CN113783718A - Multi-core real-time IP packet capturing method and device - Google Patents
Multi-core real-time IP packet capturing method and device Download PDFInfo
- Publication number
- CN113783718A CN113783718A CN202110932047.1A CN202110932047A CN113783718A CN 113783718 A CN113783718 A CN 113783718A CN 202110932047 A CN202110932047 A CN 202110932047A CN 113783718 A CN113783718 A CN 113783718A
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- file
- packet capturing
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000001914 filtration Methods 0.000 claims abstract description 67
- 230000014509 gene expression Effects 0.000 claims abstract description 34
- 238000004806 packaging method and process Methods 0.000 claims abstract description 7
- 238000013506 data mapping Methods 0.000 claims description 36
- 238000007726 management method Methods 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 10
- 238000007405 data analysis Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 description 13
- 230000006872 improvement Effects 0.000 description 12
- 238000012423 maintenance Methods 0.000 description 6
- 238000011160 research Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/106—Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a multi-core real-time IP packet capturing method and a device, and the method comprises the following steps: step S1: setting packet capturing and filtering conditions; step S2: packaging the filtering condition into a filtering rule expression; step S3: distributing network cards and combining filtering rule expressions; step S4: establishing a plurality of packet capturing threads; step S5: and controlling the packet capturing thread to capture and stop the data packet. The device is used for implementing the method. The invention has the advantages of simple principle, simple and convenient operation, good bale grabbing effect and the like.
Description
Technical Field
The invention mainly relates to the technical field of network communication, in particular to a multi-core real-time IP packet capturing method and a multi-core real-time IP packet capturing device.
Background
With the rapid development of network technology, network communication is closely related to our life information, and the process of capturing, intercepting, retransmitting, editing and transferring data streams of network communication is 'packet capture', and the captured content is captured messages. The messages are acquired through packet capturing, and analysis and statistics are carried out on the messages, so that operation and maintenance research personnel can be helped to quickly locate the problems, and the problems are solved.
Currently, the mainstream packet capturing tools complete packet capturing by calling libPcap or winPcap underlying library functions. The principle of the method is that a bypass processing is added on a data link layer, when a data packet reaches a network interface, Pcap obtains a copy of the data packet from a link layer driver by using a created Socket, and then sends the data packet to a BPF filter by a Tap function; the BPF filter matches the data packets one by one according to the filtering rule, and if the matching is successful, the data packets are put into a kernel buffer area and transmitted to a user buffer area; and directly discarding the matching failure, and repeating the steps in a circulating way. However, this method actually uses a single-core mode, which is not high in cpu utilization rate, and under a large-traffic network transmission environment, the processing speed cannot keep up with the cpu utilization rate, resulting in packet loss.
In addition, after the packet is grabbed by the traditional method, the stored data are mixed, operation and maintenance research personnel often need to search and analyze a large amount of data, and the problem of positioning cannot be analyzed quickly and accurately. Taking the example of obtaining whether an application responds to a certain instruction in a certain time period, an operation and maintenance research and development worker needs to filter out the application session information, mark each time information and find a corresponding instruction through a packet capturing tool, and through the three steps, a relatively accurate conclusion can be obtained, which is time-consuming.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the technical problems in the prior art, the invention provides a multi-core real-time IP packet capturing method and device with simple principle, simple and convenient operation and good packet capturing effect.
In order to solve the technical problems, the invention adopts the following technical scheme:
a multi-core real-time IP packet capturing method comprises the following steps:
step S1: setting packet capturing and filtering conditions;
step S2: packaging the filtering condition into a filtering rule expression;
step S3: distributing network cards and combining filtering rule expressions;
step S4: establishing a plurality of packet capturing threads;
step S5: and controlling the packet capturing thread to capture and stop the data packet.
As a further improvement of the process of the invention: in step S1, the user sets a plurality of packet capturing filter conditions, each of which includes: source IP, source port, destination IP, destination port, packet capture protocol type.
As a further improvement of the process of the invention: in step S2, the filtering condition is packaged into a filtering rule expression according to the existing filtering grammar.
As a further improvement of the process of the invention: in the step S3, under the condition of multiple network cards, the corresponding capture packet network cards are allocated according to the filtering rule expressions, and the filtering rule expressions allocated to the same network cards are combined into one in pairs, or a plurality of filtering rule expressions are combined into one.
As a further improvement of the process of the invention: in step S4, the number of the packet capturing threads is established according to the combined number of the filter rule expressions.
As a further improvement of the process of the invention: further comprising step S6: and after capturing the data packet, performing statistical classified storage and data information management on the data.
As a further improvement of the process of the invention: the step S6 includes:
step S601: analyzing the captured data packet;
step S602: establishing a data mapping relation, storing effective data, and storing the data with the same source and destination into the same file;
step S603: and establishing a database file attribute table, and inserting effective data file attribute fields into the table for post analysis and retrieval.
As a further improvement of the process of the invention: in step S601, the data packet content is analyzed according to the network protocol to obtain specific effective data content, which includes data length, data source IP, data source port, data destination IP, and data destination port.
As a further improvement of the process of the invention: in step S602, a data mapping relationship table is established, where the mapping table fields include a source IP, a source port, a destination IP, a destination port, and a file object; according to the specific information acquired by the data analysis module, comparing the specific information with the existing information of the data mapping table, if the specific information does not exist, establishing a new storage file object, adding corresponding information into the data mapping table, and writing the effective data and the current timestamp into the file; if the existing information is found from the data mapping table, acquiring a storage file object from the data mapping table, and writing the effective data and the current timestamp into the file; if the size of the written file reaches the threshold value, closing the file object, and deleting the corresponding information in the mapping table; the data mapping module processing flow ensures that only data with the same source and the same destination are stored in the same file;
as a further improvement of the process of the invention: in step S603, a database file attribute table is established for post analysis and retrieval; inserting a record into the file attribute table every time a new file storage object is established; and updating the corresponding record in the file attribute table every time the valid data is written into the file.
As a further improvement of the device of the invention: a multi-core real-time IP packet capturing device is characterized by comprising:
the filtering condition setting module is used for setting the packet capturing filtering conditions;
the filtering converter is used for packaging the filtering condition into a filtering rule expression;
the network card distribution module is used for distributing the network cards and combining the filtering rule expressions;
the multithreading packet capturing module is used for establishing a plurality of packet capturing threads;
and the acquisition control module is used for controlling the capturing and stopping of the data packet of the packet capturing thread.
As a further improvement of the device of the invention: the device also comprises a packet capturing data statistics storage management module which is used for performing statistics classification storage and data information management on data after capturing the data packet.
As a further improvement of the device of the invention: the packet capturing data statistics storage management module comprises:
the data analysis module is used for analyzing the captured data packet;
the data mapping module is used for establishing a data mapping relation and storing effective data, and the data with the same source and the same destination are stored in the same file;
and the database management module is used for establishing a database file attribute table, and inserting effective data file attribute fields into the table for post analysis and retrieval.
Compared with the prior art, the invention has the advantages that:
the multi-core real-time IP packet capturing method and the device have the advantages of simple principle, simple and convenient operation and good packet capturing effect, and on one hand, the multi-core real-time IP packet capturing method and the device improve the CPU utilization rate and realize high-efficiency packet capturing without packet loss; on the other hand, the data content and information of the source to the destination or the destination to the source are independently stored through the packet data statistics storage management method, and the operation and maintenance research personnel can find the corresponding data file only by searching the keywords.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a flow chart illustrating the statistical classification storage and data information management of data in a specific application example of the present invention.
Fig. 3 is a schematic diagram of the topology of the apparatus of the present invention.
Detailed Description
The invention will be described in further detail below with reference to the drawings and specific examples.
As shown in fig. 1, the multi-core real-time IP packet capturing method of the present invention is actually a multi-thread concurrent packet capturing method, and includes the steps of:
step S1: setting packet capturing and filtering conditions;
step S2: packaging the filtering condition into a filtering rule expression; in a specific application, the method can be realized by a filtering converter;
step S3: distributing network cards and combining filtering rule expressions; in specific application, the method can be realized through a network card distribution module;
step S4: establishing a plurality of packet capturing threads; in specific application, the method can be realized through a multithreading packet capturing module;
step S5: controlling the packet capturing thread to capture and stop the data packet; in specific application, the method can be realized through the acquisition control module.
In a specific application example, in step S1, the user sets a plurality of packet capturing filter conditions, where each filter condition includes: source IP, source port, destination IP, destination port, packet capture protocol type.
In a specific application example, in step S2, the filtering condition is packaged into a filtering rule expression according to an existing filtering syntax.
In a specific application example, in step S3, in the case of multiple network cards, the corresponding packet capturing network cards are allocated according to the filtering rule expressions, and the filtering rule expressions allocated to the same network cards are combined into one or more filtering rule expressions are combined into one in pairs.
In a specific application example, in the step S4, how many combinations of the filtering rule expressions are, how many bale catching threads are established.
In a specific application example, in the step S5, the data packet capturing or stopping of the multiple packet capturing threads is controlled according to actual needs.
Referring to fig. 1, the present invention further includes step S6 on the basis of the above steps: and after capturing the data packet, performing statistical classified storage and data information management on the data. In specific application, the method can be realized by collecting packet capturing data statistics, storing and managing modules.
In a specific application example, the step S6 includes:
step S601: analyzing the captured data packet;
step S602: establishing a data mapping relation, storing effective data, and storing the data with the same source and destination into the same file;
step S603: and establishing a database file attribute table, and inserting effective data file attribute fields into the table for post analysis and retrieval.
Referring to fig. 2, in step S601, the present invention further parses the data packet content according to the network protocol to obtain specific effective data content, which includes data length, data source IP, data source port, data destination IP, and data destination port;
referring to fig. 2, in step S602, the present invention further establishes a data mapping table, where the fields of the mapping table include a source IP, a source port, a destination IP, a destination port, and a file object. The specific process is that according to the specific information obtained by the data analysis module, such as a source IP, a source port, a destination IP and a destination port, the specific information is compared with the existing information of a data mapping table, if the specific information is not, a new storage file object is established, the corresponding information is added into the data mapping table, and the effective data and the current timestamp are written into a file; if the existing information is found from the data mapping table, acquiring a storage file object from the data mapping table, and writing the effective data and the current timestamp into the file; if the size of the written file reaches the threshold value, the file object is closed, and the corresponding information in the mapping table is deleted. The data mapping module processing flow ensures that only data with the same source and the same destination are stored in the same file;
referring to fig. 2, in step S603, the present invention further establishes a database file attribute table for post analysis and retrieval. The file attribute table field includes a file name, a file size, a file creation time, a file storage path, a source IP, a source port, a destination IP, and a destination port. Inserting a record into the file attribute table every time a new file storage object is established; and updating the corresponding record in the file attribute table every time the valid data is written into the file. The method facilitates subsequent operation and maintenance and research personnel to directly retrieve the corresponding data information from the file attribute table and acquire the stored data file.
Referring to fig. 3, the present invention further provides a multi-core real-time IP packet capturing apparatus, which includes:
the filtering condition setting module is used for setting the packet capturing filtering conditions;
the filtering converter is used for packaging the filtering condition into a filtering rule expression;
the network card distribution module is used for distributing the network cards and combining the filtering rule expressions;
the multithreading packet capturing module is used for establishing a plurality of packet capturing threads;
and the acquisition control module is used for controlling the capturing and stopping of the data packet of the packet capturing thread.
In a specific application example, in the filtering condition setting module, a user sets a plurality of packet capturing filtering conditions, each filtering condition including: source IP, source port, destination IP, destination port, packet capture protocol type.
In a specific application example, in the filtering converter, the filtering condition is packaged into a filtering rule expression according to the existing filtering grammar.
In a specific application example, in the network card distribution module, under the condition of multiple network cards, corresponding packet capturing network cards are distributed according to filtering rule expressions, and the filtering rule expressions distributed to the same network cards are combined into one in pairs, or a plurality of filtering rule expressions are combined into one.
In a specific application example, in the multithreading packet capturing module, how many combinations of the filtering rule expressions are, how many packet capturing threads are established.
In a specific application example, the acquisition control module controls the data packets of the multiple packet capturing threads to capture or stop according to actual needs.
The invention further comprises a packet capturing data statistics storage management module which is used for performing statistics classification storage and data information management on the data after capturing the data packet.
In a specific application example, the packet capturing data statistics storage management module includes:
the data analysis module is used for analyzing the captured data packet;
the data mapping module is used for establishing a data mapping relation and storing effective data, and the data with the same source and the same destination are stored in the same file;
and the database management module is used for establishing a database file attribute table, and inserting effective data file attribute fields into the table for post analysis and retrieval.
In a specific application example, the data analysis module analyzes the data packet content according to a network protocol to obtain specific effective data content, which includes a data length, a data source IP, a data source port, a data destination IP, and a data destination port.
In a specific application example, the data mapping module establishes a data mapping relationship table, where fields of the mapping table include a source IP, a source port, a destination IP, a destination port, and a file object. The specific process is that according to the specific information obtained by the data analysis module, such as a source IP, a source port, a destination IP and a destination port, the specific information is compared with the existing information of a data mapping table, if the specific information is not, a new storage file object is established, the corresponding information is added into the data mapping table, and the effective data and the current timestamp are written into a file; if the existing information is found from the data mapping table, acquiring a storage file object from the data mapping table, and writing the effective data and the current timestamp into the file; if the size of the written file reaches the threshold value, the file object is closed, and the corresponding information in the mapping table is deleted. The data mapping module processing flow ensures that only data with the same source and the same destination are stored in the same file;
in a specific application example, the database management module establishes a database file attribute table for post analysis retrieval. The file attribute table field includes a file name, a file size, a file creation time, a file storage path, a source IP, a source port, a destination IP, and a destination port. Inserting a record into the file attribute table every time a new file storage object is established; and updating the corresponding record in the file attribute table every time the valid data is written into the file. The method facilitates subsequent operation and maintenance and research personnel to directly retrieve the corresponding data information from the file attribute table and acquire the stored data file.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.
Claims (13)
1. A multi-core real-time IP packet capturing method is characterized by comprising the following steps:
step S1: setting packet capturing and filtering conditions;
step S2: packaging the filtering condition into a filtering rule expression;
step S3: distributing network cards and combining filtering rule expressions;
step S4: establishing a plurality of packet capturing threads;
step S5: and controlling the packet capturing thread to capture and stop the data packet.
2. The multi-core real-time IP packet capturing method according to claim 1, wherein in step S1, a user sets a plurality of packet capturing filter conditions, each filter condition comprising: source IP, source port, destination IP, destination port, packet capture protocol type.
3. The multi-core real-time IP packet capturing method according to claim 1, wherein in step S2, the filtering condition is encapsulated into a filtering rule expression according to the existing filtering syntax.
4. The multi-core real-time IP packet capturing method according to claim 1, wherein in step S3, under the condition of multiple network cards, the corresponding packet capturing network cards are allocated according to the filtering rule expressions, and the filtering rule expressions allocated to the same network cards are combined into one in pairs, or a plurality of filtering rule expressions are combined into one.
5. The multi-core real-time IP packet grabbing method according to claim 1, wherein in the step S4, the number of packet grabbing threads is established according to the combined number of the filtering rule expressions.
6. The multi-core real-time IP packet grabbing method according to any one of claims 1 to 5, further comprising the step S6 of: and after capturing the data packet, performing statistical classified storage and data information management on the data.
7. The multi-core real-time IP packet grabbing method according to claim 6, wherein the step S6 comprises:
step S601: analyzing the captured data packet;
step S602: establishing a data mapping relation, storing effective data, and storing the data with the same source and destination into the same file;
step S603: and establishing a database file attribute table, and corresponding to the effective data file attributes in the data mapping storage file for post analysis and retrieval.
8. The multi-core real-time IP packet capturing method according to claim 7, wherein in step S601, the data packet content is analyzed according to a network protocol to obtain specific valid data content, which includes a data length, a data source IP, a data source port, a data destination IP, and a data destination port.
9. The multi-core real-time IP packet capturing method according to claim 7, wherein in step S602, a data mapping table is established, and mapping table fields include a source IP, a source port, a destination IP, a destination port, and a file object; according to the specific information acquired by the data analysis module, comparing the specific information with the existing information of the data mapping table, if the specific information does not exist, establishing a new storage file object, adding corresponding information into the data mapping table, and writing the effective data and the current timestamp into the file; if the existing information is found from the data mapping table, acquiring a storage file object from the data mapping table, and writing the effective data and the current timestamp into the file; if the size of the written file reaches the threshold value, closing the file object, and deleting the corresponding information in the mapping table; the data mapping module processing flow ensures that only data with the same source and the same destination are stored in the same file.
10. The multi-core real-time IP packet capturing method according to claim 7, wherein in step S603, a database file attribute table is established for post analysis retrieval; inserting a record into the file attribute table every time a new file storage object is established; and updating the corresponding record in the file attribute table every time the valid data is written into the file.
11. A multi-core real-time IP packet capturing device is characterized by comprising:
the filtering condition setting module is used for setting the packet capturing filtering conditions;
the filtering converter is used for packaging the filtering condition into a filtering rule expression;
the network card distribution module is used for distributing the network cards and combining the filtering rule expressions;
the multithreading packet capturing module is used for establishing a plurality of packet capturing threads;
and the acquisition control module is used for controlling the capturing and stopping of the data packet of the packet capturing thread.
12. The multi-core real-time IP packet capturing device of claim 11, further comprising a packet capturing data statistics storage management module, configured to perform statistics classification storage and data information management on data after capturing a data packet.
13. The multi-core real-time IP packet capturing device according to claim 11, wherein the packet capturing data statistics storage management module comprises:
the data analysis module is used for analyzing the captured data packet;
the data mapping module is used for establishing a data mapping relation and storing effective data, and the data with the same source and the same destination are stored in the same file;
and the database management module is used for establishing a database file attribute table, corresponding to the effective data file attributes in the data mapping storage file and used for analyzing and searching afterwards.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110932047.1A CN113783718A (en) | 2021-08-13 | 2021-08-13 | Multi-core real-time IP packet capturing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110932047.1A CN113783718A (en) | 2021-08-13 | 2021-08-13 | Multi-core real-time IP packet capturing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113783718A true CN113783718A (en) | 2021-12-10 |
Family
ID=78837875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110932047.1A Pending CN113783718A (en) | 2021-08-13 | 2021-08-13 | Multi-core real-time IP packet capturing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113783718A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553678A (en) * | 2022-02-09 | 2022-05-27 | 紫光云(南京)数字技术有限公司 | Diagnosis method for soft SLB traffic problem of cloud network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130246377A1 (en) * | 2008-08-12 | 2013-09-19 | Jitendra B. Gaitonde | Configuration management for a capture/registration system |
| CN106209684A (en) * | 2016-07-14 | 2016-12-07 | 深圳市永达电子信息股份有限公司 | A kind of method forwarding detection scheduling based on Time Triggered |
| CN112565338A (en) * | 2020-11-10 | 2021-03-26 | 中国人民解放军战略支援部队信息工程大学 | Method and system for capturing, filtering, storing and analyzing Ethernet message in real time |
-
2021
- 2021-08-13 CN CN202110932047.1A patent/CN113783718A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130246377A1 (en) * | 2008-08-12 | 2013-09-19 | Jitendra B. Gaitonde | Configuration management for a capture/registration system |
| CN106209684A (en) * | 2016-07-14 | 2016-12-07 | 深圳市永达电子信息股份有限公司 | A kind of method forwarding detection scheduling based on Time Triggered |
| CN112565338A (en) * | 2020-11-10 | 2021-03-26 | 中国人民解放军战略支援部队信息工程大学 | Method and system for capturing, filtering, storing and analyzing Ethernet message in real time |
Non-Patent Citations (1)
| Title |
|---|
| 罗巍: "iOS应用逆向与安全之道", 29 February 2020 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553678A (en) * | 2022-02-09 | 2022-05-27 | 紫光云(南京)数字技术有限公司 | Diagnosis method for soft SLB traffic problem of cloud network |
| CN114553678B (en) * | 2022-02-09 | 2024-02-13 | 紫光云(南京)数字技术有限公司 | Cloud network soft SLB flow problem diagnosis method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107634848B (en) | System and method for collecting and analyzing network equipment information | |
| CN102420701B (en) | Method for extracting internet service flow characteristics | |
| CN106815112B (en) | Massive data monitoring system and method based on deep packet inspection | |
| US10740027B2 (en) | High speed logging system | |
| CN108287905B (en) | Method for extracting and storing network flow characteristics | |
| CN103546343B (en) | The network traffics methods of exhibiting of network traffic analysis system and system | |
| CN103152352A (en) | Perfect information security and forensics monitoring method and system based on cloud computing environment | |
| CN109542741B (en) | Automatic log grouping storage method and device, computer equipment and storage medium | |
| CN102801714B (en) | Method for analyzing and reducing SQL (Structured Query Language) command in TNS (Transparent Network Substrate) protocol in by-pass manner | |
| CN107623611A (en) | A kind of flux monitoring system of cloud platform virtual machine | |
| CN105577411B (en) | Cloud service monitoring method and device based on service origin | |
| CN104394211A (en) | Design and implementation method for user behavior analysis system based on Hadoop | |
| CN110545199B (en) | SDN network flow statistical device and method based on Netflow | |
| CN108900374A (en) | A kind of data processing method and device applied to DPI equipment | |
| CN111935063B (en) | Abnormal network access behavior monitoring system and method for terminal equipment | |
| CN104320301B (en) | A kind of Intranet special line flux monitoring method and system | |
| CN110300065A (en) | A kind of application traffic identification method and system based on software defined network | |
| CN113783718A (en) | Multi-core real-time IP packet capturing method and device | |
| CN110493140A (en) | The cognitive method and its operating system of link event in information network system | |
| Iannaccone | Fast prototyping of network data mining applications | |
| CN113342826A (en) | Method, storage medium and system for uniformly managing data operations of different data acquisition engines | |
| Polychronakis et al. | Design of an application programming interface for ip network monitoring | |
| CN105337797A (en) | Data capturing method of network protocol of complex electronic information system | |
| CN110475161B (en) | Automatic fault positioning method and system for IPTV service live link | |
| CN103957119A (en) | Method for managing network devices through MIB file and browser |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |