CN101170491A - A packet snapping method for network interface board - Google Patents
A packet snapping method for network interface board Download PDFInfo
- Publication number
- CN101170491A CN101170491A CNA2007100774290A CN200710077429A CN101170491A CN 101170491 A CN101170491 A CN 101170491A CN A2007100774290 A CNA2007100774290 A CN A2007100774290A CN 200710077429 A CN200710077429 A CN 200710077429A CN 101170491 A CN101170491 A CN 101170491A
- Authority
- CN
- China
- Prior art keywords
- network interface
- address
- main frame
- packet capturing
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for package capturing of a network interface board, relating to a data package capturing method in the communication field. By adoption of a package capturing host to filtrate network messages passing through the network interface board, the invention comprises the steps as follows: that the IP address and the filtration conditions of the package capturing host are sent to a message processing module of the network interface board; the message processing module captures the address of the package capturing host to replicate a network message in accordance with the message filtration conditions, modifies the destination address of the replicated network messages into the address of the package capturing host, and then sends the address to the package capturing host; and the package capturing host acquires data in the replicated network messages through package capturing software. The invention realizes the package capturing function of the package capturing host arranged in an internal network, and gets the distribution routes of the network messages in a soft-switch system together with the internal network package capturing, facilitating to precisely position the network malfunction.
Description
Technical field
The present invention relates to the processing method for core network data in a kind of communication network, in particular a kind of packet snapping method of network interface board.
Background technology
To software development, the Softswitch in the core net adopts distributed system multi-processing board framework to switching node in the field of telecommunication networks by hardware, and communicating by letter of service protocol disposable plates and other equipment all is to be undertaken by network interface board.
Soft switchcall server (SoftSwitch system based on the all-IP net, SS), its basic framework as shown in Figure 1, whole soft switchcall server 100 is by system control panel 101 (System Control, SC), protocol system disposable plates 102 (System Protocol Card, SPC), (NetworkInterface Card, NIC) (System Switch Net SSN) forms network interface board 103 with systems exchange net 104.Wherein systems exchange net 104 is in order to realize the intercommunication between system control panel 101, protocol system disposable plates 102 and the network interface board.Can be clearly seen that from Fig. 1, network interface board 103 external Ethernet switches are to wide area network, the data of all turnover soft switchcall servers 100 are all passed through network interface board 103, and network interface board 103 is used for the distribution processor of network data, is the outbound data passage of soft switchcall server 100.Packet capturing is carried out in position at network interface board 103 places, can obtain the Protocol Processing Board of soft switchcall server and all partial datas that external equipment communicates.
When packet capturing main frame and network interface board are in the different sub-network section, be that described packet capturing main frame is when being in outer net, during its external network packet capturing of on soft switchcall server, implementing, need on the switch that network interface board links to each other, Port Mirroring be set, by the packet capturing of Port Mirroring enforcement external network, to obtain the network messaging between network interface board and the external equipment.But the external network packet snapping method under the prior art can not be known the network messaging and mail to the address of the inner concrete disposable plates of soft switch, and adopt the method for mirror image packet capturing need carry out extra hardware setting, complexity is set, and this method only supports to operate inconvenient Long-distance Control on the spot.
When packet capturing main frame and network interface board were in the same subnet section, when promptly described packet capturing main frame was in Intranet, prior art can't be implemented in carried out the internal network packet capturing on the soft switchcall server.
Therefore, there is defective in prior art, needs further improvement and develops.
Summary of the invention
The object of the present invention is to provide the packet snapping method at a kind of network interface board place, when packet capturing main frame and network interface board are in the same subnet section, can on soft switchcall server, implement the internal network packet capturing.
Technical scheme of the present invention is as follows:
A kind of packet snapping method of network interface board adopts the packet capturing main frame that the internet message by network interface board is filtered, and it may further comprise the steps:
A, described packet capturing host IP address and message screening condition sent to the message processing module of described network interface board;
The internet message that portion meets described message screening condition is duplicated in the address that B, described message processing module plate obtain the packet capturing main frame, and the destination address of the internet message that duplicates is revised as the address of described packet capturing main frame and sends to described packet capturing main frame;
C, described packet capturing main frame obtain the data in the described internet message that duplicates by packet capturing software.
Described packet snapping method, wherein, among the described step B, when described packet capturing main frame and network interface board were in same subnet section, the address of described packet capturing main frame was its physical address.
Described packet snapping method, wherein, the obtain manner among the described step B is to send the arp request bag to described packet capturing main frame.
Described packet snapping method, wherein, among the described step B, when described packet capturing main frame and network interface board were in the different sub-network section, the address of described packet capturing main frame was its IP address.
Described packet snapping method, wherein, the IP address that the modification process among the described step B also wraps described packet capturing main frame is encapsulated in the described internet message that duplicates.
Described packet snapping method, wherein, described message screening condition comprises protocol filtering condition, address filtering condition, ports filter conditioned disjunction network interface filtercondition.
Described packet snapping method, wherein, described address filtering condition comprises that the purpose IP address of internet message is for setting purpose IP address.
Described packet snapping method, wherein, described network interface filtercondition comprises: the sending direction of internet message belongs to sending direction, the receive direction of interior network interface, the sending direction of outer network interface or the receive direction of outer network interface of network interface in the described network interface board.
Compared with prior art, the invention provides the packet snapping method at a kind of network interface board place, by the message screening condition of packet capturing main frame being sent to the message processing module of network interface board, the internet message that the message screening module will meet the message screening condition duplicates, destination address with the internet message that duplicates is revised as the mode that the packet capturing main frame sends to the packet capturing main frame then again, make packet capturing main frame and network interface board under the situation of the same network segment, obtain internet message, simultaneously the cicada internet message the inner definite distributor of soft switchcall server to, be beneficial to locating network fault exactly.
Description of drawings
Fig. 1 is the schematic diagram of soft switchcall server under the prior art;
Fig. 2 implements the functional block diagram of packet capturing for soft switchcall server of the present invention;
Fig. 3 is the flow chart of the invention process packet capturing.
Embodiment
Below in conjunction with accompanying drawing, preferred embodiment of the present invention is described in further detail.
The packet snapping method of network interface board provided by the invention, as shown in Figure 2, the external equipment that links to each other with soft switchcall server 240 comprises: with the same network segment external equipment 250 of described soft switchcall server in same subnet section, with the non-same network segment external equipment 260 of described soft switchcall server in the different sub-network section.Internet message between described same network segment external equipment 250 and non-same network segment external equipment 260 and the protocol system disposable plates 241 all passes through network interface board 242.Described network interface board 242 is in the interface position of two network segments, has interior network interface and outer network interface, is respectively applied for the inside and outside internet message of the described soft switchcall server of transmitting-receiving.Packet capturing main frame 220 is distance hosts, and it links to each other with described soft switchcall server through gateway 230; Packet capturing main frame 210 and described network interface board 242 are main frames of same subnet section, and it directly links to each other with described soft switchcall server 240.The interior network interface of described network interface board 242 and outer network interface all have message processing module, and described message processing module has the function that internet message is filtered.When bale plucker was implemented packet capturing, the internet message of network interface and outer network interface filtered in described message processing module can be flowed through to all according to the message screening condition, the internet message that meets filtercondition can also be forwarded to packet capturing main frame 210 or 220.
Packet capturing realization flow of the present invention as shown in Figure 3, may further comprise the steps:
301, the present invention is provided with the IP address of control desk configuration messages filtercondition and packet capturing main frame, and sends to network interface board in the manmachine command mode.Described control desk can carry out long-range setting, and therefore, the present invention does not need arrangement personnel scene that filtercondition is set, and has reduced maintenance cost.
The message screening condition of described control desk configuration comprises protocol filtering condition, address filtering condition, ports filter condition and network interface filtercondition.
Described network interface filtercondition comprises that the sending direction of the internet message that will filter is the sending direction of the receive direction of the sending direction of interior network interface, interior network interface, outer network interface or the receive direction of outer network interface card.Described control desk can be selected one or more in described four kinds of selections simultaneously when the network interface filtercondition is set.
The message screening condition that is provided with in the present embodiment is for empty, and the internet message of expression all of the port and network interface all can be crawled; And in the address filtering condition, be provided with and set IP source address and set purpose IP address, the i.e. source address of the internet message that will filter and destination address.
302, the message processing module of described network interface board receives the message that control desk sends, the message that this control desk sends comprises the IP address of message screening condition and bale plucker, and the Data Format Transform of described message screening condition is become to be convenient to the data format that searching algorithm is carried out.The message processing module of described network interface board when transceiver network message, obtain the source IP address of described internet message and purpose IP address, source port and destination interface, with and network interface information.
303, the message processing module of described network interface board filters internet message according to described message screening condition, and it judges that mainly the transmitting-receiving network interface of described internet message is interior network interface or outer network interface; Whether the source IP address of internet message and purpose IP address meet is set source IP address and sets purpose IP address in the address filtering condition; Whether the source port of internet message and destination interface meet the ports filter condition.Described message processing module is filled into the internet message that meets filtercondition, and duplicates the internet message that portion meets filtercondition, enters step 304, and the internet message of incongruent filtercondition is transmitted according to normal flow.
304, described message processing module judges that whether the address of described packet capturing host address and network interface board is in same subnet section, if the address of described packet capturing host address and network interface board equates through mask operation, then described packet capturing main frame and network interface board are in same subnet section, enter step 305; If mask operation is difference as a result, represent that described packet capturing main frame and network interface board are in the different sub-network section, enter step 306.
305, described message processing module sends address resolution protocol (AddressResolution Protocol to described packet capturing main frame, ARP) request package, obtain the physical address of described packet capturing main frame, and store described physical address, for identical packet capturing main frame, described message processing module can obtain the physical address of described packet capturing main frame automatically like this; Obtain after the physical address of described packet capturing main frame, described message processing module is revised as the physical address of described packet capturing main frame with the target physical address of the internet message that duplicates, enters step 307 then.
306, described message processing module extends this as the physical address of gateway with the physical address of the internet message that duplicates, and the described internet message that duplicates is increased one deck IP encapsulation, the purpose IP field of internet message is extended this as the IP address of packet capturing main frame.
307, the described internet message that duplicates to be sent to the mode of described bale plucker identical with internet message processing mode under the prior art for described message processing module.Be specially described packet capturing main frame and network interface board when being positioned at same subnet section, the described internet message that duplicates will directly be mail to described packet capturing main frame by described message processing module according to its physical address, and link goes directly, and can analyze in real time; When described packet capturing main frame and network interface board were positioned at the different sub-network section, the described internet message that duplicates was mail to gateway by described message processing module, was spread according to common IP by described gateway afterwards to be passed to the packet capturing main frame.
When the present invention sends to described packet capturing main frame with the described internet message that duplicates, can also send by data sync such as outer network interface data and traffic, agreements, the flow direction of sending the back internet message is determined by described network packet of duplicating self.
After described packet capturing main frame is subjected to the described internet message that duplicates, use general packet capturing software to obtain data in the network information, this process is a prior art, no longer is described in detail here.
The packet snapping method of network interface board provided by the invention at first, carries out the configuration of message screening condition by the long-range Message Processing mould to network interface board of control desk, has saved maintenance cost; Secondly, message processing module adopts the mode that meets filtercondition internet message destination address of revising, the internet message that will meet filtercondition sends to bale plucker, both can realize the function of carrying out packet capturing when the packet capturing main frame is positioned at internal network, also can carry out the packet capturing of external network; The 3rd, the setting of described address filtering condition, make the packet capturing main frame carry out the internal network packet capturing, when obtaining real-time network message, can also know the Protocol Processing Board that sends or receive described internet message definitely, learn the distribution path of internet message, do data analysis by the internet message that packet capturing is obtained like this in soft switchcall server inside, can the accurate in locating network failure; At last, the external network packet snapping method that the present invention adopts does not compared with prior art need and additional configuration hardware, provides cost savings.
Should be understood that above-mentioned statement at preferred embodiment of the present invention is comparatively detailed, can not therefore think the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.
Claims (8)
1. the packet snapping method of a network interface board adopts the packet capturing main frame that the internet message by network interface board is filtered, and it may further comprise the steps:
A, described packet capturing host IP address and message screening condition are sent to described network interface board
Message processing module;
The address that B, described message processing module plate obtain the packet capturing main frame is duplicated portion and is met described disappearing
The internet message of breath filtercondition is revised as institute with the destination address of the internet message that duplicates
State the address of packet capturing main frame and send to described packet capturing main frame;
C, described packet capturing main frame obtain the data in the described internet message that duplicates by packet capturing software.
2. packet snapping method according to claim 1 is characterized in that, among the described step B, when described packet capturing main frame and network interface board were in same subnet section, the address of described packet capturing main frame was its physical address.
3. packet snapping method according to claim 2 is characterized in that, the obtain manner among the described step B is to send the arp request bag to described packet capturing main frame.
4. packet snapping method according to claim 1 is characterized in that, among the described step B, when described packet capturing main frame and network interface board were in the different sub-network section, the address of described packet capturing main frame was its IP address.
5. packet snapping method according to claim 4 is characterized in that, the IP address that the modification process among the described step B also wraps described packet capturing main frame is encapsulated in the described internet message that duplicates.
6. packet snapping method according to claim 1 is characterized in that, described message screening condition comprises protocol filtering condition, address filtering condition, ports filter conditioned disjunction network interface filtercondition.
7. packet snapping method according to claim 6 is characterized in that, described address filtering condition comprises that the purpose IP address of internet message is for setting purpose IP address.
8. packet snapping method according to claim 7, it is characterized in that described network interface filtercondition comprises: the sending direction of internet message belongs to sending direction, the receive direction of interior network interface, the sending direction of outer network interface or the receive direction of outer network interface of network interface in the described network interface board.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100774290A CN101170491A (en) | 2007-11-22 | 2007-11-22 | A packet snapping method for network interface board |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100774290A CN101170491A (en) | 2007-11-22 | 2007-11-22 | A packet snapping method for network interface board |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101170491A true CN101170491A (en) | 2008-04-30 |
Family
ID=39390964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100774290A Pending CN101170491A (en) | 2007-11-22 | 2007-11-22 | A packet snapping method for network interface board |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101170491A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102186117A (en) * | 2011-03-30 | 2011-09-14 | 深圳市同洲电子股份有限公司 | Network state judgment method and digital television terminal |
| CN102215146A (en) * | 2011-06-20 | 2011-10-12 | Tcl集团股份有限公司 | Webpage downloading monitoring method and device |
| CN101621429B (en) * | 2009-07-20 | 2012-05-23 | 中兴通讯股份有限公司 | Method and system for monitoring messages |
| CN102821054A (en) * | 2012-09-05 | 2012-12-12 | 山东神戎电子股份有限公司 | Cross-segment device searching method |
| CN103516920A (en) * | 2012-06-20 | 2014-01-15 | 中兴通讯股份有限公司 | Packet capture method and device |
| CN103812711A (en) * | 2012-11-05 | 2014-05-21 | 深圳市共进电子股份有限公司 | Router reception, transmission, receiving-sending message grabbing package method, and router |
| CN108737217A (en) * | 2018-06-01 | 2018-11-02 | 杭州迪普科技股份有限公司 | A kind of packet snapping method and device |
| CN112688916A (en) * | 2020-12-10 | 2021-04-20 | 展讯半导体(成都)有限公司 | Method, device and system for realizing remote automatic packet capturing |
-
2007
- 2007-11-22 CN CNA2007100774290A patent/CN101170491A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621429B (en) * | 2009-07-20 | 2012-05-23 | 中兴通讯股份有限公司 | Method and system for monitoring messages |
| CN102186117A (en) * | 2011-03-30 | 2011-09-14 | 深圳市同洲电子股份有限公司 | Network state judgment method and digital television terminal |
| CN102215146A (en) * | 2011-06-20 | 2011-10-12 | Tcl集团股份有限公司 | Webpage downloading monitoring method and device |
| CN103516920A (en) * | 2012-06-20 | 2014-01-15 | 中兴通讯股份有限公司 | Packet capture method and device |
| CN102821054A (en) * | 2012-09-05 | 2012-12-12 | 山东神戎电子股份有限公司 | Cross-segment device searching method |
| CN102821054B (en) * | 2012-09-05 | 2015-03-25 | 山东神戎电子股份有限公司 | Cross-segment device searching method |
| CN103812711A (en) * | 2012-11-05 | 2014-05-21 | 深圳市共进电子股份有限公司 | Router reception, transmission, receiving-sending message grabbing package method, and router |
| CN108737217A (en) * | 2018-06-01 | 2018-11-02 | 杭州迪普科技股份有限公司 | A kind of packet snapping method and device |
| CN108737217B (en) * | 2018-06-01 | 2020-06-09 | 杭州迪普科技股份有限公司 | Packet capturing method and device |
| CN112688916A (en) * | 2020-12-10 | 2021-04-20 | 展讯半导体(成都)有限公司 | Method, device and system for realizing remote automatic packet capturing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101170491A (en) | A packet snapping method for network interface board | |
| DE69933417T2 (en) | Device and method for router-free layer 3 routing in a network | |
| CN103650437B (en) | Anycast service registration, implementation method and device, switching equipment and system | |
| CN101411156B (en) | Automated containment of network intruder | |
| JP4598462B2 (en) | Provider network providing an L2-VPN service and edge router | |
| US7672227B2 (en) | Loop prevention system and method in a stackable ethernet switch system | |
| CN106375384A (en) | Management system of mirror network flow in virtual network environment and control method | |
| CN109286914B (en) | Multi-mode train-ground integrated mobile data transmission system | |
| EP1532771B1 (en) | Test method for message paths in communication networks, and network element | |
| US20030112808A1 (en) | Automatic configuration of IP tunnels | |
| JP2012235461A (en) | Network monitoring system, computer readable recording medium, and method of identifying topology of network | |
| JP4751811B2 (en) | Network setting method, network system, and relay device | |
| WO2001039438A9 (en) | Network architecture and call processing system | |
| CN105281951B (en) | Double primary apparatus conflict detection methods and the network equipment in VSU systems | |
| CN109547452A (en) | The method and system of TCP Transparent Proxy are realized on Linux bridge equipment | |
| US7881207B2 (en) | Method and system for loop-back and continue in packet-based network | |
| EP1185041A2 (en) | OSPF autonomous system with a backbone divided into two sub-areas | |
| CN101340445A (en) | Method and apparatus for providing service to MAC address duplicate customer | |
| CN108111423A (en) | Flow transfer management method, apparatus and network derived channel equipment | |
| JP5929720B2 (en) | Communication system and network relay device | |
| CN107483333A (en) | A kind of universal across routed domain interworking unit and method | |
| CN110504757A (en) | Dispatch data net visualization parsing configuration system | |
| CN110445708A (en) | Communication means and system in a kind of Convergence gateway | |
| CN109525492A (en) | A kind of IP data backup transmission method not depending on Routing Protocol or algorithm | |
| EP3691207A1 (en) | Method for operating a communication system with redundant routers and router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080430 |