CN101267405A - Instant communication monitoring method and system - Google Patents
Instant communication monitoring method and system Download PDFInfo
- Publication number
- CN101267405A CN101267405A CNA2007102021036A CN200710202103A CN101267405A CN 101267405 A CN101267405 A CN 101267405A CN A2007102021036 A CNA2007102021036 A CN A2007102021036A CN 200710202103 A CN200710202103 A CN 200710202103A CN 101267405 A CN101267405 A CN 101267405A
- Authority
- CN
- China
- Prior art keywords
- data
- agreement
- protocol
- instant communication
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the network communication, in particular to the monitoring management of instant communication. The invention, aiming at defects that the instant communication detecting system of prior art is small in application, complex in structure, discloses a monitoring system of instant communication. The technical solution of the invention integrates analysis and data management of a plurality of TM protocols, supporting MSN protocol, Yahoo protocol, ICQ protocol and AIM protocol and so on. Monitoring content involves an account, a linkman, a message, a session, a chatting room, a file transmission and various state alternations and so on. The beneficial effects of the invention lie in that the user can monitor the instant communication situation with a set of product and obtain intensive analysis statistics and data recovery. The monitoring function of the instant communication can be compared with large network management tools with extremely simple and easy user interface, which solves problems that only the professional network management tools that function well and are easy to operate.
Description
Technical field
The present invention relates to network communication, particularly the monitoring management of instant messaging.
Background technology
Instant messaging is a kind of network communications technology easily, with software is executive means, adopt various IM (instant messaging) agreement, rely on internet platform and mobile communication platform, linking up with multiple information format (literal, picture, sound, video etc.) is purpose, the comprehensive communication tool of the same platform of realizing by mechanics of communication multi-platform, the multiple terminals, cross-platform low-cost high-efficiency.It is the neomorph communication modes of the Internet, see through computer keyboard or wireless device and on network, carry out live talk, provide the new media of public communication, commercial communication and business cooperation, can remedy the deficiency of traditional communication form, especially the deficiency of Email and voice.The low-cost real-time online communation platform that MSN is constructed is that numerous Internet users are extensive use of.The characteristics of MSN have determined its popularization, become on the internet the important way with other people contact.By MSN, people can obtain the other side in the very short time after initiating a message and reply, and are actively interactive, satisfied the almost demand of synchronous AC of people.Along with popularizing of instant messaging, global instant communication user scale is also in continuous expansion.According to the research numeral of Radicati Group company of industry research mechanism, global instant messaging account reached 8.67 hundred million in 2005, and expecting the whole world in 2009 will have 1,200,000,000 instant messaging accounts.The research numeral of iResearch Consulting Group company shows that then user's quantity of global MSN in 2006 has reached 4.32 hundred million, estimates that by 2010 will there be 6.5 hundred million instant communication users in the whole world.
Popularizing of MSN also brought serious day by day safety problem.Junk information and viral hidden danger make the information of instant messaging transmit a lot of unsafe factors of appearance, the Internet netizen for individuality might use anti-virus software to solve this problem, then needs more to consider the fail safe of the crypticity and the enterprise network of enterprises information in the transmission of the instant communication information of enterprises.Therefore the instant messaging management software can be assisted the information transmission of enterprise network management person's management enterprise inside, guarantees the safety of network.
Instant communication information monitoring product on the at present domestic and international network management market, conclude and get up to mainly contain following several types:
1. at a certain IM protocol monitoring.As independent MSN instant messaging monitoring of software or Yahoo instant messaging monitoring of software, a product can only be monitored a kind of IM agreement, monitors multiple IM agreement if desired, then needs to install different products.
2. simple comprehensive monitoring instrument.Though combine multiple IM protocal analysis, can monitor multiple instant messaging simultaneously, function is simple, and is limited to the depth analysis and the data managing capacity of instant communication information, can not be as effective management tool of network.
3. large-scale network-management tool.Except that can monitoring multiple IM agreement, can also monitor mail, website visiting, computation, application program etc.Usually only need to install the instant messaging situation that to monitor whole network once the cover product.But this type products is not monitored at instant communication information, and costs an arm and a leg interface and complicated operation.
Summary of the invention
Technical problem to be solved by this invention just provides a kind of method and monitoring system of monitoring at instant messaging, to overcome the deficiency of existing monitoring product.
The present invention solve the technical problem, and the technical scheme of employing is that instant communication monitoring method may further comprise the steps:
Instant communication monitoring method may further comprise the steps:
1. instant communication monitoring method may further comprise the steps:
A. receive packet from network interface card and recombinate, obtain TCP (transmission control protocol) data flow;
B. analyze the IM agreement of tcp data stream, obtain the IM data, and the IM data are saved in the IM data server;
The c.IM data server is made into unified format to the IM data set that receives and sends the IM data processing module to;
Database is organized and be saved in to the d.IM data processing module to the IM data;
The various statistical values of each IP (Internet protocol) main frame and be saved in database in the e.IM data processing module statistics network.
Further, among the step a, described tcp data stream comprises out of order, the re-transmission of TCP.
Further, among the step b, described IM agreement comprises MSN agreement, Yahoo agreement, AIM agreement, ICQ agreement and Gadu agreement, GropWise agreement, IRC agreement, Jabber agreement, Napster agreement, SILC agreement, QQ agreement, the UC of Sina agreement, searches the Q agreement, UU logical agreement, Google Talk agreement and POPO.
Further, described IM data comprise that chat person uses the chat content of IM client transmission, the file content of transmission, presence information, the information of interpolation/deletion good friend behavior.
Instant messaging monitoring system of the present invention comprises:
Modules of data capture is used for receiving packet from network interface card;
Streams Module receives the data that capture module transmits, and forms a tcp data stream;
The IM protocol-analysis model is used for analyzing the IM data from tcp data stream, and is saved in the IM data server;
The IM data server is made into unified format to the IM data set that receives, and sends the IM data processing module to;
The IM data processing module is used to analyze the IM data, is saved in database; Then data are added up classification, preserve various statistical values;
The IP statistical module is used for the various statistical values of each IP main frame of statistics network;
Search module, be used for searching of IM data, comprise message and session;
Reports module is used for the management of IM system form, finish the User Defined form establishment, check and dispatch;
Database module is used for the read-write operation of database;
The IM monitor server is used for Monitoring Service and user's interactive interface, finishes the configuration of user's appointment;
The WEB server is used to handle the request and the response of web client.
Further, described IM protocol-analysis model comprises the MSN protocol-analysis model, Yahoo protocol-analysis model, AIM protocol-analysis model, ICQ protocol-analysis model.
Concrete, the configuration of described user's appointment comprises the configuration of database and the configuration of network interface card.
The invention has the beneficial effects as follows, integrated the analysis and the data management of a plurality of IM agreements, the user only needs can monitor the instant messaging situation of whole network once the cover product, and can obtain deep analytic statistics and reduction of data.To the monitoring function of the instant messaging large-scale network-management tool that matches in excellence or beauty, but user interface very be simple and easy to usefulness, solved the contradiction between the powerful and easy operating of specialized network management tool.
Description of drawings
Fig. 1 is an instant messaging monitoring system structural representation;
Fig. 2 is monitoring system flow chart of data processing figure of the present invention.
Embodiment
Below in conjunction with the drawings and the specific embodiments, describe technical scheme of the present invention in detail.
Instant messaging monitoring system of the present invention, the analysis and the data management of a plurality of IM agreements have been integrated, the user only needs can monitor once the cover product instant messaging situation of whole network, and can obtain deep analytic statistics and reduction of data, instant communication information in the network can be reduced, for network manager and safety officer provide the statistics/audit information of instant messaging, and the particular content of instant messaging is preserved by database.The present invention is applicable to following MSN/agreement: Windows Live Messenger (MSN Messenger, the MSN agreement), Yahoo Messenger (Yahoo agreement), ICQ Messenger (ICQ agreement) and AIM Messenger (AIM agreement) etc.The monitoring content relates to the multi-aspect informations such as change of account, contact person, message, session, chatroom, file transfer and various states, can provide by the statistical information of whole network to concrete node, Account Profile, session reduction and chart-information etc.
Embodiment
Referring to Fig. 1.Instant messaging monitoring system of the present invention is made up of a plurality of physical modules, and each module is responsible for part of functions, has realized the independence of data, has reduced the dependence of Various types of data.These physical modules combine, and form an integral body, are exactly a complete instant messaging monitoring system.
Instant messaging monitoring system of the present invention is by forming with lower module:
Modules of data capture: be used for receiving packet from network interface card.
Streams Module: the data that capture module transmits, comprise out of order, the re-transmission of TCP etc., form a TCP stream.
IM protocol-analysis model: comprise the MSN protocol-analysis model, the Yahoo protocol-analysis model, AIM protocol-analysis model, four kinds of IM protocol analysis of ICQ protocol-analysis model module, the IM protocol-analysis model is used for analyzing the IM data from tcp data stream, sends to the IM server and preserves.
IM data server: the IM data set is made into unified format, sends the IM data processing module to.
IM data processing module: be used to analyze the IM data, data are saved in database, then data are added up classification, preserve various statistical values.
IP statistical module: the various statistical values of each IP main frame in the statistics network.
Search module: be used for searching of IM data, comprise message and session.
Reports module: be used for the management of IM system form, finish the User Defined form establishment, check and scheduling etc.
Database module: the read-write operation that is used for database.
The IM monitor server: be in charge of the interactive interface with the user, finish the configuration of user's appointment etc., such as the configuration of database, the configuration of network interface card etc.
WEB server module: be responsible for handling the request and the response of web client.
Instant messaging detection method of the present invention, data analysis process as shown in Figure 2.At first catch packet, then packet is transferred to Streams Module (network adapter) and recombinate, give each IM protocol-analysis model the tcp data stream that reassembles into again and carry out the IM data analysis by network interface card.The IM protocol-analysis model is transferred to the IM data server to the unification of analyzing as a result, and data server is transferred to the IM data processing module after data are carried out verification and processing again.The IM data processing module shows as various types of data to these data analyses with close friend's form, is saved in database and finishes data statistics.
Instant messaging monitoring system technical characterstic of the present invention comprises:
1. based on the data packet analysis technology
The present invention adopts the data packet analysis engine technique, at the operating systems such as Linux/Windows of present extensive use, has screening ground to carry out the network packet recombination analysis.The data packet analysis engine technique is except can getting rid of the interference of illegal misdata for communication quality provides the accurate data.Has good stable, can guarantee that the data of upper strata advanced analysis module acquisition and the data that network host application layer system obtains are consistent, ensured the accuracy of advanced analysis module, also avoided rogue system to forge the upset of network traffics analysis engine.
2. operating user interface is easy
By the function browser, the user can select required function apace and check in front view.The user can select to check the message count of each IP main frame and the statistical information of number of files in the function browser, the message count of each local account and the statistical information of number of files, the file transmission information that takes place in session matrix diagram in the session list in the different time scope, different time scope and the different time scope.
3. monitoring target is filtered
Realize filtration by IP address or local account being provided with condition to monitoring target.The user can be provided with the IP address of refusal and the IP address of acceptance, the tabulation of monitoring account also can be set and get rid of the account tabulation.Filtration to the IP address is at the packet-capturing stage, and is at the communication information analysis phase to the filtration of local account, and two kinds of filter types can be enabled simultaneously
4. database is preserved instant communication information
Instant messaging monitoring system of the present invention offers three kinds of Database Options: Access, MySQL or and SQL Server.Instant communication information is saved to path, data designated storehouse automatically, and the user need not manually to operate.Each instant messaging monitoring system that starts, the historical information that database is preserved shows automatically.The user also can the setting data storehouse preserves the time span of historical information.
5. move with method of service
Network monitor point in the instant messaging monitoring system and network monitor server all adopt the method for service operation.Have following advantage with the method for service operation:
The instant messaging monitoring system just starts when system start-up automatically, does not need the user manually to move, more convenient user.
For the distributed version of instant messaging monitoring system lays the first stone, because under distributed situation, most software all adopts the method for service operation.
With the service manner operation, more can embody the value of software.
6. support multiple instant communication protocol
Instant messaging monitoring system of the present invention is analyzed present most popular four kinds of instant communication protocols, the monitoring systems of cover more than the user does not need to install just can be understood the whole instant messaging situation in the local area network (LAN) all sidedly, comprise Windows LiveMessenger, Yahoo Messenger, the operating position of ICQ Messenger and AIM Messenger.
7. Reporting Customization
Instant messaging monitoring system of the present invention provides Reporting Customization function flexibly, and the user can self-defined nearly hundreds of form.Report form type comprises global statistics figure, time trend figure, Top List tabulation (full detail of statistics node), Top Chart node statistical chart (one group of information of statistics node).Form can independent assortment, and same group of data can different report forms performances, and can self-defined concrete data and objects of statistics.Support the time scheduling of form, allow user's setting-up time section to create and output webpage format form.
8.B/S framework
B/S is the abbreviation of Brower/Server, as long as a browser (Browser) is installed, as NetscapeNavigator or Internet Explorer, server is installed databases such as Oracle, Sybase, Informix or SQL Server on the client computer.Browser carries out data interaction by Web Server with database.
The B/S biggest advantage is exactly can operate anywhere and any special software need not be installed.As long as there is the computer that can surf the Net just can use, the client zero dimension is protected.The expansion of system is very easy to, as long as can surf the Net, distributes a username and password by the system manager again, just can use.Even can online application, after in-company safety certification (as C A certificate), not needing people's participation, system can distribute to number of the account of user automatically and enter system.
9. independent server configuration-system
Instant messaging monitoring system of the present invention is separated server configuration-system and web service, and independently control desk configuration monitoring parameter is arranged.Control desk requires that administrator right must be arranged, and only needs once configuration to get final product usually, can greatly reduce configuration information (as network interface card, stored data base etc.) by the possibility of illegally changing and makeing mistakes.
The instant messaging monitoring of software of prior art, with data acquisition, data analysis and the data-handling procedure of various IM agreements not Add differentiation, be unfavorable for independence, correctness and the adjustable of data; Product based on the exploitation of B/S framework can only be supported part Specific browser is checked the data inconvenience; The server configuration does not separate with web services; Also require to use in addition IIS (Yin Te The net information service) could use. The present invention has improved the defects of like product, has following technical advantage:
1. independence and the extensibility of data have greatly been improved. Instant messaging monitoring system of the present invention is with data acquisition, number According to one's analysis and data preparation filing and separating, make things convenient for the later stage to add new agreement and analyze, and dynamically offer The user does not have any impact each other.
2. realized the unitized of data. Instant messaging monitoring system of the present invention becomes particular bin with the organization of unity of various IM agreement The comprehensive agreement of formula, server end are carried out unified processing to variety of protocol and can not had with concrete instant messaging host-host protocol and appoint What is related.
3. data-storing mode flexibly. Instant messaging monitoring system of the present invention can be selected the Access database of miniaturization, Also can select MySQL or SQL Server database to realize the automation that data are preserved.
4. more detailed to the analysis of data, supporting document transimiison analysis, contact person's grouping information analysis etc.
5. powerful report capability, the user is report customization as required.
6. adopt the B/S framework. Instant messaging monitoring system of the present invention need to not install one in each place of checking data Individual client, more convenient user uses and checks.
7. move with method of service. Network monitor point in the instant messaging monitoring system of the present invention and network monitor server are all The operation of employing method of service, the user does not need to start monitoring facilities at every turn after installing.
8. the extensibility of version. Instant messaging monitoring system of the present invention can expand to distributed version very flexibly.
9. support all main flow browsers. The user uses different browsers can check the analysis data.
10. independent process HTTP request and corresponding need not used IIS and just can be used.
11. independent server configuration-system is checked with data capture, data analysis and data and to be separated, and has strengthened the monitoring configuration Security.
Claims (7)
1. instant communication monitoring method is characterized in that, may further comprise the steps:
A. receive packet from network interface card and recombinate, obtain tcp data stream;
B. analyze the IM agreement of tcp data stream, obtain the IM data, and the IM data are saved in the IM data server;
The c.IM data server is made into unified format to the IM data set that receives and sends the IM data processing module to;
Database is organized and be saved in to the d.IM data processing module to the IM data;
The various statistical values of each IP main frame and be saved in database in the e.IM data processing module statistics network.
2. instant communication monitoring method according to claim 1 is characterized in that, among the step a, described tcp data stream comprises out of order, the re-transmission of TCP.
3. instant communication monitoring method according to claim 1, it is characterized in that, among the step b, described IM agreement comprises MSN agreement, Yahoo agreement, AIM agreement, ICQ agreement and Gadu agreement, GropWise agreement, IRC agreement, Jabber agreement, Napster agreement, SILC agreement, QQ agreement, the UC of Sina agreement, searches the Q agreement, UU logical agreement, Google Talk agreement and POPO.
4. instant communication monitoring method according to claim 1 is characterized in that, described IM data comprise that chat person uses the chat content of IM client transmission, the file content of transmission, presence information, the information of interpolation/deletion good friend behavior.
5. instant messaging monitoring system is characterized in that, comprising:
Modules of data capture is used for receiving packet from network interface card;
Streams Module receives the data that capture module transmits, and forms a tcp data stream;
The IM protocol-analysis model is used for analyzing the IM data from tcp data stream, and is saved in the IM data server;
The IM data server is made into unified format to the IM data set that receives, and sends the IM data processing module to;
The IM data processing module is used to analyze the IM data, is saved in database; Then data are added up classification, preserve various statistical values;
The IP statistical module is used for the various statistical values of each IP main frame of statistics network;
Search module, be used for searching of IM data, comprise message and session;
Reports module is used for the management of IM system form, finish the User Defined form establishment, check and dispatch;
Database module is used for the read-write operation of database;
The IM monitor server is used for Monitoring Service and user's interactive interface, finishes the configuration of user's appointment;
The WEB server is used to handle the request and the response of web client.
6. instant messaging monitoring system according to claim 5 is characterized in that, described IM protocol-analysis model comprises the MSN protocol-analysis model, Yahoo protocol-analysis model, AIM protocol-analysis model, ICQ protocol-analysis model.
7. instant messaging monitoring system according to claim 5 is characterized in that, the configuration of described user's appointment comprises the configuration of database and the configuration of network interface card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007102021036A CN101267405A (en) | 2007-10-17 | 2007-10-17 | Instant communication monitoring method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007102021036A CN101267405A (en) | 2007-10-17 | 2007-10-17 | Instant communication monitoring method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101267405A true CN101267405A (en) | 2008-09-17 |
Family
ID=39989547
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007102021036A Pending CN101267405A (en) | 2007-10-17 | 2007-10-17 | Instant communication monitoring method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101267405A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202007A (en) * | 2010-03-25 | 2011-09-28 | 腾讯科技(深圳)有限公司 | Method and device for automatically counting instant messaging behaviors |
| CN102882904A (en) * | 2011-07-13 | 2013-01-16 | 腾讯科技(深圳)有限公司 | Method and device for distinguishing instant messaging users |
| CN103746974A (en) * | 2013-12-27 | 2014-04-23 | 柳州职业技术学院 | Secure communication system and method based on instant messaging software |
| CN107315727A (en) * | 2016-04-26 | 2017-11-03 | 阿里巴巴集团控股有限公司 | The report form generation method and device applied based on instant messaging |
| CN111741007A (en) * | 2020-07-06 | 2020-10-02 | 桦蓥(上海)信息科技有限责任公司 | Financial business real-time monitoring system and method based on network layer message analysis |
| CN112559553A (en) * | 2020-12-24 | 2021-03-26 | 上海明略人工智能(集团)有限公司 | Method, system, electronic device and storage medium for viewing session content |
-
2007
- 2007-10-17 CN CNA2007102021036A patent/CN101267405A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202007A (en) * | 2010-03-25 | 2011-09-28 | 腾讯科技(深圳)有限公司 | Method and device for automatically counting instant messaging behaviors |
| CN102202007B (en) * | 2010-03-25 | 2015-02-18 | 腾讯科技(深圳)有限公司 | Method and device for automatically counting instant messaging behaviors |
| CN102882904A (en) * | 2011-07-13 | 2013-01-16 | 腾讯科技(深圳)有限公司 | Method and device for distinguishing instant messaging users |
| CN103746974A (en) * | 2013-12-27 | 2014-04-23 | 柳州职业技术学院 | Secure communication system and method based on instant messaging software |
| CN103746974B (en) * | 2013-12-27 | 2017-04-12 | 柳州职业技术学院 | Secure communication system and method based on instant messaging software |
| CN107315727A (en) * | 2016-04-26 | 2017-11-03 | 阿里巴巴集团控股有限公司 | The report form generation method and device applied based on instant messaging |
| CN111741007A (en) * | 2020-07-06 | 2020-10-02 | 桦蓥(上海)信息科技有限责任公司 | Financial business real-time monitoring system and method based on network layer message analysis |
| CN112559553A (en) * | 2020-12-24 | 2021-03-26 | 上海明略人工智能(集团)有限公司 | Method, system, electronic device and storage medium for viewing session content |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11314737B2 (en) | Transforming event data using values obtained by querying a data source | |
| US10374883B2 (en) | Application-based configuration of network data capture by remote capture agents | |
| US10348583B2 (en) | Generating and transforming timestamped event data at a remote capture agent | |
| CN100568235C (en) | Be used to carry out instant messaging client computer and the method that project is shared | |
| US20030131093A1 (en) | System for generating usage data in a distributed information processing environment and method therefor | |
| CN103546343B (en) | The network traffics methods of exhibiting of network traffic analysis system and system | |
| CN101267405A (en) | Instant communication monitoring method and system | |
| US20100046391A1 (en) | Apparatus and method for network analysis | |
| WO2005015086A2 (en) | Network asset tracker for identifying users of networked computers | |
| US20070180101A1 (en) | System and method for storing data-network activity information | |
| CN103780641B (en) | Access method, home gateway and the system of cloud desktop | |
| CN102281309B (en) | The dissemination method of the network information and the delivery system of the network information and client | |
| CN111010405B (en) | SaaS-based website security monitoring system | |
| CN106713950A (en) | Video service system based on prediction and analysis of user behaviors | |
| CN111225069A (en) | Distributed market data processing system and method | |
| CN113259467B (en) | Webpage asset fingerprint tag identification and discovery method based on big data | |
| CN103607418A (en) | Large-scale data partitioning system and partitioning method based on cloud service data characteristics | |
| CN102263837B (en) | A kind of domain name system DNS analysis method and device | |
| CN105701224A (en) | Security information customized service system based on big data | |
| CN109104487A (en) | One kind being based on logstash+kafka data transmission method | |
| CN202841168U (en) | Network resource monitoring system | |
| CN109255024A (en) | A kind of searching method of abnormal user ally, device and system | |
| CN104104724A (en) | Method for pushing operating mode of client side and communication system | |
| CN101286903B (en) | Method for enhancing integrity of sessions in network audit field | |
| KR101736382B1 (en) | Ems server and log data management method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080917 |