CN111865701A - Asset determination method and device, electronic equipment and storage medium - Google Patents

Asset determination method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111865701A
CN111865701A CN202010770214.2A CN202010770214A CN111865701A CN 111865701 A CN111865701 A CN 111865701A CN 202010770214 A CN202010770214 A CN 202010770214A CN 111865701 A CN111865701 A CN 111865701A
Authority
CN
China
Prior art keywords
asset
scanning
asset scanning
result
devices
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010770214.2A
Other languages
Chinese (zh)
Other versions
CN111865701B (en
Inventor
赵殿乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN202010770214.2A priority Critical patent/CN111865701B/en
Publication of CN111865701A publication Critical patent/CN111865701A/en
Application granted granted Critical
Publication of CN111865701B publication Critical patent/CN111865701B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • H04L41/0856Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides an asset determination method, an asset determination device, electronic equipment and a storage medium, which are applied to a control center and comprise the following steps: receiving equipment asset scanning results sent by asset scanning equipment positioned at different network levels; each asset scanning result is a result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device; transmitting the plurality of asset scan results to each asset scanning device to cause the asset scanning device to determine connectivity between devices at different network tiers from the asset scanning device based on the IP addresses of the devices in the plurality of asset scan results; receiving a connectivity result returned by the asset scanning equipment; determining a network topology relationship among the plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; the plurality of devices comprise the asset scanning devices positioned at different network layers so as to accurately determine the network topological relation among the device assets in units such as large-scale organizations.

Description

Asset determination method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of network technologies, and in particular, to an asset determination method, an asset determination apparatus, an electronic device, and a storage medium.
Background
Asset scanning: the behavior refers to the behavior that one device actively discovers the assets of the device through a network protocol and stores, reports and displays the asset information.
With the development of the internet and the gradual increase of the number of internet access, in the current network scanner, most scanners can only perform asset scanning on the devices located in the same network level as the scanner, however, for units such as large-scale organizations and enterprises, because the devices are usually not located in the same network level but in different network levels, it is difficult for the prior art to accurately determine how many device assets are in an operating state in the unit, and thus, the network topology relationship between the device assets cannot be accurately determined.
Content of application
In view of this, an object of the embodiments of the present application is to provide an asset determination method, an asset determination apparatus, an electronic device, and a storage medium, so as to accurately determine how many device assets of a large organization, an enterprise, and other units are in an operating state, and a network topology relationship between the device assets.
In a first aspect, an embodiment of the present application provides an asset determination method, which is applied to a control center, and the method includes: receiving equipment asset scanning results sent by asset scanning equipment positioned at different network levels; each asset scanning result is the result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device; transmitting a plurality of asset scan results to each asset scanning device to cause the asset scanning device to determine connectivity between devices at different network tiers from the asset scanning device based on IP addresses of the devices in the plurality of asset scan results; receiving a connectivity result returned by the asset scanning equipment; determining a network topology relationship between a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the asset scanning devices located at different network hierarchy levels are included in the plurality of devices.
In the implementation process, the assets scanning devices of different network levels are used for scanning the devices of the network levels to obtain a plurality of asset scanning results, and the asset scanning results are sent to each asset scanning device, so that the asset scanning devices determine the connectivity between the devices of different network levels and the asset scanning devices based on the IP addresses of the devices in the asset scanning results, and then the connectivity results are returned based on the asset scanning results and the asset scanning devices to accurately determine how many device assets of units such as large-scale organizations, enterprises and the like are in the running state and the network topology relationship among the device assets.
Based on the first aspect, in one possible design, before receiving device asset scanning results sent by asset scanning devices located in different network hierarchies, the method further includes: receiving asset scanning requests sent by asset scanning devices located at different network levels; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device; determining an IP section which needs to be scanned by the asset scanning equipment based on the IP address of the asset scanning equipment and the subnet mask of the asset scanning equipment; and sending the IP section to the asset scanning equipment so that the asset scanning equipment scans the equipment with the IP address positioned in the IP section to obtain an asset scanning result.
In the implementation process, based on the IP address of the asset scanning device and the subnet mask of the asset scanning device, an IP segment to be scanned is determined for the asset scanning device, so as to prevent the asset scanning device from scanning devices that do not belong to the unit, and further improve the scanning efficiency of the asset scanning device.
In a possible design according to the first aspect, after receiving asset scanning requests sent by asset scanning devices located in different network hierarchies, the method further includes: determining a reporting IP for the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
In the implementation process, a report IP of the asset scanning device is determined based on an IP address of the scanning device, so that the asset scanning device can accurately send the asset scanning result to the control center by using the report IP.
In a possible design according to the first aspect, after receiving asset scanning requests sent by asset scanning devices located in different network hierarchies, the method further includes: and sending an agent installation package to the asset scanning equipment so that the asset scanning equipment performs equipment scanning by using the agent installation package.
In the implementation process, since the asset scanning device may not be installed with software capable of performing asset scanning, the asset scanning device obtains the agent installation package from the control center, and then it is ensured that the asset scanning device can perform device scanning by using the agent installation package.
In a second aspect, an embodiment of the present application provides an asset determination method, which is applied to each asset scanning device located in different network hierarchies, and the method includes: determining a scanning range; scanning equipment with an IP address located in the scanning range to obtain a first asset scanning result; sending the first asset scanning result to a control center, so that the control center sends the first scanning result to the rest asset scanning devices in the different network hierarchies; receiving a second asset scanning result sent by the control center; wherein the second asset scanning result is a scanning result sent by the other asset scanning devices to the control center; sending an access request to the first device based on the IP address of the first device in the second asset scan result; determining connectivity characterizing the asset device and the first device based on the access result; sending the connectivity result to the control center, so that the control center determines a network topology relationship among the plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network hierarchy level.
In the implementation process, each asset scanning device in different network hierarchies is used for scanning the devices in the network hierarchy, a first asset scanning result is sent to a control center, so that the control center sends the first asset scanning result to the rest asset scanning devices in the different network hierarchies, and receives a second asset scanning result sent by the control center, wherein the second asset scanning result is the scanning result sent by the rest asset scanning devices to the control center, the sharing of the asset scanning result is realized, then an access request is sent to the first device based on the IP address of the first device in the second asset scanning result to determine the connectivity between the asset scanning device and the first device, and finally, the connectivity result is sent to the control center, and the control center accurately determines how many equipment assets of units such as large-scale organizations, enterprises and the like are in the running state and the network topological relation among the equipment assets based on the connectivity result, the first asset scanning result and the second asset scanning result.
Based on the second aspect, in one possible design, determining the scan range includes: determining a network address of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; determining the scan range based on a network address of the asset scanning device.
In the implementation process, the asset scanning device determines the scanning range based on the IP address and the subnet mask of the asset scanning device, and does not need to request the scanning range from the control center, so that the processing burden of the control center is reduced.
Based on the second aspect, in one possible design, determining the scan range includes: sending an asset scanning request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section which needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device; receiving the IP section returned by the control center; wherein the IP section is the scanning range.
In the implementation process, the asset scanning request is sent to the control center, so that the control center determines the IP segment that needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device, so as to prevent the asset scanning device from scanning the devices that do not belong to the unit, and further improve the scanning efficiency of the asset scanning device.
In a possible design according to the second aspect, before sending the access request to the first device, the method further includes: receiving a report IP (Internet protocol) which is sent by the control center and corresponds to the second asset scanning result; determining a first report IP in the same IP address list as the report IP of the asset scanning device from the corresponding report IPs based on the report IPs of the asset scanning device and the corresponding report IPs which are determined in advance; the reporting IPs of the equipment in the same local area network are in the same IP address list, and the reporting IPs of the equipment in different local area networks are in different IP address lists; determining that a reporting IP is the IP address of the equipment of the first reporting IP from the second asset scanning result; wherein the device reporting the IP as the first reporting IP is the first device.
In the implementation process, the reporting IPs of the devices in the same local area network are in the same IP address list, and the reporting IPs of the devices in different local area networks are in different IP address lists, so that the asset scanning device only determines the connectivity of the devices in the same local area network with the asset scanning device, and the connectivity determination efficiency is improved.
In a third aspect, an embodiment of the present application provides an asset determination apparatus, including: a scanning result receiving unit, configured to receive device asset scanning results sent by asset scanning devices located in different network hierarchies; each asset scanning result is the result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device; a scanning result sending unit, configured to send a plurality of asset scanning results to each asset scanning device, so that the asset scanning device determines connectivity between devices in different network hierarchies with the asset scanning device based on IP addresses of the devices in the plurality of asset scanning results; a connectivity result receiving unit, configured to receive a connectivity result returned by the asset scanning device; a topological relation determining unit, configured to determine a network topological relation among the multiple devices based on the multiple asset scanning results and the multiple connectivity results; wherein the asset scanning devices located at different network hierarchy levels are included in the plurality of devices.
In a possible design based on the third aspect, the apparatus further includes: a scanning request receiving unit, configured to receive asset scanning requests sent by asset scanning devices located in different network hierarchies; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device; an IP segment determining unit, configured to determine, based on the IP address of the asset scanning device and the subnet mask of the asset scanning device, an IP segment that needs to be scanned by the asset scanning device; and the IP section sending unit is used for sending the IP section to the asset scanning equipment so that the asset scanning equipment scans the equipment with the IP address positioned in the IP section to obtain an asset scanning result.
In a possible design based on the third aspect, the apparatus further includes: a report IP determining unit configured to determine a report IP of the asset scanning device based on an IP address of the asset scanning device and a subnet mask of the asset scanning device; and the report IP sending unit is used for sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
In a possible design based on the third aspect, the apparatus further includes: and the installation package sending unit is used for sending the agent installation package to the asset scanning equipment so that the asset scanning equipment performs equipment scanning by using the agent installation package.
In a fourth aspect, an embodiment of the present application provides an asset determination apparatus, including: a scanning range determining unit for determining a scanning range; the scanning unit is used for scanning the equipment with the IP address positioned in the scanning range to obtain a first asset scanning result; a sending unit, configured to send the first asset scanning result to a control center, so that the control center sends the first scanning result to the other asset scanning devices in the different network hierarchies; the receiving unit is used for receiving a second asset scanning result sent by the control center; wherein the second asset scanning result is a scanning result sent by the other asset scanning devices to the control center; an access unit, configured to send an access request to the first device based on the IP address of the first device in the second asset scanning result; a connectivity determining unit, configured to determine, based on an access result, connectivity characterizing between the asset device and the first device; the sending unit is further configured to send a connectivity result to the control center, so that the control center determines a network topology relationship among the multiple devices based on the connectivity result, the first asset scanning result, and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network hierarchy level.
Based on the fourth aspect, in a possible design, the scan range determining unit is specifically configured to determine the network address of the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device; and determining the scan range based on a network address of the asset scanning device.
In a possible design based on the fourth aspect, the scanning range determining unit is further configured to send an asset scanning request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section which needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device; receiving the IP section returned by the control center; wherein the IP section is the scanning range.
In a possible design based on the fourth aspect, the apparatus further includes: a report IP receiving unit, configured to receive a report IP sent by the control center and corresponding to the second asset scanning result; a searching unit, configured to determine, based on a report IP of the asset scanning device and the corresponding report IP determined in advance, a first report IP in a same IP address list as a report IP of the asset scanning device from the corresponding report IP; the reporting IPs of the equipment in the same local area network are in the same IP address list, and the reporting IPs of the equipment in different local area networks are in different IP address lists; an IP address determining unit, configured to determine, from the second asset scanning result, an IP address of a device whose reporting IP is the first reporting IP; wherein the device reporting the IP as the first reporting IP is the first device.
In a fifth aspect, an embodiment of the present application provides an electronic device, including a processor and a memory connected to the processor, where a computer program is stored in the memory, and when the computer program is executed by the processor, the electronic device is caused to perform the method of the first aspect or the second aspect.
In a sixth aspect, embodiments of the present application provide a storage medium, in which a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute the method of the first aspect or the second aspect.
Additional features and advantages of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a diagram illustrating a distribution structure of device assets of an enterprise according to an embodiment of the present application.
Fig. 2 is a schematic flowchart of an asset determination method according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an asset determination device according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of another asset determination device according to an embodiment of the present application.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solution in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a schematic diagram of an equipment asset distribution structure of an enterprise according to an embodiment of the present application, assuming that the equipment assets of enterprise a are distributed in three office locations (i.e., office location a1, office location a2, and office location A3), for convenience of description, the office location a1 is taken as an example for explanation, and it is assumed that the office location a1 is provided with a PC1(personal computer), a PC2, a level gateway 1(firewall1), a level gateway 2(firewall2), a PC3, a PC4, a PC5, and a PC6, wherein, the PC1, the PC2, the hierarchical gateway 1 and the hierarchical gateway 2 are positioned in a first layer network hierarchical space of an internal network, the PC3, the PC4, the PC5 and the PC6 are positioned in a second layer network hierarchical space of the internal network, the second layer network hierarchical space is a network hierarchical space which is deeper than the first layer network hierarchical space, the PC3 and the PC4 are respectively communicated with the hierarchical gateway 1, and the PC5 and the PC6 are respectively communicated with the hierarchical gateway 2. Each office location is assigned with at least one reporting IP (internet protocol) address, for example, the reporting IP assigned to office location a1 of enterprise a includes: IP1- -IP 1X; the report IP assigned to office location a2 of enterprise a includes: IP2- -IP 2X; the report IP assigned to office location a3 of enterprise a includes: IP3- -IP 3X; therefore, data transmitted by the PC1, the PC2, the hierarchy gateway 1, the hierarchy gateway 2, the PC3, the PC4, the PC5 and the PC6 are transmitted to the control center through the IP 1-IP 1X.
Since the second-tier network hierarchical space is a network hierarchical space that is deeper than the first-tier network hierarchical space, devices of the second-tier network hierarchical space can access the first-tier network hierarchical space, and the first-tier network hierarchical space cannot access the second-tier network hierarchical space, that is, the PCs 3, 4, PC5, and PC6 can access the PCs 1 and 2, but neither the PCs 1 and PC2 can access the PCs 3, PC4, PC5, and PC 6.
Second, PCs under different-gateways at the same level cannot access each other, and therefore, PC3 and PC4 cannot access PC5 and PC6, and PC5 and PC6 cannot access PC3 and PC 4.
In the embodiment of the present application, all devices capable of performing asset scanning in enterprise a are used for asset scanning of the devices in enterprise a, and taking office location a1 of enterprise a as an example, that is, PC1, PC2, PC3, PC4, PC5, and PC6 in enterprise a are all asset scanning devices.
Referring to fig. 2, fig. 2 is a flowchart of an asset determination method provided in a first embodiment of the present application, where the method is applied to a control center, a first asset scanning device in an enterprise a, and other asset scanning devices except the first asset scanning device, where the first asset scanning device may be any asset scanning device in the enterprise a, and the flowchart shown in fig. 2 will be described in detail below, and the method includes:
s10: a first asset scanning device determines a scanning range.
S20: and the first asset scanning device scans the device with the IP address positioned in the scanning range to obtain a first asset scanning result.
S30: and the first asset scanning equipment sends the first asset scanning result to a control center.
S40: and the control center sends the first scanning result to the other asset scanning equipment.
S50: and the other asset scanning devices send second asset scanning results to the control center.
S60: and the control center sends the second asset scanning result to the first asset scanning equipment.
S70: the first asset scanning device sends an access request to the first device based on the IP address of the first device in the second asset scanning result.
S80: and the first asset scanning device determines and characterizes the connectivity between the asset device and the first device based on the first access result.
S90: and the first asset scanning equipment sends the first connectivity result to the control center.
S100: the remaining asset scanning device sends an access request to the second device based on the IP address of the second device in the first asset scanning result.
S110: and the rest asset scanning equipment determines and characterizes the connectivity between the rest asset equipment and the second equipment based on the second access result.
S120: and the other asset scanning equipment sends the second connectivity result to the control center.
S130: the control center determines a network topology relationship among the plurality of devices based on the first connectivity result, the second connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: the first asset scanning device and the remaining asset scanning devices.
The above method is described in detail below.
S10: the first asset scanning device determines a scanning range.
Wherein the step of determining the scanning range comprises: a11 and a 12.
A11: the first asset scanning device determines a network address of the first asset scanning device based on the IP address of the first asset scanning device and a subnet mask of the first asset scanning device.
The first asset scanning device obtains the IP address of the first asset scanning device and the subnet mask of the first asset scanning device in real time, and then obtains the network address of the first asset scanning device by performing and operation after converting the IP address of the first asset scanning device and the subnet mask of the first asset scanning device into binary systems, respectively. Wherein, the logic multiplication: 0&0 ═ 0; 0&1 ═ 0; 1&0 ═ 0; 1&1 ═ 1. And represents an and operation.
For example, the IP address of the first asset scanning device is: 202.112.14.137, the IP address of the first asset scanning device is converted to binary as: 11001010011100000000111010001001, the subnet mask of the first asset scanning device is: 255.255.255.224, then converting the subnet mask of the first asset scanning device to binary is: 11111111111111111111111111100000, and 11001010011100000000111010001001 and 11111111111111111111111111100000 to obtain the network address of the first asset scanning device: 11001010011100000000111010000000.
after determining the network address of the first asset scanning device, the first asset scanning device performs step A12.
A12: the first asset scanning device determines the scanning range based on a network address of the first asset scanning device.
And taking the network address of the first asset scanning device as the starting address of the scanning range, and continuously adding 1 on the basis of the network address of the first asset scanning device to obtain the IP address in the scanning range until the last bits added to the network address of the first asset scanning device are all 1.
For example, the network address of the first asset scanning device is 11001010011100000000111010000000, then the start address of the scanning range is 11001010011100000000111010000000 (202.112.14.128) and the end address of the scanning range is 11001010011100000000111011111111 (202.112.14.255). Thus, the scan range is 202.112.14.128-202.112.14.255.
In one embodiment, the first asset scanning device may also determine the scanning range according to a network address of the first asset scanning device and a predetermined device scanning number.
The first asset scanning device may use the network address of the first asset scanning device as a start address, continuously add 1 to the network address of the first asset scanning device, and add 1 once to obtain one IP address, where the number of times of adding 1 is the predetermined device scanning number, and then determine all the IP addresses in the scanning range.
As another embodiment, the step of determining the scanning range, i.e., step S10, includes: b11, B12, B13, B14 and B15.
B11: the first asset scanning device sends an asset scanning request to the control center; wherein the asset scanning request includes an IP address of the first asset scanning device and a subnet mask of the first asset scanning device.
The first asset scanning device sends the asset scanning request to the control center based on a predetermined IP address of the control center and the IP address of the first asset scanning device.
Wherein the first asset scan may be pre-installed with software for device asset scanning.
After the first asset scanning device sends the asset scanning request to the control center, the control center performs step B12.
B12: the control center receives the asset scanning request.
After the control center receives the asset scan request, step B13 is performed.
B13: the control center determines an IP section which needs to be scanned by the first asset scanning device based on the IP address of the first asset device and the subnet mask of the first asset scanning device; wherein the IP section is the scanning range.
And the control center determines a first local area network where the first asset scanning device is located based on the IP address of the first asset scanning device and the subnet mask of the first asset scanning device, wherein the first local area network is the asset scanning range. Wherein all IP addresses in the first local area network constitute the IP segment.
After determining the IP segment, the control center performs step B14.
B14: and the control center sends the IP section to the first asset scanning equipment.
The control center sends the IP section to the first asset scanning device based on the IP address of the first asset scanning device.
B15: the first asset scanning device receives the IP segment. In other words, the first asset scanning device determines its own scanning range from the received IP segment.
After determining the scan range in any of the above manners or other manners, the first asset device may perform step S20.
S20: and the first asset scanning device scans the device with the IP address positioned in the scanning range to obtain a first asset scanning result.
The first asset scanning device accesses ports of devices with IP addresses located in the scanning range sequentially or randomly by using scanning software installed in the first asset scanning device, and obtains information such as IP addresses, subnet masks and the like of all the devices and the first asset scanning device which can be accessed, namely the first asset scanning result. It is worth mentioning that the accessible device is a device that is on the same local area network and the same network level as the first asset scanning device.
For example, when the first asset scanning device is a PC1, the first asset scan result includes: IP addresses and subnet masks of the PC1, the PC2, the hierarchy gateway 1, and the hierarchy gateway 2, and the like.
When the first asset scanning device is a PC3, the first asset scanning result comprises: IP addresses and subnet masks of the PC3, the PC4, and the hierarchical gateway 1.
When the first asset scanning device is a PC5, the first asset scanning result comprises: IP addresses and subnet masks of the PC5, the PC6, and the hierarchical gateway 2.
The first asset scanning device performs step S30 after obtaining the first asset scanning result.
S30: and the first asset scanning equipment sends the first asset scanning result to a control center.
And the first asset scanning device sends the first asset scanning result to the control center based on the predetermined IP address of the control center.
S40: and the other asset scanning devices send second asset scanning results to the control center.
In one embodiment, each of the other asset scanning devices obtains the second asset scanning result by using the first asset scanning device, and then sends the second asset scanning result to the control center based on a predetermined IP address of the control center. It will be appreciated that each asset scanning device in the remaining asset scans will carry the IP address of that asset scanning device when sending the second asset scan result to the control center.
The control center performs step S50 after receiving the first asset scan result and after determining the IP addresses of the remaining asset scanning devices.
S50: and the control center sends the first asset scanning result to the other asset scanning equipment.
And the control center sends the first asset scanning result to the other asset scanning equipment based on the predetermined IP address of the other asset scanning equipment. The determining of the IP address of the remaining asset scanning device may be obtained from a received asset scanning request sent by the remaining asset scanning device, or may be obtained when a second asset scanning result sent by the remaining asset scanning device is obtained.
As an embodiment, the control center sends the first asset scanning result to the asset scanning device in the same local area network as the first asset scanning device, where the asset scanning devices in the same local area network as the first asset scanning device are the remaining asset scanning devices in S400. It is worth mentioning that the control center determines a first local area network where the first asset scanning device is located based on the IP address and the subnet mask of the first asset scanning device, and determines an IP address of an asset scanning device in the first local area network, that is, an asset scanning device located in the same local area network as the first asset scanning device, from the IP addresses scanned by the remaining assets based on the IP addresses and the subnet masks of the remaining asset scanning devices.
For example, when the first asset scanning device is the PC1, and the remaining asset scanning devices are the PCs 3, 4 and 5, if the network addresses of the PCs 3, 4, 5 and 1 are the same, that is, the same local area network, the control center sends the first asset scanning result to the PCs 3, 4 and 5.
The control center performs step S60 after receiving the second asset scan result.
S60: and the control center sends the second asset scanning result to the first asset scanning equipment.
And the control center sends the second asset scanning result to the first asset scanning equipment based on the predetermined IP address of the first asset scanning equipment.
In one embodiment, the control center sends the second asset scan result to the first asset scan device only when the first asset scan device and the asset scan device sending the second asset scan result are in the same local area network.
For example, when the first asset scanning device is PC1 and the remaining asset scanning devices are PC3, the control center sends the second asset scan result to PC1 because PC3 and PC1 are on the same local area network.
When the first asset scanning device receives the second asset scanning result, the first asset scanning device performs step S70.
S70: the first asset scanning device sends an access request to the first device based on the IP address of the first device in the second asset scanning result.
For example, when the first asset scanning device is a PC1, and the second asset scanning result includes IP addresses of a PC3, a PC4, and a level gateway 1, that is, the first device includes: PC3 and PC4, the first asset scanning device sends an access request to PC3 based on the IP address of PC3, because the network hierarchical space where PC3 is located is a deeper network hierarchical space than the network hierarchical space where PC1 is located, PC1 cannot access PC3 through hierarchical gateway 1, and cannot receive the result fed back by PC3 based on the access request, and when PC1 does not receive the result fed back by PC3 based on the access request within a preset time period after sending the access request to PC3, the first asset scanning device obtains a first access result that characterizes that PC1 cannot access PC3, and similarly, the first asset scanning device sends the access request to PC4 based on the IP address of PC4, and obtains a first access result that characterizes that PC1 cannot access PC 4.
For example, where the first asset scanning device is a PC3, the second asset scan results include: when the IP addresses of the PC1, the PC2, the hierarchical gateway 1, and the hierarchical gateway 2 are the IP addresses of the PC1 and the PC2, the PC3 sends an access request to the PC1 based on the IP address of the PC1, when the PC3 sends the access request to the PC1, the access request sent by the PC3 is first transmitted to the hierarchical gateway 1, the hierarchical gateway 1 returns information representing that the next hop address of the PC3 is the IP address of the hierarchical gateway 1 to the PC3, the hierarchical gateway 1 forwards the access request to the PC1, the PC1 returns a feedback result to the PC3 based on the access request, wherein the feedback result returned by the PC1 is forwarded to the PC3 via the hierarchical gateway 1, and when the PC3 receives the feedback result returned by the PC1 based on the access request within a preset time period, the first access result representing that the PC3 can access the PC1 via the hierarchical gateway 1 is obtained. Similarly, when the PC3 receives a feedback result returned by the PC2 based on the access request within a preset time period, the first access result representing that the PC2 can be accessed by the PC3 through the hierarchical gateway 1 is obtained.
The first asset scanning device performs step S80 after obtaining the first access result.
S80: the first asset scanning device determines to characterize connectivity between the first asset scanning device and the first device based on a first access result;
determining that the first asset scanning device cannot communicate with the first device when the first access result indicates that the first asset scanning device cannot access the first device.
Determining that the first asset scanning device is in communication with the first device through a second device when the first access result indicates that the first asset scanning device is able to access the first device through the second device.
After the first asset scanning device determines the first connectivity result, step S90 is performed.
S90: and the first asset scanning equipment sends the first connectivity result to the control center.
The first asset scanning device sends the first connectivity result to the control center based on the IP address of the control center.
S100: the remaining asset scanning device sends an access request to the second device based on the IP address of the second device in the first asset scanning result.
For the specific implementation of S100, please refer to step S70, and therefore, the detailed description thereof is omitted here.
S110: and the rest asset scanning equipment determines and characterizes the connectivity between the rest asset equipment and the second equipment based on the second access result.
S120: and the other asset scanning equipment sends the second connectivity result to the control center.
For the specific implementation of S110 and S120, please refer to steps S80 and S90, which are not described herein again.
S130: the control center determines a network topology relationship among the plurality of devices based on the first connectivity result, the second connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: the first asset scanning device and the remaining asset scanning devices.
And performing duplicate removal on the same asset scanning result in the first asset scanning result and the second asset scanning result, and determining a network topological relation among the plurality of devices by using the asset scanning result after the duplicate removal, the first connectivity result and the second connectivity result.
For example, the asset scan result obtained by the PC1 is information such as IP addresses and subnet masks of the PC1, the PC2, the level gateway 1 and the level gateway 2, the asset scan result obtained by the PC3 is information such as IP addresses and subnet masks of the PC3, the PC3 and the level gateway 1, the asset scan result obtained by the PC3 is information such as IP addresses and subnet masks of the PC3, the PC3 and the level gateway 2, and the PC3 has no access to the PC3, the PC3 and the PC3 have access to the PC3 and the PC3 through the level gateway 1, the PC3 and the PC3 have access to the PC3 and the PC3 through the level gateway 2, the PC3, the level gateway 1 and the level gateway 2 are characterized in a first level network level space, the PC3 and the PC3 are characterized in a deeper level network space than the first level network level gateway 1 and the PC3, and the PC3 are characterized in a different level network space, a topological relation diagram as shown in fig. 1 can be obtained.
As an embodiment, after step B12, the method further comprises the steps of: c1 and C2.
After receiving the asset scanning request, the control center performs step C1: the control center determines a reporting IP of the first asset scanning device based on the IP address of the first asset scanning device and the subnet mask of the first asset scanning device.
The control center determines a network address of the first asset scanning device based on the IP address of the first asset scanning device and a subnet mask of the first asset scanning device, finds a report IP corresponding to the network address based on a pre-stored correspondence between the network address and the report IP, and determines that the corresponding report IP is the report IP of the first asset scanning device when the number of the corresponding report IPs is one; and when the number of the corresponding report IPs is at least two, randomly selecting one report IP from the at least two report IPs as the report IP of the first asset scanning equipment.
The control center performs step C2 after determining the reporting IP for the first asset scanning device.
C2: the control center sends the report IP to the first asset scanning device.
The control center sends the reporting IP to the first asset scanning device based on the IP address of the first asset scanning device.
After the first asset scanning device obtains the report IP, S30 may be implemented as follows, where the first asset scanning device sends the asset scanning result to the control center based on the report IP.
As an embodiment, after B12, the method further comprises the steps of: b121 and B122.
After receiving the asset scanning request sent by the first asset scanning device, the control center performs step B121: and the control center sends an agent installation package to the first asset scanning equipment.
After the first asset scanning device receives the agent installation package, step B122 is executed.
B122: and the first asset scanning device installs scanning software on the first asset scanning device by using the agent installation package.
And the first asset scanning device decompresses and operates the agent installation package so as to install scanning software on the first asset scanning device.
As an embodiment, before S70, the method further includes the steps of: d1, D2 and D3.
D1: and the control center sends a report IP corresponding to the second asset scanning result to the first asset scanning device.
It will be appreciated that the asset scanning device that sent the second asset scan result is sent to the control center via the corresponding report IP.
D1: and the first asset scanning device receives the report IP corresponding to the second asset scanning result.
D2: the first asset scanning device determines a first report IP in the same IP address list as the report IP of the first asset scanning device from the corresponding report IPs based on the report IPs of the first asset scanning device and the corresponding report IPs which are predetermined; the reporting IPs of the devices in the same local area network are in the same IP address list, and the reporting IPs of the devices in different local area networks are in different IP address lists.
As an embodiment, the first asset scanning device stores a first IP address list including reporting IPs of the first asset scanning device in advance, and then finds out the first reporting IP in the first IP address list from the corresponding reporting IPs.
The first asset scanning device performs step D3 after determining the first reporting IP.
D3: the first asset scanning device determines the IP address of the device with the reported IP as the first reported IP from the second asset scanning result; wherein the device reporting the IP as the first reporting IP is the first device.
It can be understood that the second asset scanning result includes a correspondence between the reporting IP and the IP address of the device, and the first asset scanning device finds the IP address of the device corresponding to the first reporting IP from the correspondence based on the IP address of the first reporting IP.
As an embodiment, after S70, the method further includes:
after obtaining the first access result, the first asset scanning device sends the first access result to a control center, so that the control center determines connectivity between the first asset scanning device and the first device based on the first access result.
Referring to fig. 3, fig. 3 is a block diagram of an asset determination apparatus according to an embodiment of the present application, where the apparatus is applied to a control center, and the block diagram of fig. 3 will be described below, where the apparatus includes:
a scanning result receiving unit 410, configured to receive device asset scanning results sent by asset scanning devices located in different network hierarchies; each asset scanning result is the result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device;
a scan result sending unit 420, configured to send a plurality of asset scan results to each asset scanning device, so that the asset scanning device determines connectivity between devices in different network hierarchies with the asset scanning device based on IP addresses of the devices in the plurality of asset scan results;
a connectivity result receiving unit 430, configured to receive a connectivity result returned by the asset scanning device;
a topological relation determining unit 440, configured to determine a network topological relation between multiple devices based on the multiple asset scanning results and the multiple connectivity results; wherein the asset scanning devices located at different network hierarchy levels are included in the plurality of devices.
As an embodiment, the apparatus further comprises: a scanning request receiving unit, configured to receive asset scanning requests sent by asset scanning devices located in different network hierarchies; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device; an IP segment determining unit, configured to determine, based on the IP address of the asset scanning device and the subnet mask of the asset scanning device, an IP segment that needs to be scanned by the asset scanning device; and the IP section sending unit is used for sending the IP section to the asset scanning equipment so that the asset scanning equipment scans the equipment with the IP address positioned in the IP section to obtain an asset scanning result.
As an embodiment, the apparatus further comprises: a report IP determining unit configured to determine a report IP of the asset scanning device based on an IP address of the asset scanning device and a subnet mask of the asset scanning device; and the report IP sending unit is used for sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
As an embodiment, the apparatus further comprises: and the installation package sending unit is used for sending the agent installation package to the asset scanning equipment, wherein the asset scanning equipment utilizes the agent installation package to perform equipment scanning.
Referring to fig. 4, fig. 4 is a block diagram of another asset determination apparatus according to an embodiment of the present application, where the apparatus is applied to an asset scanning device, and the block diagram shown in fig. 4 will be described below, where the apparatus includes:
a scanning range determining unit 510 for determining a scanning range;
a scanning unit 520, configured to scan a device whose IP address is within the scanning range, and obtain a first asset scanning result;
a sending unit 530, configured to send the first asset scanning result to a control center, so that the control center sends the first scanning result to the remaining asset scanning devices in the different network hierarchies;
a receiving unit 540, configured to receive a second asset scanning result sent by the control center; wherein the second asset scanning result is a scanning result sent by the other asset scanning devices to the control center;
an accessing unit 550, configured to send an access request to the first device based on the IP address of the first device in the second asset scanning result;
a connectivity determining unit 560, configured to determine, based on the access result, connectivity characterizing between the asset device and the first device;
the sending unit 530 is further configured to send a connectivity result to the control center, so that the control center determines a network topology relationship among the multiple devices based on the connectivity result, the first asset scanning result, and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network hierarchy level.
As an embodiment, the scanning range determining unit 510 is specifically configured to determine a network address of the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device; and determining the scan range based on a network address of the asset scanning device.
As an embodiment, the scanning range determining unit 510 is further configured to send an asset scanning request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section which needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device; receiving the IP section returned by the control center; wherein the IP section is the scanning range.
As an embodiment, the apparatus further comprises: a report IP receiving unit, configured to receive a report IP sent by the control center and corresponding to the second asset scanning result; a searching unit, configured to determine, based on a report IP of the asset scanning device and the corresponding report IP determined in advance, a first report IP in a same IP address list as a report IP of the asset scanning device from the corresponding report IP; the reporting IPs of the equipment in the same local area network are in the same IP address list, and the reporting IPs of the equipment in different local area networks are in different IP address lists; an IP address determining unit, configured to determine, from the second asset scanning result, an IP address of a device whose reporting IP is the first reporting IP; wherein the device reporting the IP as the first reporting IP is the first device.
For the process of implementing each function by each functional unit in this embodiment, please refer to the content described in the embodiment shown in fig. 1-2, which is not described herein again.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device may be an asset scanning device or a control center, and the electronic device may be a PC, a tablet computer, a smart phone, (personal digital assistant, PDA), a personal digital assistant, or the like.
The electronic device may include: a memory 102, a processor 101, a communication interface 103, and a communication bus for enabling connection communication of these components.
The storage 102 is used for storing various data such as a plurality of asset scanning results and connectivity results provided by the embodiment of the present application, and a computer program instruction corresponding to the asset determination method and apparatus, where the storage 102 may be, but is not limited to, (Random Access Memory, RAM) Random Access Memory, (Read Only Memory, ROM) Read Only Memory, (Programmable Read-Only Memory, PROM) Programmable Read Only Memory, (Erasable Programmable Read-Only Memory, EPROM) Erasable Read Only Memory, (Electric Erasable Programmable Read-Only Memory, EEPROM) electrically Erasable Read Only Memory, and the like.
When the electronic device is the control center, the processor 101 is configured to receive device asset scanning results sent by asset scanning devices located in different network hierarchies; each asset scanning result is the result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device; transmitting a plurality of asset scan results to each asset scanning device to cause the asset scanning device to determine connectivity between devices at different network tiers from the asset scanning device based on IP addresses of the devices in the plurality of asset scan results; receiving a connectivity result returned by the asset scanning equipment; determining a network topology relationship between a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the asset scanning devices located at different network hierarchy levels are included in the plurality of devices.
When the electronic device is the asset scanning device, the processor 101 is configured to determine a scanning range; scanning equipment with an IP address located in the scanning range to obtain a first asset scanning result; transmitting the first asset scanning result to a control center so that the control center transmits the first scanning result to the rest asset scanning devices in different network hierarchies; receiving a second asset scanning result sent by the control center; wherein the second asset scanning result is a scanning result sent by the other asset scanning devices to the control center; sending an access request to the first device based on the IP address of the first device in the second asset scan result; determining connectivity characterizing the asset device and the first device based on the access result; sending the connectivity result to the control center, so that the control center determines a network topology relationship among the plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network hierarchy level.
The processor 101 may be an integrated circuit chip having signal processing capability. The Processor 101 may be a general-purpose Processor 101, including a (Central Processing Unit, CPU) Central Processing Unit 101, a (Network Processor, NP) Network Processor 101, and the like; but may also be a (DSP) digital signal processor 101, An (ASIC) application specific integrated circuit, an (FPGA) field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. The general purpose processor 101 may be a microprocessor 101 or the processor 101 may be any conventional processor 101 or the like.
When the electronic device is the control center, the communication interface 103 is configured to send the asset scanning result to the asset scanning device, and receive the asset scanning result and the connectivity result sent by the asset scanning device.
When the electronic device is an asset scanning device, the communication interface 103 is configured to send a first asset scanning result and a connectivity result to the control center, send an access request to the other asset scanning devices, receive a second asset scanning result sent by the control center, and the like.
In addition, a storage medium is provided in an embodiment of the present application, and a computer program is stored in the storage medium, and when the computer program runs on a computer, the computer is caused to execute the method provided in any embodiment of the present application.
In summary, the asset determination method, the asset determination apparatus, the electronic device, and the storage medium provided in the embodiments of the present application scan the network-level devices by using the asset scanning devices of different network levels to obtain a plurality of asset scanning results, and send the plurality of asset scanning results to each asset scanning device, so that the asset scanning device determines connectivity between the devices of different network levels and the asset scanning device based on the IP addresses of the devices in the plurality of asset scanning results, and then returns connectivity results based on the plurality of asset scanning results and the asset scanning device, thereby accurately determining how many device assets of units such as large-scale organizations and enterprises are in a running state, and network topology relationships between the device assets.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based devices that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

Claims (12)

1. An asset determination method applied to a control center, the method comprising:
receiving equipment asset scanning results sent by asset scanning equipment positioned at different network levels; each asset scanning result is the result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device;
transmitting a plurality of asset scan results to each asset scanning device to cause the asset scanning device to determine connectivity between devices at different network tiers from the asset scanning device based on IP addresses of the devices in the plurality of asset scan results;
receiving a connectivity result returned by the asset scanning equipment;
determining a network topology relationship between a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the asset scanning devices located at different network hierarchy levels are included in the plurality of devices.
2. The method of claim 1, wherein prior to receiving device asset scan results sent by asset scanning devices located at different network levels, the method further comprises:
receiving asset scanning requests sent by asset scanning devices located at different network levels; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device;
determining an IP section which needs to be scanned by the asset scanning equipment based on the IP address of the asset scanning equipment and the subnet mask of the asset scanning equipment;
and sending the IP section to the asset scanning equipment so that the asset scanning equipment scans the equipment with the IP address positioned in the IP section to obtain an asset scanning result.
3. The method of claim 2, wherein after receiving asset scanning requests sent by asset scanning devices located at different network hierarchies, the method further comprises:
determining a reporting IP for the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device;
and sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
4. The method of claim 1, wherein after receiving asset scanning requests sent by asset scanning devices located at different network hierarchies, the method further comprises:
and sending an agent installation package to the asset scanning equipment so that the asset scanning equipment performs equipment scanning by using the agent installation package.
5. An asset determination method applied to an asset scanning device, the method comprising:
determining a scanning range;
scanning equipment with an IP address located in the scanning range to obtain a first asset scanning result;
transmitting the first asset scanning result to a control center so that the control center transmits the first scanning result to the rest asset scanning devices in different network hierarchies;
receiving a second asset scanning result sent by the control center; wherein the second asset scanning result is a scanning result sent by the other asset scanning devices to the control center;
sending an access request to the first device based on the IP address of the first device in the second asset scan result;
determining connectivity characterizing the asset device and the first device based on the access result;
sending the connectivity result to the control center, so that the control center determines a network topology relationship among the plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network hierarchy level.
6. The method of claim 5, wherein determining a scan range comprises:
determining a network address of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device;
determining the scan range based on a network address of the asset scanning device.
7. The method of claim 5, wherein determining a scan range comprises:
sending an asset scanning request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section which needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device;
receiving the IP section returned by the control center; wherein the IP section is the scanning range.
8. The method of claim 5, wherein prior to sending the access request to the first device, the method further comprises:
receiving a report IP (Internet protocol) which is sent by the control center and corresponds to the second asset scanning result;
determining a first report IP in the same IP address list as the report IP of the asset scanning device from the corresponding report IPs based on the report IPs of the asset scanning device and the corresponding report IPs which are determined in advance; the reporting IPs of the equipment in the same local area network are in the same IP address list, and the reporting IPs of the equipment in different local area networks are in different IP address lists;
determining that a reporting IP is the IP address of the equipment of the first reporting IP from the second asset scanning result; wherein the device reporting the IP as the first reporting IP is the first device.
9. An asset determination device, characterized in that the device comprises:
a scanning result receiving unit, configured to receive device asset scanning results sent by asset scanning devices located in different network hierarchies; each asset scanning result is the result of the asset scanning device scanning the devices which are positioned at the same network level as the asset scanning device;
a scanning result sending unit, configured to send a plurality of asset scanning results to each asset scanning device, so that the asset scanning device determines connectivity between devices in different network hierarchies with the asset scanning device based on IP addresses of the devices in the plurality of asset scanning results;
a connectivity result receiving unit, configured to receive a connectivity result returned by the asset scanning device;
a topological relation determining unit, configured to determine a network topological relation among the multiple devices based on the multiple asset scanning results and the multiple connectivity results; wherein the asset scanning devices located at different network hierarchy levels are included in the plurality of devices.
10. An asset determination device, characterized in that the device comprises:
a scanning range determining unit for determining a scanning range;
the scanning unit is used for scanning the equipment with the IP address positioned in the scanning range to obtain a first asset scanning result;
a sending unit, configured to send the first asset scanning result to a control center, so that the control center sends the first scanning result to the other asset scanning devices in the different network hierarchies;
the receiving unit is used for receiving a second asset scanning result sent by the control center; wherein the second asset scanning result is a scanning result sent by the other asset scanning devices to the control center;
an access unit, configured to send an access request to the first device based on the IP address of the first device in the second asset scanning result;
a connectivity determining unit, configured to determine, based on an access result, connectivity characterizing between the asset device and the first device;
the sending unit is further configured to send a connectivity result to the control center, so that the control center determines a network topology relationship among the multiple devices based on the connectivity result, the first asset scanning result, and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network hierarchy level.
11. An electronic device comprising a memory and a processor, the memory having stored therein computer program instructions that, when read and executed by the processor, perform the method of any of claims 1-8.
12. A storage medium having stored thereon computer program instructions which, when read and executed by a computer, perform the method of any one of claims 1-8.
CN202010770214.2A 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium Active CN111865701B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010770214.2A CN111865701B (en) 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010770214.2A CN111865701B (en) 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111865701A true CN111865701A (en) 2020-10-30
CN111865701B CN111865701B (en) 2023-08-11

Family

ID=72953071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010770214.2A Active CN111865701B (en) 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111865701B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615787A (en) * 2021-01-06 2021-04-06 博智安全科技股份有限公司 Method and system for automatically generating network topology
CN115001984A (en) * 2022-08-08 2022-09-02 北京六方云信息技术有限公司 Industrial level topological graph drawing method and device, terminal device and storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090195384A1 (en) * 2008-02-01 2009-08-06 Honeywell International Inc. System and method for inventory management
US20100031099A1 (en) * 2008-07-29 2010-02-04 Swoboda Gary L Scan Topology Discovery in Target Systems
CN102413012A (en) * 2011-11-21 2012-04-11 上海交通大学 System for automatically analyzing computer network connectivity
US20140105029A1 (en) * 2012-10-16 2014-04-17 Cisco Technology, Inc. Detection of cabling error in communication network
CN105227383A (en) * 2015-11-06 2016-01-06 广东电网有限责任公司电力科学研究院 A kind of device of network topology investigation
CN107294745A (en) * 2016-03-30 2017-10-24 中国移动通信集团四川有限公司 Automatic topology discovery method and device
CN109768870A (en) * 2017-11-09 2019-05-17 国网青海省电力公司电力科学研究院 A kind of industry control network assets discovery method and system based on active probing technique
CN109842520A (en) * 2018-12-27 2019-06-04 华为技术服务有限公司 The determination method, apparatus and system of network topology
CN110336684A (en) * 2019-03-21 2019-10-15 北京天防安全科技有限公司 A kind of networked asset intelligent identification Method and system
CN110958134A (en) * 2019-11-01 2020-04-03 锐捷网络股份有限公司 Method and device for realizing network topology
CN110995719A (en) * 2019-12-06 2020-04-10 北京天融信网络安全技术有限公司 NAT equipment identification method, device, system and storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090195384A1 (en) * 2008-02-01 2009-08-06 Honeywell International Inc. System and method for inventory management
US20100031099A1 (en) * 2008-07-29 2010-02-04 Swoboda Gary L Scan Topology Discovery in Target Systems
CN102413012A (en) * 2011-11-21 2012-04-11 上海交通大学 System for automatically analyzing computer network connectivity
US20140105029A1 (en) * 2012-10-16 2014-04-17 Cisco Technology, Inc. Detection of cabling error in communication network
CN105227383A (en) * 2015-11-06 2016-01-06 广东电网有限责任公司电力科学研究院 A kind of device of network topology investigation
CN107294745A (en) * 2016-03-30 2017-10-24 中国移动通信集团四川有限公司 Automatic topology discovery method and device
CN109768870A (en) * 2017-11-09 2019-05-17 国网青海省电力公司电力科学研究院 A kind of industry control network assets discovery method and system based on active probing technique
CN109842520A (en) * 2018-12-27 2019-06-04 华为技术服务有限公司 The determination method, apparatus and system of network topology
CN110336684A (en) * 2019-03-21 2019-10-15 北京天防安全科技有限公司 A kind of networked asset intelligent identification Method and system
CN110958134A (en) * 2019-11-01 2020-04-03 锐捷网络股份有限公司 Method and device for realizing network topology
CN110995719A (en) * 2019-12-06 2020-04-10 北京天融信网络安全技术有限公司 NAT equipment identification method, device, system and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615787A (en) * 2021-01-06 2021-04-06 博智安全科技股份有限公司 Method and system for automatically generating network topology
CN112615787B (en) * 2021-01-06 2021-12-14 博智安全科技股份有限公司 Method and system for automatically generating network topology
CN115001984A (en) * 2022-08-08 2022-09-02 北京六方云信息技术有限公司 Industrial level topological graph drawing method and device, terminal device and storage medium

Also Published As

Publication number Publication date
CN111865701B (en) 2023-08-11

Similar Documents

Publication Publication Date Title
CN112637346A (en) Proxy method, device, proxy server and storage medium
CN110908770A (en) Operation and creation method of virtual machine, virtual machine and virtual machine management platform
CN111182089B (en) Container cluster system, method and device for accessing big data assembly and server
CN111865701B (en) Asset determination method, device, electronic equipment and storage medium
CN111143723A (en) Page jump method and device, electronic equipment and storage medium
CN114338594B (en) ARP (Address resolution protocol) response-substituting method, device, equipment and storage medium in Kubernetes environment
CN108427619B (en) Log management method and device, computing equipment and storage medium
CN113259479A (en) Data processing method and equipment
CN112953774A (en) Network topology generation method, system, equipment and computer storage medium
CN113434249A (en) Mirror image synchronization method and device, docker host and storage medium
CN110716738A (en) Data processing method and device, cloud platform, electronic equipment and storage medium
CN100338576C (en) Method for providing resources in communication networks
CN113141405A (en) Service access method, middleware system, electronic device, and storage medium
CN111752681A (en) Request processing method, device, server and computer readable storage medium
WO2023050933A1 (en) Method and apparatus for determining lost host
CN114244654B (en) URL forwarding method, device, equipment and computer storage medium
CN115333993B (en) Method, equipment and storage medium for customizing container group routing in container environment
CN111556112A (en) Data transmission method and device, electronic equipment and storage medium
US10904327B2 (en) Method, electronic device and computer program product for searching for node
CN111183622B (en) Block chain system, information sharing method and related equipment
CN113778780B (en) Application stability determining method and device, electronic equipment and storage medium
CN115580658A (en) Service access method and device, storage medium and electronic equipment
CN100364271C (en) Method for automatically defining equipment intimate name and resolving network equipment redundancy intimate name and network system
CN112291343B (en) Information acquisition method and device and electronic equipment
CN110995890B (en) Domain name request scheduling method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant