CN111865701B - Asset determination method, device, electronic equipment and storage medium - Google Patents

Asset determination method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111865701B
CN111865701B CN202010770214.2A CN202010770214A CN111865701B CN 111865701 B CN111865701 B CN 111865701B CN 202010770214 A CN202010770214 A CN 202010770214A CN 111865701 B CN111865701 B CN 111865701B
Authority
CN
China
Prior art keywords
asset
asset scanning
scanning
result
scanning device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010770214.2A
Other languages
Chinese (zh)
Other versions
CN111865701A (en
Inventor
赵殿乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN202010770214.2A priority Critical patent/CN111865701B/en
Publication of CN111865701A publication Critical patent/CN111865701A/en
Application granted granted Critical
Publication of CN111865701B publication Critical patent/CN111865701B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • H04L41/0856Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides an asset determination method, an asset determination device, electronic equipment and a storage medium, which are applied to a control center and comprise the following steps: receiving equipment asset scanning results sent by asset scanning equipment located at different network levels; each asset scanning result is a result of an asset scanning device scanning devices at the same network level as the asset scanning device; transmitting the plurality of asset scan results to each asset scan device to cause the asset scan device to determine connectivity between devices at different network levels than the asset scan device based on the IP addresses of the devices in the plurality of asset scan results; receiving connectivity results returned by the asset scanning equipment; determining a network topology relationship between a plurality of devices based on the plurality of asset scan results and the plurality of connectivity results; the plurality of equipment comprises the asset scanning equipment positioned at different network levels so as to accurately determine the network topological relation among equipment assets in units such as large institutions.

Description

Asset determination method, device, electronic equipment and storage medium
Technical Field
The present application relates to the field of network technologies, and in particular, to an asset determining method, an apparatus, an electronic device, and a storage medium.
Background
Asset scanning: the method refers to the behavior that a device actively discovers the device asset through a network protocol and stores, reports and displays asset information.
With the growth of the internet, the number of surfing the internet is gradually increased, in the current network scanner, most scanners can only scan assets for devices located in the same network hierarchy as the scanner, however, for large institutions, enterprises and other institutions, since the devices are usually not located in the same network hierarchy but in different network hierarchies, it is difficult in the prior art to accurately determine how many device assets are in an operation state in the unit, and then network topology relations among the device assets cannot be accurately determined.
Content of the application
In view of this, an object of an embodiment of the present application is to provide an asset determining method, apparatus, electronic device, and storage medium, so as to accurately determine how many equipment assets are in an operating state in units such as large institutions and enterprises, and a network topology relationship among the equipment assets.
In a first aspect, an embodiment of the present application provides an asset determining method, applied to a control center, where the method includes: receiving equipment asset scanning results sent by asset scanning equipment located at different network levels; wherein each asset scanning result is a result of the asset scanning device scanning devices at the same network level as the asset scanning device; transmitting a plurality of asset scan results to each asset scan device to cause the asset scan device to determine connectivity between devices at different network levels than the asset scan device based on IP addresses of the devices in the plurality of asset scan results; receiving connectivity results returned by the asset scanning device; determining a network topology relationship among a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the plurality of devices include the asset scanning devices at different network levels.
In the implementation process, the asset scanning devices of different network levels are utilized to scan the devices of the network levels, so that a plurality of asset scanning results are obtained, the asset scanning results are sent to each asset scanning device, the connectivity between the asset scanning devices and the devices of the different network levels is determined by the asset scanning devices based on the IP addresses of the devices in the asset scanning results, and then the connectivity results are returned based on the asset scanning results and the asset scanning devices, so that the network topological relation between the number of the device assets in units such as large institutions and enterprises in an operation state and between the device assets is accurately determined.
Based on the first aspect, in one possible design, before receiving the device asset scan results sent by the asset scanning devices located at different network levels, the method further includes: receiving asset scanning requests sent by asset scanning devices located at different network levels; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device; determining an IP section to be scanned by the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and sending the IP section to the asset scanning equipment so that the asset scanning equipment scans equipment with IP addresses in the IP section to obtain an asset scanning result.
In the implementation process, based on the IP address of the asset scanning device and the subnet mask of the asset scanning device, an IP segment to be scanned is determined for the asset scanning device, so that the asset scanning device is prevented from scanning devices which do not belong to the unit, and then the scanning efficiency of the asset scanning device is improved.
Based on the first aspect, in one possible design, after receiving the asset scanning request sent by the asset scanning device located at a different network level, the method further includes: determining a reporting IP of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
In the implementation process, the reporting IP of the asset scanning device is determined based on the IP address of the scanning device, so that the asset scanning device can accurately send the asset scanning result to the control center by using the reporting IP.
Based on the first aspect, in one possible design, after receiving the asset scanning request sent by the asset scanning device located at a different network level, the method further includes: and sending a reagent installation package to the asset scanning device so that the asset scanning device can perform device scanning by using the reagent installation package.
In the implementation process, since the asset scanning device may not install the software capable of performing asset scanning, the asset scanning device acquires the agent installation package from the control center, and then ensures that the asset scanning device can perform device scanning by using the agent installation package.
In a second aspect, an embodiment of the present application provides an asset determining method applied to each asset scanning device located at a different network level, the method comprising: determining a scanning range; scanning equipment with an IP address in the scanning range to obtain a first asset scanning result; transmitting the first asset scanning result to a control center, so that the control center transmits the first scanning result to the rest of asset scanning devices in different network levels; receiving a second asset scanning result sent by the control center; the second asset scanning result is a scanning result sent by the rest of asset scanning equipment to the control center; sending an access request to a first device based on an IP address of the first device in the second asset scanning result; determining, based on the access result, a connectivity characteristic between the asset device and the first device; sending a connectivity result to the control center, so that the control center determines a network topology relationship among a plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network level.
In the implementation process, each asset scanning device located in different network levels is utilized to scan the devices in the network levels, a first asset scanning result is sent to a control center, so that the control center sends the first asset scanning result to the rest of asset scanning devices in the different network levels, and receives a second asset scanning result sent by the control center, wherein the second asset scanning result is a scanning result sent by the rest of asset scanning devices to the control center, sharing of the asset scanning result is achieved, then an access request is sent to the first device based on an IP address of the first device in the second asset scanning result, connectivity between the asset scanning device and the first device is determined, and finally, the connectivity result is sent to the control center, so that the control center accurately determines how many units of equipment such as large-scale institutions, enterprises are in an operation state and the network asset topological relation among the various devices based on the connectivity result, the first asset scanning result and the second asset scanning result.
