feature information of the target feature item of the target data packet is extracted and matched with corresponding standard feature information configured by the user. And if the matching is successful, judging that the target data packet is a secondary penetration data packet, and marking in the target data packet.
Therefore, for a simple scene, the embodiment supports an automatic identification mechanism of the secondary traversal data packet, performs automatic judgment according to the packet receiving information of the target data packet, and improves the identification efficiency of the secondary traversal data packet. For complex scenes, a user flexibly configures an identification strategy of the secondary penetration data packet, and the identification accuracy of the secondary penetration data packet is improved.
In the following, a packet identification apparatus provided by an embodiment of the present application is introduced, and a packet identification apparatus described below and a packet identification method described above may be referred to each other.
Referring to fig. 4, a block diagram of a packet identification device according to an exemplary embodiment is shown, as shown in fig. 4, including:
a first determining module 401, configured to determine, when a target data packet is received, whether the target data packet is a first data packet of a session to which the target data packet belongs; if yes, the work flow of the storage module 402 is started; if not, the work flow of the comparison module 403 is started;
the storage module 402 is configured to store the packet receiving network port of the target data packet and the security area to which the packet receiving network port belongs in the record of the target session;
the comparing module 403 is configured to compare the packet receiving network port of the target data packet and the security area to which the packet receiving network port belongs with the record of the target session, and identify the data packet type of the target data packet based on the comparison result; wherein the data packet types include a double-pass data packet and a non-double-pass data packet.
For a network device, all packets in a session are received through one network port. Therefore, in this embodiment of the present application, when the target data packet is the first data packet of a session, the packet receiving port corresponding to the target data packet and the security area to which the packet receiving port belongs are stored as records corresponding to the session, and when other data packets belonging to the session are subsequently received, the records may be directly extracted to determine the packet receiving port of the data packet and the security area to which the packet receiving port belongs. Whether the target data packet is a secondary traversal data packet can be determined by comparing the packet receiving network port of the target data packet with the packet receiving network port of the session, and comparing the safe region of the packet receiving network port of the target data packet with the safe region of the packet receiving network port of the session, and comparison with mac addresses of all received data packets is not needed, so that the identification efficiency of the secondary traversal data packet is improved.
On the basis of the above embodiment, as a preferred implementation, the comparison module 403 includes:
the comparison unit is used for comparing the packet receiving network port of the target data packet and the safety area to which the packet receiving network port belongs with the record of the target session;
a first determining unit, configured to determine that the target data packet is the secondary penetration data packet if the target data packet is a request data packet, and if a packet receiving port of the target data packet and a security area to which the packet receiving port belongs are inconsistent with a record of the target session; the request data packet is a data packet sent by a client to a server;
a second determining unit, configured to determine that the target data packet is the secondary penetration data packet if the target data packet is a reply data packet, and if a packet receiving port of the target data packet and a security area to which the packet receiving port belongs are consistent with a record of the target session; the request data packet is a data packet sent by the server to the client.
On the basis of the foregoing embodiment, as a preferred implementation manner, the first determining module 401 includes:
the computing unit is used for determining the communication information of the target data packet and computing the session identifier corresponding to the target data packet based on a preset computing rule by using the communication information;
the judging unit is used for judging whether the session identifier exists or not; if not, the target data packet is judged to be the first data packet of the session.
On the basis of the above embodiment, as a preferred implementation, the method further includes:
the acquisition module is used for acquiring standard characteristic information of a target characteristic item of the secondary penetration data packet;
the extraction module is used for extracting the characteristic information of the target characteristic item of the target data packet and matching the characteristic information with the corresponding standard characteristic information; and if the matching is successful, determining that the target data packet is the secondary penetration data packet.
On the basis of the above embodiment, as a preferred implementation, the method further includes:
the second judgment module is used for judging whether to start an automatic identification mechanism or not based on the configuration information; if yes, starting the work flow of the first judgment module 401; if not, starting the working process of the acquisition module.
On the basis of the above embodiments, as a preferred implementation manner, the target feature item includes any one of or a combination of any several of a source IP address, a destination IP address and a packet receiving port.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The present application further provides an electronic device, and referring to fig. 5, a structure diagram of an electronic device 500 provided in an embodiment of the present application may include a processor 11 and a memory 12, as shown in fig. 5. The electronic device 500 may also include one or more of a multimedia component 13, an input/output (I/O) interface 14, and a communication component 15.
The processor 11 is configured to control the overall operation of the electronic device 500, so as to complete all or part of the steps in the above-mentioned packet identification method. The memory 12 is used to store various types of data to support operation at the electronic device 500, such as instructions for any application or method operating on the electronic device 500, and application-related data, such as contact data, messaging, pictures, audio, video, and so forth. The Memory 12 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia component 13 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 12 or transmitted via the communication component 15. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 14 provides an interface between the processor 11 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 15 is used for wired or wireless communication between the electronic device 500 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G or 4G, or a combination of one or more of them, so that the corresponding Communication component 15 may include: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the electronic Device 500 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the packet identification method.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described packet identification method is also provided. For example, the computer readable storage medium may be the memory 12 described above comprising program instructions that are executable by the processor 11 of the electronic device 500 to perform the packet identification method described above.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (8)
1. A method for packet identification, comprising:
when a target data packet is received, judging whether the target data packet is the first data packet of the session to which the target data packet belongs;
if so, storing a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs into a record of the target session;
if not, comparing the packet receiving network port of the target data packet and the safety zone to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types comprise a secondary penetration data packet and a non-secondary penetration data packet;
wherein the identifying the packet type of the target packet based on the comparison result comprises:
if the target data packet is a request data packet, judging that the target data packet is the secondary penetration data packet when a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs are not consistent with the record of the target session; the request data packet is a data packet sent by a client to a server;
if the target data packet is a reply data packet, judging that the target data packet is the secondary penetration data packet when a packet receiving network port of the target data packet and a safety region to which the packet receiving network port belongs are consistent with the record of the target session; the request data packet is a data packet sent by the server to the client.
2. The method according to claim 1, wherein the determining whether the target packet is a first packet of the session to which the target packet belongs comprises:
determining communication information of the target data packet, and calculating a session identifier corresponding to the target data packet based on a preset calculation rule by using the communication information;
judging whether the session identifier exists or not;
if not, the target data packet is judged to be the first data packet of the session.
3. The packet identification method according to claim 1 or 2, further comprising:
acquiring standard characteristic information of a target characteristic item of a secondary penetration data packet;
extracting feature information of a target feature item of the target data packet, and matching the feature information with corresponding standard feature information;
and if the matching is successful, determining that the target data packet is the secondary penetration data packet.
4. The method of claim 3, further comprising:
judging whether to start an automatic identification mechanism based on the configuration information;
if yes, executing the step of judging whether the target data packet is the first data packet of the session;
and if not, executing the step of acquiring the standard characteristic information of the target characteristic item of the secondary penetration data packet.
5. The data packet identification method according to claim 3, wherein the destination characteristic item comprises any one of or a combination of any several of a source IP address, a destination IP address and a packet receiving port.
6. A packet identification device, comprising:
the first judgment module is used for judging whether a target data packet is the first data packet of the session to which the target data packet belongs when the target data packet is received; if yes, starting the working process of the storage module; if not, starting the working process of the comparison module;
the storage module is configured to store a packet receiving network port of the target data packet and a security area to which the packet receiving network port belongs in a record of the target session;
the comparison module is used for comparing the packet receiving network port of the target data packet and the safety region to which the packet receiving network port belongs with the record of the target session, and identifying the data packet type of the target data packet based on the comparison result; wherein the data packet types comprise a secondary penetration data packet and a non-secondary penetration data packet;
wherein the comparison module comprises:
the comparison unit is used for comparing the packet receiving network port of the target data packet and the safety area to which the packet receiving network port belongs with the record of the target session;
a first determining unit, configured to determine that the target data packet is the secondary penetration data packet if the target data packet is a request data packet, and if a packet receiving port of the target data packet and a security area to which the packet receiving port belongs are inconsistent with a record of the target session; the request data packet is a data packet sent by a client to a server;
a second determining unit, configured to determine that the target data packet is the secondary penetration data packet if the target data packet is a reply data packet, and if a packet receiving port of the target data packet and a security area to which the packet receiving port belongs are consistent with a record of the target session; the request data packet is a data packet sent by the server to the client.
7. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the data packet identification method according to any one of claims 1 to 5 when executing said computer program.
8. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the packet identification method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010185994.4A CN111404940B (en) | 2020-03-17 | 2020-03-17 | Data packet identification method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010185994.4A CN111404940B (en) | 2020-03-17 | 2020-03-17 | Data packet identification method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111404940A CN111404940A (en) | 2020-07-10 |
| CN111404940B true CN111404940B (en) | 2022-01-21 |
Family
ID=71428955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010185994.4A Active CN111404940B (en) | 2020-03-17 | 2020-03-17 | Data packet identification method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111404940B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106231007A (en) * | 2016-09-14 | 2016-12-14 | 浙江宇视科技有限公司 | A kind of method and device preventing MAC Address from drifting about |
| CN110311866A (en) * | 2019-06-28 | 2019-10-08 | 杭州迪普科技股份有限公司 | A kind of method and device of fast-forwarding message |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7380002B2 (en) * | 2002-06-28 | 2008-05-27 | Microsoft Corporation | Bi-directional affinity within a load-balancing multi-node network interface |
| US8995439B2 (en) * | 2010-05-13 | 2015-03-31 | Comcast Cable Communications, Llc | Control of multicast content distribution |
-
2020
- 2020-03-17 CN CN202010185994.4A patent/CN111404940B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106231007A (en) * | 2016-09-14 | 2016-12-14 | 浙江宇视科技有限公司 | A kind of method and device preventing MAC Address from drifting about |
| CN110311866A (en) * | 2019-06-28 | 2019-10-08 | 杭州迪普科技股份有限公司 | A kind of method and device of fast-forwarding message |
Non-Patent Citations (1)
| Title |
|---|
| 穿越动态NAT的IPv6 over IPv4隧道方案;陈辉煌等;《电力系统通信》;20090210(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111404940A (en) | 2020-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107645524B (en) | Message pushing processing method and device | |
| CN110311929B (en) | Access control method and device, electronic equipment and storage medium | |
| US9781134B2 (en) | Method and apparatus of identifying user risk | |
| US10423958B2 (en) | Method, apparatus and system for voice verification | |
| US20200021963A1 (en) | Communication Identifier Binding Processing Method and Terminal | |
| CN106506515B (en) | Authentication method and device | |
| CN111447201A (en) | Scanning behavior recognition method and device, electronic equipment and storage medium | |
| CN107294910B (en) | Login method and server | |
| CN111031148B (en) | Address resolution method and device, electronic equipment and storage medium | |
| CN103581881A (en) | Comprehensive number-obtaining device as well as system and method for obtaining cell phone number of user on network side | |
| US11163827B2 (en) | Video processing method, device, terminal and storage medium | |
| US9348999B2 (en) | User terminal, reliability management server, and method and program for preventing unauthorized remote operation | |
| CN107592299B (en) | Proxy internet access identification method, computer device and computer readable storage medium | |
| CN112637338B (en) | Method, device, equipment and storage medium for managing node service of Internet of things | |
| CN111404940B (en) | Data packet identification method and device, electronic equipment and storage medium | |
| CN115242436B (en) | Malicious traffic detection method and system based on command line characteristics | |
| CN109981573B (en) | Security event response method and device | |
| CN114095235B (en) | System identification method, device, computer equipment and medium | |
| CN112181816B (en) | Scene-based interface testing method and device, computer equipment and medium | |
| CN108768987B (en) | Data interaction method, device and system | |
| CN110572285B (en) | Device code writing method, device code writing device and readable storage medium | |
| CN114301872A (en) | Domain name based access method and device, electronic equipment and storage medium | |
| CN111404827A (en) | Data packet processing method and device, electronic equipment and storage medium | |
| CN113923270B (en) | Message processing method, device, equipment and readable storage medium | |
| CN110636494B (en) | Network connection method and device of virtual SIM card and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |