CN112737891A - Network flow simulation test method, device and storage medium - Google Patents
Network flow simulation test method, device and storage medium Download PDFInfo
- Publication number
- CN112737891A CN112737891A CN202011605830.9A CN202011605830A CN112737891A CN 112737891 A CN112737891 A CN 112737891A CN 202011605830 A CN202011605830 A CN 202011605830A CN 112737891 A CN112737891 A CN 112737891A
- Authority
- CN
- China
- Prior art keywords
- protocol
- network
- library
- flow
- name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a network flow simulation test method, a device and a storage medium, wherein the network flow simulation test method comprises the following steps: constructing a protocol library, namely receiving protocol names and protocol features of the protocols, recording the protocol features of the protocols corresponding to the protocol names, and constructing the protocol library; receiving request parameters, wherein the request parameters comprise a request protocol parameter and a request quantity parameter; flow sending, extracting corresponding protocol features from a protocol library according to the request protocol parameters, and using the extracted protocol features as sending protocol parameters; and modifying quintuple information of the flow according to the request quantity parameter to serve as a sending quantity parameter, and configuring the test flow according to the sending protocol parameter and the sending quantity parameter. In actual testing, the situation that a large number of users surf the internet at the same time is often required to be simulated, and the quintuple information of the actual users surf the internet is different, so that the number of the users can simulate the real internet surfing situation by modifying different quintuple information.
Description
Technical Field
The present application relates to the field of automated testing technologies, and in particular, to a network traffic simulation testing method, apparatus, and storage medium.
Background
The network test device is widely applied to performance test and function test of network equipment such as firewall, switch, router and the like, and comprises the functions of security test, protocol flow simulation, network attack simulation and the like. Therefore, it is important for the network device to have a good network testing device. The network test method comprises the steps of carrying out network test on tested equipment (other network communication equipment such as a router, a switch and the like), connecting the tested equipment and a test computer through a network by a common test method, setting an automatic test program, and sending simulation flow to the tested equipment by the test computer for testing.
In order to make the network test result closer to the actual situation of network communication, in the prior art, a test computer is often connected to a device to be tested, and then static playback is performed based on the captured network traffic, so as to simulate the situation that a plurality of network communication users perform network communication in a real network (the number of network communication users depends on the captured network traffic). However, the existing mode is inflexible and has large error, and the originally captured network flow is inaccurate due to the change brought by the network protocol; and when tens of thousands or more users need to be simulated to surf the internet, the existing method is difficult to simulate the conditions of a large number of users to surf the internet.
Therefore, there is a need in the art for a method, an apparatus and a storage medium for network traffic simulation testing.
Accordingly, the present application is directed to such a situation.
Disclosure of Invention
The application aims to provide a network flow simulation test method, a network flow simulation test device and a storage medium, which can simulate the internet surfing condition of a large number of users.
A first aspect of the present application provides a network traffic simulation test method, including the following steps:
constructing a protocol library, namely receiving protocol names and protocol features of the protocols, recording the protocol features of the protocols corresponding to the protocol names, and constructing the protocol library;
receiving request parameters, wherein the request parameters comprise a request protocol parameter and a request quantity parameter;
flow sending, extracting corresponding protocol features from a protocol library according to the request protocol parameters, and using the extracted protocol features as sending protocol parameters; and modifying quintuple information of the flow according to the request quantity parameter to serve as a sending quantity parameter, and configuring the test flow according to the sending protocol parameter and the sending quantity parameter.
By adopting the scheme, when the test is actually carried out, the situation that a large number of users surf the internet at the same time is often required to be simulated, wherein protocols in traffic transmitted by each user are different, and the corresponding protocol characteristics can be called from a protocol library according to the test requirements; the quintuple information of the actual users on the internet is different, so that the number of the users can simulate the real internet situation by modifying the different quintuple information.
Further, the test flow is a flow sent to a device to be tested.
Further, the device to be tested may be a computer or a server, etc.
Further, the quintuple information includes a source IP address, the test traffic is provided with at least one source IP address, and the number of the source IP addresses corresponds to the transmission number parameter.
By adopting the scheme, the source IP addresses of different users are different when the users actually surf the internet, so that a plurality of different source IP addresses are set in the test flow, the situation of the users actually surf the internet can be simulated, and the authenticity of equipment during testing is improved.
Further, the five-tuple information further includes a source port, a destination IP address, a destination port, and a transport layer protocol.
Further, the network traffic simulation test method further includes the steps of traffic transmission, receiving the test traffic, and sending the test traffic to a device to be tested by using a DPDK technology.
By adopting the scheme, the DPDK technology is used for transmitting, the network card speed limit condition can be achieved, and the network test efficiency is improved.
Further, the network traffic simulation test method further includes a protocol library update, and the protocol library update includes the steps of:
receiving network traffic, wherein the network traffic is data flow in the actual Internet;
analyzing the network flow, namely receiving and analyzing the network flow to obtain a protocol name and protocol characteristics in the network flow;
and comparing the protocol name and the protocol characteristics in the network flow with the protocol name and the protocol characteristics of each protocol in the protocol library, and judging whether to update the protocol library according to a comparison result.
By adopting the scheme, the network flow is the data flow in the actual Internet, the actual data flow is used as a comparison sample, the real-time performance of the data in the protocol library is improved, if the protocol name and the protocol characteristics which are the same as those in the network flow exist in the protocol library, the updating is not needed, otherwise, the updating is carried out.
Further, the setting place of the port for receiving the network traffic comprises a home network interface, a machine room network interface or a company network interface.
By adopting the scheme, the port for receiving the network flow is arranged at the actual network interface, and the protocol library can be updated when data is transmitted at the network interface.
Further, the network traffic analysis may be performed by a deep packet inspection technique.
Further, the Deep Packet Inspection technology (DPI) is a Packet-based Deep Inspection technology, which performs Deep Inspection on different network application layer loads (e.g., HTTP, DNS, etc.), and determines the validity of the Packet by inspecting the payload of the Packet.
Further, the protocol library comparison comprises a step of protocol name comparison, the protocol name comparison comprises the steps of:
receiving the protocol name of the network flow, and judging whether the protocol name exists in the protocol library;
if so, comparing the protocol features under the protocol name in the network flow with the protocol features under the protocol name in the protocol library;
if not, adding the protocol name in the network flow and the protocol feature under the protocol name into a protocol library.
By adopting the scheme, through the comparison of the protocol names, if the original protocol library does not have the protocol name, the protocol characteristics do not need to be compared, and the protocol library is directly added, so that the updating efficiency of the protocol library is improved.
Further, the protocol library comparison further comprises a protocol feature comparison, the protocol feature comparison comprises the steps of:
judging whether the protocol feature under the protocol name in the network flow is consistent with the protocol feature under the protocol name in a protocol library;
if yes, the protocol library does not need to be updated;
if not, replacing the protocol feature under the protocol name in the protocol library with the protocol feature under the protocol name in the network flow.
By adopting the scheme, if the same protocol name exists in the protocol library, the specific protocol name is compared, and the updating accuracy of the protocol library is improved.
Further, the protocol library updating step and the protocol library constructing step can be performed at the same end, and can also be performed at different ends, and when the protocol library updating step and the protocol library constructing step are performed at different ends, communication is performed through a socket.
By adopting the scheme, the protocol library updating step and the protocol library constructing step are carried out at different ends, so that the load on one end is reduced, and the configuration requirement on equipment at one end is reduced.
Further, the Socket (Socket) is an abstraction of an endpoint for bidirectional communication between application processes on different hosts in a network. A socket is the end of a process's communication over a network and provides a mechanism for application layer processes to exchange data using a network protocol. In terms of the position, the socket uplink application process and the socket downlink network protocol stack are interfaces through which the application program communicates through the network protocol, and are interfaces through which the application program interacts with the network protocol root.
A second aspect of the present application provides a network traffic simulation test system, including:
the protocol library construction module is used for receiving the protocol names and the protocol characteristics of the protocols, recording the protocol characteristics of the protocols corresponding to the protocol names and constructing a protocol library;
a request parameter receiving module, wherein the request parameters comprise a request protocol parameter and a request quantity parameter;
the flow sending module is used for extracting corresponding protocol features from a protocol library according to the request protocol parameters and using the protocol features as sending protocol parameters; and modifying quintuple information of the flow according to the request quantity parameter to serve as a sending quantity parameter, and configuring the test flow according to the sending protocol parameter and the sending quantity parameter.
By adopting the scheme, when the test is actually carried out, the situation that a large number of users surf the internet at the same time is often required to be simulated, wherein protocols in traffic transmitted by each user are different, and the corresponding protocol characteristics can be called from a protocol library according to the test requirements; the quintuple information of the actual users on the internet is different, so that the number of the users can simulate the real internet situation by modifying the different quintuple information.
Further, the test flow is a flow sent to a device to be tested.
Further, the quintuple information includes a source IP address, the test traffic is provided with at least one source IP address, and the number of the source IP addresses corresponds to the transmission number parameter.
Further, the five-tuple information further includes a source port, a destination IP address, a destination port, and a transport layer protocol.
Further, the network traffic simulation test system further includes a traffic transmission module, configured to receive the test traffic, and send the test traffic to a device to be tested by using a DPDK technique.
Further, the network traffic simulation test system further includes a protocol library updating module, and the protocol library updating module includes:
the network traffic receiving module is used for receiving the network traffic, wherein the network traffic is data flow in the actual Internet;
the network flow analysis module is used for receiving and analyzing the network flow to obtain a protocol name and protocol characteristics in the network flow;
and the protocol library comparison module is used for comparing the protocol name and the protocol characteristics in the network flow with the protocol name and the protocol characteristics of each protocol in the protocol library and judging whether to update the protocol library according to a comparison result.
Further, the setting place of the port for receiving the network traffic comprises a home network interface, a machine room network interface or a company network interface.
Further, the network traffic analysis may be performed by a deep packet inspection technique.
Further, the Deep Packet Inspection technology (DPI) is a Packet-based Deep Inspection technology, which performs Deep Inspection on different network application layer loads (e.g., HTTP, DNS, etc.), and determines the validity of the Packet by inspecting the payload of the Packet.
Further, the protocol library comparison module comprises a protocol name comparison module, and the function of the protocol name comparison module comprises:
receiving the protocol name of the network flow, and judging whether the protocol name exists in the protocol library;
if so, comparing the protocol features under the protocol name in the network flow with the protocol features under the protocol name in the protocol library;
if not, adding the protocol name in the network flow and the protocol feature under the protocol name into a protocol library.
Further, the protocol library comparison module further comprises a protocol feature comparison module, and the functions of the protocol feature comparison module include:
judging whether the protocol feature under the protocol name in the network flow is consistent with the protocol feature under the protocol name in a protocol library;
if yes, the protocol library does not need to be updated;
if not, replacing the protocol feature under the protocol name in the protocol library with the protocol feature under the protocol name in the network flow.
Further, the protocol library updating module and the protocol library constructing module can be arranged at the same end and can also be arranged at different ends, and when the protocol library updating module and the protocol library constructing module are arranged at different ends, communication is carried out through a socket.
Further, the Socket (Socket) is an abstraction of an endpoint for bidirectional communication between application processes on different hosts in a network. A socket is the end of a process's communication over a network and provides a mechanism for application layer processes to exchange data using a network protocol. In terms of the position, the socket uplink application process and the socket downlink network protocol stack are interfaces through which the application program communicates through the network protocol, and are interfaces through which the application program interacts with the network protocol root.
A third aspect of the present application provides a network traffic simulation testing apparatus, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the network traffic simulation testing apparatus implements the network traffic simulation testing method.
A fourth aspect of the present application provides a storage medium comprising one or more programs executable by a processor to perform the network traffic simulation testing method described above.
In summary, the present application has the following beneficial effects:
1. according to the network flow simulation test method, when actual test is carried out, the situation that a large number of users surf the internet at the same time is often required to be simulated, wherein protocols in flow transmitted by the users are different, and the scheme can call corresponding protocol features from a protocol library according to test requirements; the quintuple information of the actual users on the internet is different, so that the number of the users can simulate the real internet situation by modifying different quintuple information;
2. according to the network flow simulation test method, the source IP addresses of different users are different when the users actually surf the internet, so that a plurality of different source IP addresses are set in the test flow, the situation of the users actually surf the internet can be simulated, and the authenticity of equipment during test is improved;
3. according to the network flow simulation test method, the network flow is a data flow in the actual Internet, the actual data flow is used as a comparison sample, the real-time performance of data in a protocol library is improved, if the protocol library already has the same protocol name and protocol characteristics as those in the network flow, updating is not needed, and otherwise, updating is carried out;
4. according to the network flow simulation test method, the protocol library updating step and the protocol library constructing step are carried out at different ends, so that the load on one end is reduced, and the configuration requirement on equipment on one end is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of an embodiment of a network traffic simulation test method according to the present application;
FIG. 2 is a flow chart of another embodiment of a network traffic simulation test method according to the present application;
FIG. 3 is a flow chart of another preferred embodiment of the network traffic simulation test method according to the present application;
FIG. 4 is a flow chart of a refinement of the steps of FIG. 3;
FIG. 5 is a flow chart of a further refinement of the steps of FIG. 3;
FIG. 6 is a schematic diagram of an embodiment of a network traffic simulation test system according to the present application;
FIG. 7 is a schematic diagram of another embodiment of a network traffic simulation test system according to the present application;
fig. 8 is a detailed diagram of the module of the protocol library updating module.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
As shown in fig. 1, a first aspect of the present application provides a network traffic simulation testing method, including the following steps:
s100, constructing a protocol library, namely receiving protocol names and protocol features of all protocols, recording the protocol features of all the protocols corresponding to the protocol names, and constructing the protocol library;
in a specific implementation process, the protocol name is a transport layer protocol name in the quintuple information, the protocol name may be a QQ protocol, an HTTP protocol, or an SMB protocol, and the like, the protocol feature is a protocol feature code of the transport layer protocol, and the protocol feature code of the HTTP protocol may be "HTTP/1.0", "GET", "POST", and the like.
In the specific implementation process, the protocol name may also be NETBIOS, RTX, SMTP _ REQUEST, SMTP _ REPLY, or the like.
S200, receiving request parameters, wherein the request parameters comprise request protocol parameters and request quantity parameters;
in a specific implementation process, the request parameter is a parameter set according to a test requirement, and the request parameter is used for configuring a test flow.
In a specific implementation process, the request parameter may be a parameter provided by a user.
S300, flow sending, wherein corresponding protocol features are extracted from a protocol library according to the request protocol parameters and serve as sending protocol parameters; and modifying quintuple information of the flow according to the request quantity parameter to serve as a sending quantity parameter, and configuring the test flow according to the sending protocol parameter and the sending quantity parameter.
In a specific implementation process, the request parameter may further set a test traffic size, where the test traffic size may be 1G, 2G, or 500M, and when the request parameter includes the test traffic size, a padding field is added in the traffic sending step to pad the traffic size.
In a specific implementation process, the request protocol parameter is a parameter of a required flow when a flow sending request is performed, the sending protocol parameter is a parameter of a test flow when the test flow is actually sent, the sending protocol parameter is a protocol sent according to a requirement, the sending protocol parameter may be an HTTP protocol, and a protocol feature "HTTP/1.0", "GET", "POST" of the HTTP protocol, and the sending number parameter may be 1, 10, or 100.
In a specific implementation, the padding field may be an invalid encoding field.
By adopting the scheme, when the test is actually carried out, the situation that a large number of users surf the internet at the same time is often required to be simulated, wherein protocols in traffic transmitted by each user are different, and the corresponding protocol characteristics can be called from a protocol library according to the test requirements; the quintuple information of the actual users on the internet is different, so that the number of the users can simulate the real internet situation by modifying the different quintuple information.
In a specific implementation process, the storage structure of the feature library may be as shown in table one:
watch 1
In a specific implementation process, the test flow is a flow sent to a device to be tested.
In a specific implementation process, the quintuple information comprises a source IP address, the test flow is provided with at least one source IP address, and the number of the source IP addresses corresponds to the sending number parameter.
In a specific implementation process, the IP address is a numeric code such as 123.114.38.200, the IP address can be modified by changing the code, and the modified IP address can be 123.114.38.201, 123.114.38.202 and the like.
In a specific implementation process, if the sending quantity parameter is 3, the test traffic includes 3 IP addresses, and if the sending quantity parameter is 100, the test traffic includes 100 IP addresses.
By adopting the scheme, the source IP addresses of different users are different when the users actually surf the internet, so that a plurality of different source IP addresses are set in the test flow, the situation of the users actually surf the internet can be simulated, and the authenticity of equipment during testing is improved.
In a specific implementation process, the five-tuple information further includes a source port, a destination IP address, a destination port, and a transport layer protocol.
In a specific implementation process, the five-tuple information of the flow is modified according to the request quantity parameter, which may be a source IP address in the five-tuple information or a source port in the five-tuple information.
In a specific implementation process, the five-tuple information of the traffic is modified according to the request quantity parameter, which may be modifying a source port number in the five-tuple information.
As shown in fig. 2, in a specific implementation process, the network traffic simulation testing method further includes step S400 of traffic transmission, receiving the test traffic, and sending the test traffic to a device to be tested by using a DPDK technique.
In the specific implementation process, the DPDK technology is a Data Plane Development Kit (DPDK) developed by multiple companies such as 6WIND, Intel, and the like, and is mainly based on Linux system operation, and is used for a function library and a driver set for fast Data packet processing, so that Data processing performance and throughput can be greatly improved, and the work efficiency of a Data Plane application program can be improved.
By adopting the scheme, the DPDK technology is used for transmitting, the network card speed limit condition can be achieved, and the network test efficiency is improved.
As shown in fig. 3 and 4, in a preferred embodiment of the present invention, the network traffic simulation testing method further includes S500, updating a protocol library, where the updating of the protocol library includes the steps of:
s510, receiving network traffic, wherein the network traffic is data flow in the actual Internet;
s520, analyzing the network flow, receiving and analyzing the network flow to obtain a protocol name and protocol characteristics in the network flow;
s530, comparing the protocol name and the protocol characteristics in the network flow with the protocol name and the protocol characteristics of each protocol in the protocol library, and judging whether to update the protocol library according to the comparison result.
By adopting the scheme, the network flow is the data flow in the actual Internet, the actual data flow is used as a comparison sample, the real-time performance of the data in the protocol library is improved, if the protocol name and the protocol characteristics which are the same as those in the network flow exist in the protocol library, the updating is not needed, otherwise, the updating is carried out.
In a specific implementation process, the setting place of the port for receiving the network traffic includes a home network interface, a machine room network interface or a company network interface.
By adopting the scheme, the port for receiving the network flow is arranged at the actual network interface, and the protocol library can be updated when data is transmitted at the network interface.
In a specific implementation process, the analysis of the network traffic may be performed in a manner of considering observation of packet data, or may be performed by a deep packet inspection technique.
In a preferred embodiment of the present invention, the network traffic analysis may be performed by a deep packet inspection technology.
In a specific implementation process, the Deep Packet Inspection technology (DPI, Deep Packet Inspection) is a Packet-based Deep Inspection technology, and performs Deep Inspection on different network application layer loads (such as HTTP, DNS, and the like), and determines validity of a Packet by inspecting a payload of the Packet.
As shown in fig. 5, in the specific implementation process, the S530 and protocol library comparison includes a step S531 and a protocol name comparison, where the S531 and protocol name comparison includes the steps of:
receiving the protocol name of the network flow, and judging whether the protocol name exists in the protocol library;
if so, comparing the protocol features under the protocol name in the network flow with the protocol features under the protocol name in the protocol library;
if not, adding the protocol name in the network flow and the protocol feature under the protocol name into a protocol library.
By adopting the scheme, through the comparison of the protocol names, if the original protocol library does not have the protocol name, the protocol characteristics do not need to be compared, and the protocol library is directly added, so that the updating efficiency of the protocol library is improved.
As shown in fig. 5, in the specific implementation process, the S530 and protocol library comparison further includes a step S532 and a protocol feature comparison, where the S532 and protocol feature comparison includes the steps of:
judging whether the protocol feature under the protocol name in the network flow is consistent with the protocol feature under the protocol name in a protocol library;
if yes, the protocol library does not need to be updated;
if not, replacing the protocol feature under the protocol name in the protocol library with the protocol feature under the protocol name in the network flow.
By adopting the scheme, if the same protocol name exists in the protocol library, the specific protocol name is compared, and the updating accuracy of the protocol library is improved.
In a specific implementation process, the protocol name of the network traffic may be an HTTP protocol, the protocol feature of the HTTP protocol may be "HTTP/1.0", "GET", or "POST", and if the protocol library does not have the protocol name of "HTTP protocol", the HTTP protocol and "HTTP/1.0", "GET", or "POST" are added to the protocol library to update the protocol library; if the protocol library has a protocol name of "HTTP protocol", and the features under the protocol library "HTTP protocol" are "HTTP/1.0" and "GET", the protocol library lacks a feature "POST", and the HTTP protocol, the "HTTP/1.0", the "GET" and the "POST" are substituted for the "HTTP protocol" and the protocol features "HTTP/1.0" and "GET" in the original protocol library.
In a specific implementation process, the comparison protocol name, the comparison protocol feature and the step of updating the protocol library in the step of S530 and the step of comparing the protocol library may be implemented in a manner of manually comparing and replacing one by one, or in a manner of using a computer language such as Java or C.
In a specific implementation process, the step S500, the step S100 and the step S100 of updating the protocol library and the step of constructing the protocol library can be performed at the same end, or can be performed at different ends, and when the step S and the step S of constructing the protocol library are performed at different ends, communication is performed through a socket.
In a specific implementation process, the step S500, the step S100 and the step S100 of updating the protocol library and the step of constructing the protocol library may be performed in the same server or computer, or may be performed in different servers or computers.
By adopting the scheme, the protocol library updating step and the protocol library constructing step are carried out at different ends, so that the load on one end is reduced, and the configuration requirement on equipment at one end is reduced.
In the concrete implementation process, the Socket (Socket) is an abstraction of an endpoint for bidirectional communication between application processes on different hosts in a network. A socket is the end of a process's communication over a network and provides a mechanism for application layer processes to exchange data using a network protocol. In terms of the position, the socket uplink application process and the socket downlink network protocol stack are interfaces through which the application program communicates through the network protocol, and are interfaces through which the application program interacts with the network protocol root.
As shown in fig. 6, a second aspect of the present application provides a network traffic simulation test system, including:
the protocol library construction module 100 is configured to receive the protocol names and the protocol features of the protocols, record the protocol features of the protocols corresponding to the protocol names, and construct a protocol library;
a request parameter receiving module 200, wherein the request parameters comprise a request protocol parameter and a request quantity parameter;
a traffic sending module 300, configured to extract, according to the request protocol parameter, a corresponding protocol feature from a protocol library, as a sending protocol parameter; and modifying quintuple information of the flow according to the request quantity parameter to serve as a sending quantity parameter, and configuring the test flow according to the sending protocol parameter and the sending quantity parameter.
By adopting the scheme, when the test is actually carried out, the situation that a large number of users surf the internet at the same time is often required to be simulated, wherein protocols in traffic transmitted by each user are different, and the corresponding protocol characteristics can be called from a protocol library according to the test requirements; the quintuple information of the actual users on the internet is different, so that the number of the users can simulate the real internet situation by modifying the different quintuple information.
In a specific implementation process, the test flow is a flow sent to a device to be tested.
In a specific implementation process, the quintuple information comprises a source IP address, the test flow is provided with at least one source IP address, and the number of the source IP addresses corresponds to the sending number parameter.
In a specific implementation process, the five-tuple information further includes a source port, a destination IP address, a destination port, and a transport layer protocol.
As shown in fig. 7, in a specific implementation process, the network traffic simulation test system further includes a traffic transmission module 400, configured to receive the test traffic, and send the test traffic to a device to be tested by using a DPDK technique.
As shown in fig. 7 and 8, in a preferred embodiment of the present invention, the network traffic simulation test system further includes a protocol library updating module 500, where the protocol library updating module includes:
a network traffic receiving module 510, where the network traffic is a data stream in an actual internet;
a network traffic analyzing module 520, configured to receive and analyze network traffic to obtain a protocol name and a protocol feature in the network traffic;
a protocol library comparison module 530, configured to compare the protocol name and the protocol feature in the network traffic with the protocol name and the protocol feature of each protocol in the protocol library, and determine whether to update the protocol library according to a comparison result.
In a specific implementation process, the setting place of the port for receiving the network traffic includes a home network interface, a machine room network interface or a company network interface.
In a specific implementation process, the network traffic analysis may be performed by a deep packet inspection technology.
In a specific implementation process, the Deep Packet Inspection technology (DPI, Deep Packet Inspection) is a Packet-based Deep Inspection technology, and performs Deep Inspection on different network application layer loads (such as HTTP, DNS, and the like), and determines validity of a Packet by inspecting a payload of the Packet.
As shown in fig. 8, in a specific implementation process, the protocol library comparison module 530 includes a protocol name comparison module 531, and the function of the protocol name comparison module 531 includes:
receiving the protocol name of the network flow, and judging whether the protocol name exists in the protocol library;
if so, comparing the protocol features under the protocol name in the network flow with the protocol features under the protocol name in the protocol library;
if not, adding the protocol name in the network flow and the protocol feature under the protocol name into a protocol library.
As shown in fig. 8, in a specific implementation process, the protocol library comparison module 530 further includes a protocol feature comparison module 532, and the functions of the protocol feature comparison module include:
judging whether the protocol feature under the protocol name in the network flow is consistent with the protocol feature under the protocol name in a protocol library;
if yes, the protocol library does not need to be updated;
if not, replacing the protocol feature under the protocol name in the protocol library with the protocol feature under the protocol name in the network flow.
In a specific implementation process, the protocol library updating module 500 and the protocol library constructing module 100 may be disposed at the same end or at different ends, and when the protocol library updating module 500 and the protocol library constructing module 100 are disposed at different ends, communication is performed through a socket.
In the concrete implementation process, the Socket (Socket) is an abstraction of an endpoint for bidirectional communication between application processes on different hosts in a network. A socket is the end of a process's communication over a network and provides a mechanism for application layer processes to exchange data using a network protocol. In terms of the position, the socket uplink application process and the socket downlink network protocol stack are interfaces through which the application program communicates through the network protocol, and are interfaces through which the application program interacts with the network protocol root.
A third aspect of the present application provides a network traffic simulation testing apparatus, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the network traffic simulation testing apparatus implements the network traffic simulation testing method.
A fourth aspect of the present application provides a storage medium comprising one or more programs executable by a processor to perform the network traffic simulation testing method described above.
It should be noted that, for those skilled in the art, without departing from the principle of the present application, several improvements and modifications can be made to the present application, and these improvements and modifications also fall into the protection scope of the claims of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
It should be understood that the technical problems can be solved by combining and combining the features of the embodiments from the claims.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A network flow simulation test method is characterized by comprising the following steps:
constructing a protocol library, namely receiving protocol names and protocol features of the protocols, recording the protocol features of the protocols corresponding to the protocol names, and constructing the protocol library;
receiving request parameters, wherein the request parameters comprise a request protocol parameter and a request quantity parameter;
flow sending, extracting corresponding protocol features from a protocol library according to the request protocol parameters, and using the extracted protocol features as sending protocol parameters; and modifying quintuple information of the flow according to the request quantity parameter to serve as a sending quantity parameter, and configuring the test flow according to the sending protocol parameter and the sending quantity parameter.
2. The network traffic simulation test method according to claim 1, characterized in that: the quintuple information comprises source IP addresses, the test flow is provided with at least one source IP address, and the number of the source IP addresses corresponds to the sending number parameter.
3. The network traffic simulation test method according to claim 2, characterized in that: the network flow simulation test method also comprises the steps of flow transmission, receiving the test flow and sending the test flow to the equipment to be tested by using a DPDK technology.
4. The network traffic simulation test method according to any one of claims 1 to 3, characterized in that: the network flow simulation test method also comprises protocol library updating, wherein the protocol library updating comprises the following steps:
receiving network traffic, wherein the network traffic is data flow in the actual Internet;
analyzing the network flow, namely receiving and analyzing the network flow to obtain a protocol name and protocol characteristics in the network flow;
and comparing the protocol name and the protocol characteristics in the network flow with the protocol name and the protocol characteristics of each protocol in the protocol library, and judging whether to update the protocol library according to a comparison result.
5. The network traffic simulation test method of claim 4, wherein: the setting place of the port for receiving the network flow comprises a home network interface, a machine room network interface or a company network interface.
6. The method for simulating and testing network traffic according to claim 5, wherein the comparison of the protocol libraries comprises the steps of:
receiving the protocol name of the network flow, and judging whether the protocol name exists in the protocol library;
if so, comparing the protocol features under the protocol name in the network flow with the protocol features under the protocol name in the protocol library;
if not, adding the protocol name in the network flow and the protocol feature under the protocol name into a protocol library.
7. The network traffic simulation test method of claim 6, wherein: judging whether the protocol feature under the protocol name in the network flow is consistent with the protocol feature under the protocol name in a protocol library;
if yes, the protocol library does not need to be updated;
if not, replacing the protocol feature under the protocol name in the protocol library with the protocol feature under the protocol name in the network flow.
8. The network traffic simulation test method according to any one of claims 5 to 7, characterized in that: the protocol library updating step and the protocol library constructing step can be carried out at the same end or at different ends, and when the protocol library updating step and the protocol library constructing step are carried out at different ends, communication is carried out through a socket.
9. A network traffic simulation test apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the network traffic simulation test method according to any one of claims 1 to 8 when executing the program.
10. A storage medium comprising one or more programs executable by a processor to perform the network traffic simulation testing method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011605830.9A CN112737891A (en) | 2020-12-30 | 2020-12-30 | Network flow simulation test method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011605830.9A CN112737891A (en) | 2020-12-30 | 2020-12-30 | Network flow simulation test method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112737891A true CN112737891A (en) | 2021-04-30 |
Family
ID=75611746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011605830.9A Pending CN112737891A (en) | 2020-12-30 | 2020-12-30 | Network flow simulation test method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112737891A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113347184A (en) * | 2021-06-01 | 2021-09-03 | 国家计算机网络与信息安全管理中心 | Method, device, equipment and medium for testing network flow security detection engine |
| CN114157461A (en) * | 2021-11-22 | 2022-03-08 | 绿盟科技集团股份有限公司 | Industrial control protocol data stream processing method, device, equipment and storage medium |
| CN115484209A (en) * | 2022-09-23 | 2022-12-16 | 绿盟科技集团股份有限公司 | Network flow playback method, device, medium and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020186697A1 (en) * | 2001-04-23 | 2002-12-12 | Thakkar Bina Kunal | Protocol encoder and decoder |
| US20040190448A1 (en) * | 2003-03-31 | 2004-09-30 | Daniil Fishteyn | System and method for ranking the quality of internet traffic directed from one Web site to another |
| CN1848777A (en) * | 2006-01-19 | 2006-10-18 | 华为技术有限公司 | Protocol simulation testing device |
| CN101582907A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method for enhancing the trapping capability of honeynet and honeynet system |
| CN104410542A (en) * | 2014-11-18 | 2015-03-11 | 小米科技有限责任公司 | Method and device for simulation test |
| CN104579795A (en) * | 2015-01-28 | 2015-04-29 | 武汉虹信技术服务有限责任公司 | Protocol feature library maintaining and using method for network data flow recognition |
| CN105282123A (en) * | 2014-07-24 | 2016-01-27 | 亿阳安全技术有限公司 | Network protocol identification method and device |
| US20190066219A1 (en) * | 2017-08-23 | 2019-02-28 | Andrew Ouderkirk | Method and apparatus for determining inventor impact |
| CN111817971A (en) * | 2020-06-12 | 2020-10-23 | 东南大学 | Data center network flow splicing method based on deep learning |
-
2020
- 2020-12-30 CN CN202011605830.9A patent/CN112737891A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020186697A1 (en) * | 2001-04-23 | 2002-12-12 | Thakkar Bina Kunal | Protocol encoder and decoder |
| US20040190448A1 (en) * | 2003-03-31 | 2004-09-30 | Daniil Fishteyn | System and method for ranking the quality of internet traffic directed from one Web site to another |
| CN1848777A (en) * | 2006-01-19 | 2006-10-18 | 华为技术有限公司 | Protocol simulation testing device |
| CN101582907A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method for enhancing the trapping capability of honeynet and honeynet system |
| CN105282123A (en) * | 2014-07-24 | 2016-01-27 | 亿阳安全技术有限公司 | Network protocol identification method and device |
| CN104410542A (en) * | 2014-11-18 | 2015-03-11 | 小米科技有限责任公司 | Method and device for simulation test |
| CN104579795A (en) * | 2015-01-28 | 2015-04-29 | 武汉虹信技术服务有限责任公司 | Protocol feature library maintaining and using method for network data flow recognition |
| US20190066219A1 (en) * | 2017-08-23 | 2019-02-28 | Andrew Ouderkirk | Method and apparatus for determining inventor impact |
| CN111817971A (en) * | 2020-06-12 | 2020-10-23 | 东南大学 | Data center network flow splicing method based on deep learning |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113347184A (en) * | 2021-06-01 | 2021-09-03 | 国家计算机网络与信息安全管理中心 | Method, device, equipment and medium for testing network flow security detection engine |
| CN114157461A (en) * | 2021-11-22 | 2022-03-08 | 绿盟科技集团股份有限公司 | Industrial control protocol data stream processing method, device, equipment and storage medium |
| CN114157461B (en) * | 2021-11-22 | 2023-08-01 | 绿盟科技集团股份有限公司 | Industrial control protocol data stream processing method, device, equipment and storage medium |
| CN115484209A (en) * | 2022-09-23 | 2022-12-16 | 绿盟科技集团股份有限公司 | Network flow playback method, device, medium and electronic equipment |
| CN115484209B (en) * | 2022-09-23 | 2024-04-02 | 绿盟科技集团股份有限公司 | Network traffic playback method and device, medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112737891A (en) | Network flow simulation test method, device and storage medium | |
| US7827531B2 (en) | Software testing techniques for stack-based environments | |
| EP1576487B1 (en) | Web server hit multiplier and redirector | |
| US6243832B1 (en) | Network access server testing system and methodology | |
| US6832184B1 (en) | Intelligent work station simulation—generalized LAN frame generation simulation structure | |
| CN113794605B (en) | Method, system and device for detecting kernel packet loss based on eBPF | |
| JP2009017298A (en) | Data analysis apparatus | |
| EP3364601B1 (en) | Testing method, device and system | |
| WO2021164261A1 (en) | Method for testing cloud network device, and storage medium and computer device | |
| US10320881B2 (en) | Operating system fingerprint detection | |
| CN101656642B (en) | Method, device and system for testing authentication performance of network access equipment | |
| Lin et al. | Low-storage capture and loss recovery selective replay of real flows | |
| US9916225B1 (en) | Computer implemented system and method and computer program product for testing a software component by simulating a computing component using captured network packet information | |
| KR101990022B1 (en) | Method for generating malicious traffic template about device group including malicious device apparatus thereof | |
| JP5613000B2 (en) | Application characteristic analysis apparatus and program | |
| CN114760216B (en) | Method and device for determining scanning detection event and electronic equipment | |
| CN115333872B (en) | Security gateway analysis function verification method and device, terminal device and storage medium | |
| CN101494654B (en) | Method and apparatus for determining server accessibility | |
| JP4680069B2 (en) | Method for dealing with interconnection of applications where implementation differences exist in SIP protocol | |
| EP1883187A1 (en) | Packet processing device, communication system, packet processing method, and program executing the method | |
| CN114513331A (en) | Mining Trojan detection method, device and equipment based on application layer communication protocol | |
| EP2564558A1 (en) | Method and arrangement for message analysis | |
| KR100621996B1 (en) | Method and system of analyzing internet service traffic | |
| CN116708001B (en) | Industrial control system private protocol vulnerability detection method and device | |
| KR102089417B1 (en) | Method for generating malicious traffic template about device group including malicious device apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210430 |
|
| RJ01 | Rejection of invention patent application after publication |