Based on the second aspect, in one possible design, determining the scan range includes: determining a network address of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; the scan range is determined based on a network address of the asset scanning device.
In the implementation process, the asset scanning device determines the scanning range based on the IP address and the subnet mask of the asset scanning device, so that the scanning range is not required to be requested to the control center, and the processing burden of the control center is reduced.
Based on the second aspect, in one possible design, determining the scan range includes: sending an asset scanning request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section to be scanned by the asset scanning device based on the IP address of the asset device and the subnet mask of the asset scanning device; receiving the IP section returned by the control center; wherein the IP section is the scanning range.
In the implementation process, an asset scanning request is sent to the control center, so that the control center determines an IP section which needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device, the asset scanning device is prevented from scanning devices which do not belong to the unit, and then the scanning efficiency of the asset scanning device is improved.
Based on the second aspect, in one possible design, before sending an access request to the first device, the method further includes: receiving a report IP (Internet protocol) corresponding to the second asset scanning result sent by the control center; determining a first reporting IP in the same IP address list as the reporting IP of the asset scanning device from the corresponding reporting IP based on the predetermined reporting IP of the asset scanning device and the corresponding reporting IP; wherein, the reported IP of the devices in the same local area network are in the same IP address list, and the reported IP of the devices in different local area networks are in different IP address lists; determining that the reported IP is the IP address of the first IP reporting device from the second asset scanning result; wherein, the reporting IP is the first device and the device reporting IP is the first device.
In the implementation process, since the reported IPs of the devices in the same local area network are in the same IP address list, and the reported IPs of the devices in different local area networks are in different IP address lists, the asset scanning device is enabled to perform connectivity determination only on the devices in the same local area network as the asset scanning device, and the connectivity determination efficiency is improved.
In a third aspect, an embodiment of the present application provides an asset determining apparatus, the apparatus comprising: the scanning result receiving unit is used for receiving equipment asset scanning results sent by asset scanning equipment located at different network levels; wherein each asset scanning result is a result of the asset scanning device scanning devices at the same network level as the asset scanning device; a scan result transmitting unit configured to transmit a plurality of asset scan results to each asset scan device, so that the asset scan device determines connectivity between devices at different network levels from the asset scan device based on IP addresses of the devices in the plurality of asset scan results; a connectivity result receiving unit, configured to receive a connectivity result returned by the asset scanning device; a topology relation determining unit, configured to determine a network topology relation between a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the plurality of devices include the asset scanning devices at different network levels.
Based on the third aspect, in one possible design, the apparatus further comprises: a scanning request receiving unit, configured to receive asset scanning requests sent by asset scanning devices located at different network levels; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device; an IP segment determining unit, configured to determine an IP segment that needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and the IP section sending unit is used for sending the IP section to the asset scanning equipment so that the asset scanning equipment scans equipment with the IP address in the IP section to obtain an asset scanning result.
Based on the third aspect, in one possible design, the apparatus further comprises: a report IP determining unit configured to determine a report IP of the asset scanning device based on an IP address of the asset scanning device and a subnet mask of the asset scanning device; and the report IP sending unit is used for sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
Based on the third aspect, in one possible design, the apparatus further comprises: and the installation package sending unit is used for sending the agent installation package to the asset scanning device so that the asset scanning device can perform device scanning by using the agent installation package.
In a fourth aspect, an embodiment of the present application provides an asset determining apparatus, the apparatus comprising: a scanning range determining unit configured to determine a scanning range; the scanning unit is used for scanning equipment with the IP address in the scanning range to obtain a first asset scanning result; a sending unit, configured to send the first asset scanning result to a control center, so that the control center sends the first scanning result to the rest of asset scanning devices in the different network levels; the receiving unit is used for receiving a second asset scanning result sent by the control center; the second asset scanning result is a scanning result sent by the rest of asset scanning equipment to the control center; an access unit, configured to send an access request to a first device based on an IP address of the first device in the second asset scanning result; a connectivity determination unit for determining, based on the access result, connectivity characterizing between the asset device and the first device; the sending unit is further configured to send a connectivity result to the control center, so that the control center determines a network topology relationship among a plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network level.
Based on the fourth aspect, in one possible design, the scan range determining unit is specifically configured to determine a network address of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and determining the scan range based on a network address of the asset scanning device.
Based on the fourth aspect, in one possible design, the scan range determining unit is further configured to send an asset scan request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section to be scanned by the asset scanning device based on the IP address of the asset device and the subnet mask of the asset scanning device; receiving the IP section returned by the control center; wherein the IP section is the scanning range.
Based on the fourth aspect, in one possible design, the apparatus further includes: a report IP receiving unit, configured to receive a report IP corresponding to the second asset scanning result sent by the control center; a searching unit, configured to determine, from among the corresponding report IPs, a first report IP in the same IP address list as the report IP of the asset scanning device, based on a predetermined report IP of the asset scanning device and the corresponding report IP; wherein, the reported IP of the devices in the same local area network are in the same IP address list, and the reported IP of the devices in different local area networks are in different IP address lists; the IP address determining unit is used for determining that the reported IP is the IP address of the first IP reporting device from the second asset scanning result; wherein, the reporting IP is the first device and the device reporting IP is the first device.
In a fifth aspect, an embodiment of the present application provides an electronic device, including a processor and a memory connected to the processor, where the memory stores a computer program, and when the computer program is executed by the processor, causes the electronic device to perform the method in the first aspect or the second aspect.
In a sixth aspect, an embodiment of the present application provides a storage medium having stored therein a computer program which, when run on a computer, causes the computer to perform the method of the first or second aspect.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a device asset distribution structure of an enterprise according to an embodiment of the present application.
Fig. 2 is a schematic flow chart of an asset determining method according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an asset determining apparatus according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of another asset determining apparatus according to an embodiment of the present application.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a schematic diagram of an equipment asset distribution structure of an enterprise provided by the embodiment of the present application, it is assumed that equipment assets of the enterprise a are distributed in three office places (i.e., office place A1, office place A2 and office place A3), wherein for convenience of description, the office place A1 is assumed to be disposed with a PC1 (personal computer ), a PC2, a hierarchical gateway 1 (firewall 1), a hierarchical gateway 2 (firewall 2), a PC3, a PC4, a PC5 and a PC6, wherein the PC1, the PC2, the hierarchical gateway 1 and the hierarchical gateway 2 are located in a first layer network hierarchical space of an intranet, and the PC3, the PC4, the PC5 and the PC6 are located in a second layer network hierarchical space of the intranet, wherein the second layer network hierarchical space is a network hierarchical space deeper than the first layer network hierarchical space, the PC3, the PC4 are respectively in communication with the hierarchical gateway 1, and the PC5 and the PC6 are respectively in communication connection with the hierarchical gateway 2. Wherein each office site is assigned at least one reporting IP (Interworking Protocol, protocol for interconnection between networks) address, for example, the reporting IP assigned to office site A1 of enterprise a includes: IP 1-IP 1X; the report IP assigned to office location A2 of enterprise a includes: IP 2-IP 2X; the report IP assigned to office location A3 of enterprise a includes: IP 3-IP 3X; therefore, the data transmitted by PC1, PC2, hierarchical gateway 1, hierarchical gateway 2, PC3, PC4, PC5, and PC6 are transmitted to the control center through IP1—ip 1X.
Since the second-tier network hierarchical space is a network hierarchical space deeper than the first-tier network hierarchical space, devices of the second-tier network hierarchical space can access the first-tier network hierarchical space, and the first-tier network hierarchical space cannot access the second-tier network hierarchical space, that is, PC3, PC4, PC5, and PC6 can access PC1 and PC2, but neither PC1 nor PC2 can access PC3, PC4, PC5, and PC6.
Second, PCs under different-gateways at the same hierarchy cannot access each other, and thus, PC3 and PC4 cannot access PC5 and PC6, and PC5 and PC6 cannot access PC3 and PC4.
In the embodiment of the present application, all the devices capable of performing asset scanning in the enterprise a are used for asset scanning of the devices of the enterprise a, and the office location A1 of the enterprise a is taken as an example, that is, PC1, PC2, PC3, PC4, PC5 and PC6 in the enterprise a are all asset scanning devices.
Referring to fig. 2, fig. 2 is a flowchart of an asset determining method according to a first embodiment of the present application, where the method is applied to a control center, a first asset scanning device in an enterprise a, and other asset scanning devices except for the first asset scanning device, and the first asset scanning device may be any asset scanning device in the enterprise a, and the flowchart shown in fig. 2 will be described in detail below, and the method includes:
S10: a first asset scanning device determines a scanning range.
S20: and the first asset scanning device scans the devices with the IP addresses within the scanning range to obtain a first asset scanning result.
S30: and the first asset scanning device sends the first asset scanning result to a control center.
S40: and the control center sends the first scanning result to the rest asset scanning equipment.
S50: and the rest asset scanning devices send second asset scanning results to the control center.
S60: and the control center sends the second asset scanning result to the first asset scanning device.
S70: the first asset scanning device sends an access request to a first device based on an IP address of the first device in the second asset scanning result.
S80: the first asset scanning device determines, based on a first access result, connectivity between the asset device and the first device.
S90: the first asset scanning device sends a first connectivity result to the control center.
S100: and the rest asset scanning devices send access requests to the second device based on the IP address of the second device in the first asset scanning result.
S110: and the rest asset scanning equipment determines connectivity between the rest asset equipment and the second equipment based on a second access result.
S120: and the rest asset scanning equipment sends a second connectivity result to the control center.
S130: the control center determines a network topology relationship among a plurality of devices based on the first connectivity result, the second connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: the first asset scanning device and the remaining asset scanning devices.
The above method is described in detail below.
S10: the first asset scanning device determines a scanning range.
Wherein the step of determining the scanning range comprises: a11 and a12.
A11: the first asset scanning device determines a network address of the first asset scanning device based on an IP address of the first asset scanning device and a subnet mask of the first asset scanning device.
The first asset scanning device acquires the IP address of the first asset scanning device and the subnet mask of the first asset scanning device in real time, and then performs AND operation after converting the IP address of the first asset scanning device and the subnet mask of the first asset scanning device into binary respectively to obtain the network address of the first asset scanning device. Wherein the logical multiplication: 0&0 =0; 0&1 =0; 1&0 =0; 1& 1=1. And operation.
For example, the IP address of the first asset scanning device is: 202.112.14.137, then converting the IP address of the first asset scanning device to binary is followed by: 11001010 01110000 00001110 10001001, the subnet mask of the first asset scanning device is: 255.255.255.224, converting the subnet mask of the first asset scanning device to binary is then: 11111111 11111111 11111111 11100000 and performing an and operation on 11001010 01110000 00001110 10001001 and 11111111 11111111 11111111 11100000 to obtain a network address of the first asset scanning device: 11001010 01110000 00001110 10000000.
After determining the network address of the first asset scanning device, the first asset scanning device performs step a12.
A12: the first asset scanning device determines the scanning range based on a network address of the first asset scanning device.
And taking the network address of the first asset scanning device as the starting address of the scanning range, and continuously adding 1 on the basis of the network address of the first asset scanning device to obtain the IP address in the scanning range until the last few bits added to the network address of the first asset scanning device are all 1.
For example, the first asset scanning device has a network address of 11001010 01110000 00001110 10000000, then the scanning range has a start address of 11001010 01110000 00001110 10000000 (202.112.14.128) and the scanning range has an end address of 11001010 01110000 00001110 11111111 (202.112.14.255). Thus, the scan range is 202.112.14.128-202.112.14.255.
As an embodiment, the first asset scanning device may also determine the scanning range according to a network address of the first asset scanning device and a predetermined number of device scans.
The first asset scanning device may use the network address of the first asset scanning device as a starting address, and add 1 once on the basis of the network address of the first asset scanning device to obtain an IP address, where the number of times of adding 1 is the predetermined number of device scans, and then determine all the IP addresses in the scanning range.
As another embodiment, the step of determining the scanning range, that is, step S10 includes: b11, B12, B13, B14 and B15.
B11: the first asset scanning device sends an asset scanning request to the control center; wherein the asset scanning request includes an IP address of the first asset scanning device and a subnet mask of the first asset scanning device.
The first asset scanning device sends the asset scanning request to the control center based on a predetermined IP address of the control center and an IP address of the first asset scanning device.
Wherein the first asset scan may have software of a device asset scan pre-installed.
After the first asset scanning device sends the asset scanning request to the control center, the control center performs step B12.
B12: the control center receives the asset scanning request.
After the control center receives the asset scanning request, step B13 is performed.
B13: the control center determines an IP section to be scanned by the first asset scanning device based on the IP address of the first asset device and the subnet mask of the first asset scanning device; wherein the IP section is the scanning range.
The control center determines a first local area network where the first asset scanning device is located based on the IP address of the first asset scanning device and a subnet mask of the first asset scanning device, wherein the first local area network is the asset scanning range. Wherein all IP addresses in the first local area network constitute the IP segment.
After determining the IP segment, the control center performs step B14.
And B14: and the control center sends the IP section to the first asset scanning device.
The control center sends the IP segment to the first asset scanning device based on the IP address of the first asset scanning device.
B15: the first asset scanning device receives the IP segment. In other words, the first asset scanning device determines its own scanning range from the received IP segment.
Regardless of which manner is described above or otherwise, the first asset device may perform step S20.
S20: and the first asset scanning device scans the devices with the IP addresses within the scanning range to obtain a first asset scanning result.
The first asset scanning device accesses ports of devices with IP addresses within the scanning range sequentially or randomly by using scanning software installed in the first asset scanning device to obtain information such as IP addresses, subnet masks and the like of all the devices which can be accessed and the first asset scanning device, namely the first asset scanning result. It is mentioned that the device that can be accessed is a device that is in the same local area network and the same network hierarchy as the first asset scanning device.
For example, when the first asset scanning device is PC1, the first asset scanning result includes: information such as IP addresses and subnet masks of PC1, PC2, hierarchical gateway 1, and hierarchical gateway 2.
When the first asset scanning device is a PC3, the first asset scanning result includes: information such as IP addresses and subnet masks of the PC3, PC4 and hierarchical gateway 1.
When the first asset scanning device is a PC5, the first asset scanning result includes: information such as IP addresses and subnet masks of the PC5, PC6 and hierarchical gateway 2.
The first asset scanning device performs step S30 after obtaining the first asset scanning result.
S30: and the first asset scanning device sends the first asset scanning result to a control center.
The first asset scanning device sends the first asset scanning result to the control center based on a predetermined IP address of the control center.
S40: and the rest asset scanning devices send second asset scanning results to the control center.
It is mentioned that each of the remaining asset scanning devices acquires the second asset scanning result by adopting the first asset scanning device, and then sends the second asset scanning result to the control center based on the predetermined IP address of the control center. It will be appreciated that each of the remaining asset scanning devices, when sending the second asset scanning result to the control center, will carry the IP address of that asset scanning device.
The control center performs step S50 after receiving the first asset scanning result and after determining the IP addresses of the remaining asset scanning devices.
S50: and the control center sends the first asset scanning result to the rest asset scanning devices.
The control center sends the first asset scanning result to the rest of the asset scanning devices based on the predetermined IP addresses of the rest of the asset scanning devices. The determining the IP addresses of the remaining asset scanning devices may be obtained from the received asset scanning request sent by the remaining asset scanning devices, or may be obtained when the second asset scanning result sent by the remaining asset scanning devices is obtained.
As one embodiment, the control center sends the first asset scanning result to the asset scanning device in the same local area network as the first asset scanning device, where the asset scanning device in the same local area network as the first asset scanning device is the remaining asset scanning devices in S400. It is mentioned that the control center determines a first local area network where the first asset scanning device is located based on the IP address and the subnet mask of the first asset scanning device, and determines the IP address of the asset scanning device in the first local area network, that is, the asset scanning device in the same local area network as the first asset device, from the IP addresses of the remaining asset scanning devices based on the IP addresses and the subnet mask of the remaining asset scanning devices.
For example, when the first asset scanning device is PC1 and the remaining asset scanning devices are PC3, PC4 and PC5, if the network addresses of PC3, PC4 and PC5 and PC1 are the same, i.e. are in the same local area network, the control center sends the first asset scanning result to PC3, PC4 and PC5.
The control center performs step S60 after receiving the second asset scanning result.
S60: and the control center sends the second asset scanning result to the first asset scanning device.
The control center transmits the second asset scanning result to the first asset scanning device based on a predetermined IP address of the first asset scanning device.
In one embodiment, the control center transmits the second asset scanning result to the first asset scanning device when the first asset scanning device is in the same local area network as the asset scanning device that transmits the second asset scanning result.
For example, when the first asset scanning device is PC1 and the remaining asset scanning devices are PC3, the control center transmits the second asset scanning result to PC1 because PC3 and PC1 are in the same local area network.
When the first asset scanning device receives the second asset scanning result, the first asset scanning device performs step S70.
S70: the first asset scanning device sends an access request to a first device based on an IP address of the first device in the second asset scanning result.
For example, when the first asset scanning device is PC1 and the second asset scanning result includes IP addresses of PC3, PC4 and hierarchical gateway 1, that is, the first device includes: PC3 and PC4, the first asset scanning device sends the access request to PC3 based on the IP address of PC3, because the network hierarchy space where PC3 is located is a network hierarchy space deeper than the network hierarchy space where PC1 is located, therefore, PC1 can't access PC3 through hierarchical gateway 1, and then can't receive the result fed back by PC3 based on the access request, when PC1 has not received the result fed back by PC3 based on the access request in a preset time period after sending the access request to PC3, the first asset scanning device obtains the first access result which characterizes PC1 can't access PC3, and similarly, the first asset scanning device sends the access request to PC4 based on the IP address of PC4, and obtains the first access result which characterizes PC1 can't access PC 4.
For example, in the case where the first asset scanning device is PC3, the second asset scanning result includes: when the first device is PC1, PC2, the hierarchical gateway 1 and the IP address of the hierarchical gateway 2, the PC3 sends an access request to the PC1 based on the IP address of the PC1, when the PC3 sends the access request to the PC1, the access request sent by the PC3 is first transmitted to the hierarchical gateway 1, the hierarchical gateway 1 returns information indicating that the next hop address of the PC3 is the IP address of the hierarchical gateway 1 to the PC3, the hierarchical gateway 1 forwards the access request to the PC1, the PC1 returns a feedback result to the PC3 based on the access request, wherein the feedback result returned by the PC1 is forwarded to the PC3 through the hierarchical gateway 1, and when the feedback result returned by the PC1 based on the access request is received by the PC3 in a preset time period, the first access result indicating that the PC3 can access the PC1 through the hierarchical gateway 1 is obtained. Similarly, when the PC3 receives a feedback result returned by the PC2 based on the access request within a preset period of time, the PC3 obtains a first access result indicating that the PC3 can access the PC2 through the hierarchical gateway 1.
The first asset scanning device performs step S80 after obtaining the first access result.
S80: the first asset scanning device determining, based on a first access result, connectivity between the first asset scanning device and the first device;
And when the first access result indicates that the first asset scanning device cannot access the first device, determining that the first asset scanning device cannot communicate with the first device.
When the first access result characterizes that the first asset scanning device can access the first device through a second device, determining that the first asset scanning device is communicated with the first device through the second device.
After the first asset scanning device determines the first connectivity result, step S90 is performed.
S90: the first asset scanning device sends a first connectivity result to the control center.
The first asset scanning device sends the first connectivity result to the control center based on the IP address of the control center.
S100: and the rest asset scanning devices send access requests to the second device based on the IP address of the second device in the first asset scanning result.
In the specific embodiment of S100, please refer to step S70, and therefore, the description is omitted here.
S110: and the rest asset scanning equipment determines connectivity between the rest asset equipment and the second equipment based on a second access result.
S120: and the rest asset scanning equipment sends a second connectivity result to the control center.
In the specific embodiments of S110 and S120, please refer to steps S80 and S90, and therefore, the description thereof is omitted here.
S130: the control center determines a network topology relationship among a plurality of devices based on the first connectivity result, the second connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: the first asset scanning device and the remaining asset scanning devices.
And de-duplicating the same asset scanning result in the first asset scanning result and the second asset scanning result, and determining the network topological relation among a plurality of devices by utilizing the asset scanning result after de-duplication and the first connectivity result and the second connectivity result.
For example, the asset scan result obtained by the PC1 is information such as IP addresses and subnet masks of the PC1, the PC2, the hierarchical gateway 1 and the hierarchical gateway 2, the asset scan result obtained by the PC3 is information such as IP addresses and subnet masks of the PC3, the PC4 and the hierarchical gateway 1, the asset scan result obtained by the PC5 is information such as IP addresses and subnet masks of the PC5, the PC6 and the hierarchical gateway 2, the PC1 cannot access the PC3, the PC4, the PC5 and the PC6, the PC3 and the PC4 can access the PC1 and the PC2 through the hierarchical gateway 1, the PC5 and the PC6 can access the PC1 and the PC2 through the hierarchical gateway 2, the topology relationship of the PC1, the PC2, the hierarchical gateway 1 and the hierarchical gateway 2 is represented in a first layer network layer space, the PC3, the PC4, the PC5 and the PC6 are in a network layer space deeper than the first layer network layer, and the network space represented by the PC3 and the PC4 can be obtained as shown in fig. 1 because the gateway IP is different.
As an embodiment, after step B12, the method further comprises the steps of: c1 and C2.
After receiving the asset scanning request, the control center performs step C1: the control center determines a reporting IP of the first asset scanning device based on the IP address of the first asset scanning device and a subnet mask of the first asset scanning device.
The control center determines a network address of the first asset scanning device based on the IP address of the first asset scanning device and a subnet mask of the first asset scanning device, searches a report IP corresponding to the network address based on a corresponding relation between a prestored network address and the report IP, and determines that the corresponding report IP is the report IP of the first asset scanning device when the number of the corresponding report IPs is one; and when at least two reporting IPs exist in the number of the corresponding reporting IPs, arbitrarily selecting one reporting IP from the at least two reporting IPs as the reporting IP of the first asset scanning device.
And C2, after determining the report IP of the first asset scanning device, the control center executes the step C2.
C2: and the control center sends the report IP to the first asset scanning device.
The control center sends the report IP to the first asset scanning device based on the IP address of the first asset scanning device.
After the first asset scanning device acquires the report IP, S30 may be implemented in such a manner that the first asset scanning device transmits the asset scanning result to the control center based on the report IP.
As an embodiment, after B12, the method further comprises the step of: b121 and B122.
After receiving the asset scanning request sent by the first asset scanning device, the control center performs step B121: and the control center sends a agent installation package to the first asset scanning device.
After the first asset scanning device receives the agent installation package, step B122 is performed.
B122: and the first asset scanning device installs scanning software on the first asset scanning device by using the agent installation package.
The first asset scanning device decompresses and runs the agent installation package to install scanning software on the first asset scanning device.
As an embodiment, before S70, the method further comprises the steps of: d1, D2 and D3.
D1: and the control center sends a report IP corresponding to the second asset scanning result to the first asset scanning device.
It will be appreciated that the asset scanning device that transmits the second asset scanning result is transmitted to the control center via the corresponding report IP.
D1: and the first asset scanning device receives the report IP corresponding to the second asset scanning result.
D2: the first asset scanning device determines a first reporting IP in the same IP address list as the reporting IP of the first asset scanning device from the corresponding reporting IP based on the predetermined reporting IP of the first asset scanning device and the corresponding reporting IP; wherein, the report IP of the equipment in the same local area network is in the same IP address list, and the report IP of the equipment in different local area networks is in different IP address lists.
As one implementation manner, the first asset scanning device stores a first IP address list including the reporting IP of the first asset scanning device in advance, and then searches for the first reporting IP in the first IP address list from the corresponding reporting IP.
The first asset scanning device performs step D3 after determining the first reporting IP.
D3: the first asset scanning device determines that the reported IP is the IP address of the first IP reporting device from the second asset scanning result; wherein, the reporting IP is the first device and the device reporting IP is the first device.
It can be understood that the second asset scanning result includes a correspondence between the reported IP and the IP address of the device, and the first asset scanning device searches, based on the IP address of the first report, for the IP address of the device corresponding to the first report IP from the correspondence.
As an embodiment, after S70, the method further includes:
the first asset scanning device sends the first access result to a control center after obtaining the first access result, so that the control center determines connectivity between the first asset scanning device and the first device based on the first access result.
Referring to fig. 3, fig. 3 is a block diagram of an asset determining apparatus according to an embodiment of the present application, the apparatus is applied to a control center, and the block diagram shown in fig. 3 will be described below, where the apparatus includes:
A scan result receiving unit 410, configured to receive device asset scan results sent by asset scanning devices located at different network levels; wherein each asset scanning result is a result of the asset scanning device scanning devices at the same network level as the asset scanning device;
a scan result transmitting unit 420 configured to transmit a plurality of asset scan results to each asset scan device, so that the asset scan device determines connectivity between devices at different network levels from the asset scan device based on IP addresses of the devices in the plurality of asset scan results;
a connectivity result receiving unit 430, configured to receive a connectivity result returned by the asset scanning device;
a topology relationship determining unit 440, configured to determine a network topology relationship between a plurality of devices based on the plurality of asset scanning results and a plurality of connectivity results; wherein the plurality of devices include the asset scanning devices at different network levels.
As an embodiment, the apparatus further comprises: a scanning request receiving unit, configured to receive asset scanning requests sent by asset scanning devices located at different network levels; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device; an IP segment determining unit, configured to determine an IP segment that needs to be scanned by the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and the IP section sending unit is used for sending the IP section to the asset scanning equipment so that the asset scanning equipment scans equipment with the IP address in the IP section to obtain an asset scanning result.
As an embodiment, the apparatus further comprises: a report IP determining unit configured to determine a report IP of the asset scanning device based on an IP address of the asset scanning device and a subnet mask of the asset scanning device; and the report IP sending unit is used for sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
As an embodiment, the apparatus further comprises: and the installation package sending unit is used for sending the agent installation package to the asset scanning device, wherein the asset scanning device is used for performing device scanning by using the agent installation package.
Referring to fig. 4, fig. 4 is a block diagram of another asset determining apparatus according to an embodiment of the present application, the apparatus is applied to an asset scanning device, and the block diagram shown in fig. 4 will be described below, where the apparatus includes:
a scan range determining unit 510 for determining a scan range;
a scanning unit 520, configured to scan a device whose IP address is within the scanning range, to obtain a first asset scanning result;
a transmitting unit 530, configured to transmit the first asset scanning result to a control center, so that the control center transmits the first scanning result to the rest of asset scanning devices in the different network levels;
A receiving unit 540, configured to receive a second asset scanning result sent by the control center; the second asset scanning result is a scanning result sent by the rest of asset scanning equipment to the control center;
an access unit 550, configured to send an access request to the first device based on the IP address of the first device in the second asset scanning result;
a connectivity determination unit 560 for determining, based on the access result, a connectivity characterizing the asset device to the first device;
the sending unit 530 is further configured to send a connectivity result to the control center, so that the control center determines a network topology relationship between a plurality of devices based on the connectivity result, the first asset scanning result, and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network level.
As an embodiment, the scan range determining unit 510 is specifically configured to determine a network address of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device; and determining the scan range based on a network address of the asset scanning device.
As an embodiment, the scan range determining unit 510 is further configured to send an asset scan request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section to be scanned by the asset scanning device based on the IP address of the asset device and the subnet mask of the asset scanning device; receiving the IP section returned by the control center; wherein the IP section is the scanning range.
As an embodiment, the apparatus further comprises: a report IP receiving unit, configured to receive a report IP corresponding to the second asset scanning result sent by the control center; a searching unit, configured to determine, from among the corresponding report IPs, a first report IP in the same IP address list as the report IP of the asset scanning device, based on a predetermined report IP of the asset scanning device and the corresponding report IP; wherein, the reported IP of the devices in the same local area network are in the same IP address list, and the reported IP of the devices in different local area networks are in different IP address lists; the IP address determining unit is used for determining that the reported IP is the IP address of the first IP reporting device from the second asset scanning result; wherein, the reporting IP is the first device and the device reporting IP is the first device.
For the process of implementing the respective functions by the functional units in this embodiment, please refer to the contents described in the embodiments shown in fig. 1-2, which are not described herein.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device may be an asset scanning device or a control center, and the electronic device may be a PC, a tablet computer, a smart phone, a (personal digital assistant, PDA) personal digital assistant, or the like.
The electronic device may include: memory 102, processor 101, communication interface 103, and a communication bus for enabling connected communication of these components.
The Memory 102 is used for storing various data such as a plurality of asset scan results and connectivity results, and computing program instructions corresponding to the asset determining method and apparatus provided by the embodiments of the present application, where the Memory 102 may be, but is not limited to, (Random Access Memory, RAM) random access Memory, (Read Only Memory, ROM) Read Only Memory, (Programmable Read-Only Memory, PROM) programmable Read Only Memory, (Erasable Programmable Read-Only Memory, EPROM) erasable Read Only Memory, (Electric Erasable Programmable Read-Only Memory, EEPROM) electrically erasable Read Only Memory, and the like.
When the electronic device is the control center, the processor 101 is configured to receive device asset scanning results sent by asset scanning devices located at different network levels; wherein each asset scanning result is a result of the asset scanning device scanning devices at the same network level as the asset scanning device; transmitting a plurality of asset scan results to each asset scan device to cause the asset scan device to determine connectivity between devices at different network levels than the asset scan device based on IP addresses of the devices in the plurality of asset scan results; receiving connectivity results returned by the asset scanning device; determining a network topology relationship among a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the plurality of devices include the asset scanning devices at different network levels.
When the electronic device is the asset scanning device, the processor 101 is configured to determine a scanning range; scanning equipment with an IP address in the scanning range to obtain a first asset scanning result; transmitting the first asset scanning result to a control center, so that the control center transmits the first scanning result to other asset scanning devices located in different network levels; receiving a second asset scanning result sent by the control center; the second asset scanning result is a scanning result sent by the rest of asset scanning equipment to the control center; sending an access request to a first device based on an IP address of the first device in the second asset scanning result; determining, based on the access result, a connectivity characteristic between the asset device and the first device; sending a connectivity result to the control center, so that the control center determines a network topology relationship among a plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network level.
The processor 101 may be an integrated circuit chip with signal processing capability. The processor 101 may be a general-purpose processor 101, including a (Central Processing Unit, CPU) central processor 101, a (Network Processor, NP) network processor 101, etc.; but also (DSP) digital signal processor 101, (ASIC) application specific integrated circuit, (FPGA) field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. The general purpose processor 101 may be a microprocessor 101 or the processor 101 may be any conventional processor 101 or the like.
When the electronic device is the control center, the communication interface 103 is configured to send an asset scanning result to the asset scanning device, and receive the asset scanning result and the connectivity result sent by the asset scanning device.
When the electronic device is an asset scanning device, the communication interface 103 is configured to send a first asset scanning result and a connectivity result to the control center, send an access request to the remaining asset scanning devices, and receive a second asset scanning result sent by the control center.
In addition, the embodiment of the application also provides a storage medium, in which a computer program is stored, which when run on a computer, causes the computer to execute the method provided by any one of the embodiments of the application.
In summary, the asset determining method, apparatus, electronic device and storage medium according to the embodiments of the present application scan devices in a network hierarchy by using asset scanning devices in different network hierarchies to obtain a plurality of asset scanning results, and send the plurality of asset scanning results to each asset scanning device, so that the asset scanning device determines connectivity between devices in different network hierarchies with the asset scanning device based on the IP addresses of the devices in the plurality of asset scanning results, and then accurately determines how many device assets are in an operating state in units such as a large-scale organization and an enterprise, and a network topology relationship between the device assets based on the plurality of asset scanning results and the asset scanning devices returning the connectivity results.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based devices which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.

Claims (12)

1. An asset determination method for use in a control center, the method comprising:
receiving equipment asset scanning results sent by asset scanning equipment located at different network levels; wherein each asset scanning result is a result of the asset scanning device scanning devices at the same network level as the asset scanning device;
transmitting a plurality of asset scan results to each asset scan device to cause the asset scan device to determine connectivity between devices at different network levels than the asset scan device based on IP addresses of the devices in the plurality of asset scan results; wherein the asset scanning device determining connectivity between devices at different network levels than the asset scanning device based on the IP addresses of the devices in the plurality of asset scanning results, comprising: sending an access request to a first device based on an IP address of the first device in the plurality of asset scan results; determining, based on the access result, a connectivity characteristic between the asset scanning device and the first device; determining that the asset scanning device is not in communication with the first device when the access result characterizes that the asset scanning device is not capable of accessing the first device; determining that the asset scanning device is in communication with the first device through a second device when the access result characterizes that the asset scanning device is capable of accessing the first device through the second device;
Receiving connectivity results returned by the asset scanning device;
determining a network topology relationship among a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the plurality of devices include the asset scanning devices at different network levels.
2. The method of claim 1, wherein prior to receiving the device asset scan results transmitted by asset scanning devices located at different network levels, the method further comprises:
receiving asset scanning requests sent by asset scanning devices located at different network levels; wherein the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device;
determining an IP section to be scanned by the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device;
and sending the IP section to the asset scanning equipment so that the asset scanning equipment scans equipment with IP addresses in the IP section to obtain an asset scanning result.
3. The method of claim 2, wherein after receiving the asset scanning request sent by the asset scanning device at a different network level, the method further comprises:
Determining a reporting IP of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device;
and sending the report IP to the asset scanning equipment so that the asset scanning equipment sends the asset scanning result to the control center based on the report IP.
4. The method of claim 1, wherein after receiving the asset scanning request sent by the asset scanning device at a different network level, the method further comprises:
and sending a reagent installation package to the asset scanning device so that the asset scanning device can perform device scanning by using the reagent installation package.
5. An asset determination method, for application to an asset scanning device, the method comprising:
determining a scanning range;
scanning equipment with an IP address in the scanning range to obtain a first asset scanning result;
transmitting the first asset scanning result to a control center, so that the control center transmits the first asset scanning result to other asset scanning devices located in different network levels;
receiving a second asset scanning result sent by the control center; the second asset scanning result is a scanning result sent by the rest of asset scanning equipment to the control center;
Sending an access request to a first device based on an IP address of the first device in the second asset scanning result;
determining, based on the access result, a connectivity characteristic between the asset scanning device and the first device; determining that the asset scanning device is not in communication with the first device when the access result characterizes that the asset scanning device is not capable of accessing the first device; determining that the asset scanning device is in communication with the first device through a second device when the access result characterizes that the asset scanning device is capable of accessing the first device through the second device;
sending a connectivity result to the control center, so that the control center determines a network topology relationship among a plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network level.
6. The method of claim 5, wherein determining the scan range comprises:
determining a network address of the asset scanning device based on the IP address of the asset scanning device and a subnet mask of the asset scanning device;
The scan range is determined based on a network address of the asset scanning device.
7. The method of claim 5, wherein determining the scan range comprises:
sending an asset scanning request to the control center; the asset scanning request comprises an IP address of the asset scanning device and a subnet mask of the asset scanning device, so that the control center determines an IP section to be scanned by the asset scanning device based on the IP address of the asset scanning device and the subnet mask of the asset scanning device;
receiving the IP section returned by the control center; wherein the IP section is the scanning range.
8. The method of claim 5, wherein prior to sending the access request to the first device, the method further comprises:
receiving a report IP (Internet protocol) corresponding to the second asset scanning result sent by the control center;
determining a first reporting IP in the same IP address list as the reporting IP of the asset scanning device from the corresponding reporting IP based on the predetermined reporting IP of the asset scanning device and the corresponding reporting IP; wherein, the reported IP of the devices in the same local area network are in the same IP address list, and the reported IP of the devices in different local area networks are in different IP address lists;
Determining that the reported IP is the IP address of the first IP reporting device from the second asset scanning result; wherein, the reporting IP is the first device and the device reporting IP is the first device.
9. An asset determination apparatus, the apparatus comprising:
the scanning result receiving unit is used for receiving equipment asset scanning results sent by asset scanning equipment located at different network levels; wherein each asset scanning result is a result of the asset scanning device scanning devices at the same network level as the asset scanning device;
a scan result transmitting unit configured to transmit a plurality of asset scan results to each asset scan device, so that the asset scan device determines connectivity between devices at different network levels from the asset scan device based on IP addresses of the devices in the plurality of asset scan results; wherein the asset scanning device determining connectivity between devices at different network levels than the asset scanning device based on the IP addresses of the devices in the plurality of asset scanning results, comprising: sending an access request to a first device based on an IP address of the first device in the plurality of asset scan results; determining, based on the access result, a connectivity characteristic between the asset scanning device and the first device; determining that the asset scanning device is not in communication with the first device when the access result characterizes that the asset scanning device is not capable of accessing the first device; determining that the asset scanning device is in communication with the first device through a second device when the access result characterizes that the asset scanning device is capable of accessing the first device through the second device;
A connectivity result receiving unit, configured to receive a connectivity result returned by the asset scanning device;
a topology relation determining unit, configured to determine a network topology relation between a plurality of devices based on the plurality of asset scanning results and the plurality of connectivity results; wherein the plurality of devices include the asset scanning devices at different network levels.
10. An asset determination apparatus, the apparatus comprising:
a scanning range determining unit configured to determine a scanning range;
the scanning unit is used for scanning equipment with the IP address in the scanning range to obtain a first asset scanning result;
a sending unit, configured to send the first asset scanning result to a control center, so that the control center sends the first asset scanning result to remaining asset scanning devices located in different network levels;
the receiving unit is used for receiving a second asset scanning result sent by the control center; the second asset scanning result is a scanning result sent by the rest of asset scanning equipment to the control center;
an access unit, configured to send an access request to a first device based on an IP address of the first device in the second asset scanning result;
A connectivity determination unit configured to determine, based on the access result, a connectivity characterizing between the asset scanning device and the first device; determining that the asset scanning device is not in communication with the first device when the access result characterizes that the asset scanning device is not capable of accessing the first device; determining that the asset scanning device is in communication with the first device through a second device when the access result characterizes that the asset scanning device is capable of accessing the first device through the second device;
the sending unit is further configured to send a connectivity result to the control center, so that the control center determines a network topology relationship among a plurality of devices based on the connectivity result, the first asset scanning result and the second asset scanning result; wherein the plurality of devices comprises: each asset scanning device located at a different network level.
11. An electronic device comprising a memory and a processor, the memory having stored therein computer program instructions that, when read and executed by the processor, perform the method of any of claims 1-8.
12. A storage medium having stored thereon computer program instructions which, when read and executed by a computer, perform the method of any of claims 1-8.
CN202010770214.2A 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium Active CN111865701B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010770214.2A CN111865701B (en) 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010770214.2A CN111865701B (en) 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111865701A CN111865701A (en) 2020-10-30
CN111865701B true CN111865701B (en) 2023-08-11

Family

ID=72953071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010770214.2A Active CN111865701B (en) 2020-08-03 2020-08-03 Asset determination method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111865701B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615787B (en) * 2021-01-06 2021-12-14 博智安全科技股份有限公司 Method and system for automatically generating network topology
CN115001984A (en) * 2022-08-08 2022-09-02 北京六方云信息技术有限公司 Industrial level topological graph drawing method and device, terminal device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413012A (en) * 2011-11-21 2012-04-11 上海交通大学 System for automatically analyzing computer network connectivity
CN105227383A (en) * 2015-11-06 2016-01-06 广东电网有限责任公司电力科学研究院 A kind of device of network topology investigation
CN107294745A (en) * 2016-03-30 2017-10-24 中国移动通信集团四川有限公司 Automatic topology discovery method and device
CN109768870A (en) * 2017-11-09 2019-05-17 国网青海省电力公司电力科学研究院 A kind of industry control network assets discovery method and system based on active probing technique
CN109842520A (en) * 2018-12-27 2019-06-04 华为技术服务有限公司 The determination method, apparatus and system of network topology
CN110336684A (en) * 2019-03-21 2019-10-15 北京天防安全科技有限公司 A kind of networked asset intelligent identification Method and system
CN110958134A (en) * 2019-11-01 2020-04-03 锐捷网络股份有限公司 Method and device for realizing network topology
CN110995719A (en) * 2019-12-06 2020-04-10 北京天融信网络安全技术有限公司 NAT equipment identification method, device, system and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090195384A1 (en) * 2008-02-01 2009-08-06 Honeywell International Inc. System and method for inventory management
US8255749B2 (en) * 2008-07-29 2012-08-28 Texas Instruments Incorporated Ascertaining configuration by storing data signals in a topology register
US9083613B2 (en) * 2012-10-16 2015-07-14 Cisco Technology, Inc. Detection of cabling error in communication network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413012A (en) * 2011-11-21 2012-04-11 上海交通大学 System for automatically analyzing computer network connectivity
CN105227383A (en) * 2015-11-06 2016-01-06 广东电网有限责任公司电力科学研究院 A kind of device of network topology investigation
CN107294745A (en) * 2016-03-30 2017-10-24 中国移动通信集团四川有限公司 Automatic topology discovery method and device
CN109768870A (en) * 2017-11-09 2019-05-17 国网青海省电力公司电力科学研究院 A kind of industry control network assets discovery method and system based on active probing technique
CN109842520A (en) * 2018-12-27 2019-06-04 华为技术服务有限公司 The determination method, apparatus and system of network topology
CN110336684A (en) * 2019-03-21 2019-10-15 北京天防安全科技有限公司 A kind of networked asset intelligent identification Method and system
CN110958134A (en) * 2019-11-01 2020-04-03 锐捷网络股份有限公司 Method and device for realizing network topology
CN110995719A (en) * 2019-12-06 2020-04-10 北京天融信网络安全技术有限公司 NAT equipment identification method, device, system and storage medium

Also Published As

Publication number Publication date
CN111865701A (en) 2020-10-30

Similar Documents

Publication Publication Date Title
CN111865701B (en) Asset determination method, device, electronic equipment and storage medium
CN111399756B (en) Data storage method, data downloading method and device
CN113259479B (en) Data processing method and equipment
CN110716738A (en) Data processing method and device, cloud platform, electronic equipment and storage medium
KR100901281B1 (en) Method for ubiquitous web service
CN110677493A (en) Service state determination method and device, computer device and storage medium
CN111885184A (en) Method and device for processing hot spot access keywords in high concurrency scene
CN114244654B (en) URL forwarding method, device, equipment and computer storage medium
CN111224829A (en) Method and device for accessing external node to block chain network, and block chain network
CN112492060B (en) Service resource processing method and system, proxy equipment and request equipment
CN115913597A (en) Method and device for determining lost host
CN111556112A (en) Data transmission method and device, electronic equipment and storage medium
CN111183622B (en) Block chain system, information sharing method and related equipment
CN113778780B (en) Application stability determining method and device, electronic equipment and storage medium
JP6972417B2 (en) Mobile devices, systems, access methods, and programs
US10778660B1 (en) Managing multiple producer consumer—systems with non-identical idempotency keys
CN115190062A (en) Service processing method and device, electronic equipment and computer readable storage medium
CN114760360A (en) Request response method and device, electronic equipment and computer readable storage medium
CN112131263A (en) Software package obtaining method, system, device, electronic equipment and storage medium
CN113746909A (en) Network connection method, device, electronic equipment and computer readable storage medium
CN110995890A (en) Domain name request scheduling method and device
CN112866008B (en) NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium
CN107749899A (en) A kind of message forwarding method, device and electronic equipment
US20210352140A1 (en) System and method for improved and effective generation and representation of a communication trust tree
CN109684386B (en) Report collaborative arrangement method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant