CN101631122B - Method for improving TDS protocol analysis accuracy in packet-losing environment - Google Patents
Method for improving TDS protocol analysis accuracy in packet-losing environment Download PDFInfo
- Publication number
- CN101631122B CN101631122B CN2009101013883A CN200910101388A CN101631122B CN 101631122 B CN101631122 B CN 101631122B CN 2009101013883 A CN2009101013883 A CN 2009101013883A CN 200910101388 A CN200910101388 A CN 200910101388A CN 101631122 B CN101631122 B CN 101631122B
- Authority
- CN
- China
- Prior art keywords
- tdu
- tds
- data
- application data
- byte
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a method for improving TDS protocol analysis accuracy in a packet-losing environment. The method comprises the following steps: after receiving application data finishing TCP message recombination, a TDS protocol analysis module recognizes the generation of the packet-losing condition by extracting a TDS message header in the application data and analyzing the validity of the TDS message header; after the packet-losing condition is generated and recognized, whether following generated application data are subject to the previous transport service data unit (TDU) is judged by the characteristics of TDS half-duplex communication, thereby ensuring that the application data subject to the TDU are accurately and completely received and then concrete protocol analysis is carried out on the application data under the condition of unavailable correct assembly according to a TDS protocol when the application data in the TDU lose, and improving the accuracy of TDS protocol analysis.
Description
Technical field
The present invention relates to database audit technique field, relate in particular to a kind of method that under the packet loss environment, promotes TDS protocol analysis accuracy.
Background technology
Tabular data stream (Tabular Data Stream is called for short: TDS) agreement be SYBASE and MS SQLSERVER between client and service end in order to the application layer protocol of interaction data, it is a kind of connection-oriented service.The TDS agreement adopts semiduplex communication modes, and promptly the client reads a complete response from service end after writing a complete request again, and adopts formative Token (mark) to come the sequence of arranging of mark inner content.
The TDS protocol analysis should be based upon on the reorganization of correct TCP/IP message, with guarantee the tcp data bag to the application data of TDS protocol analysis module do not repeat and order correctly; And (Protocol Data Unit is called for short: PDU) on the reorganization, to guarantee that which TCP bag is to belong to same complete request or same complete response should to be based upon correct protocol Data Unit.(Traffic DataUnit is called for short: TDU) assembling is accomplished at Service Data Unit; After obtaining all data of a full request or response; The formative Token that adopts TDS to use again begins sequence analysis from first byte, until last byte; And then analysis result packed, carry out related to request with response.Once introduce in the face of TDU, PDU and TCP application data bag down:
TDU (Traffic Data Unit), Service Data Unit is represented same complete request or the same complete application data that response comprised.
PDU (Protocol Data Unit), most basic data communication unit in the TDS communication protocol, a TDU comprises one or more PDU.
TCP application data bag is to use the packet of the transmission over networks of ICP/IP protocol, entrained application data part after divesting Ethernet message head, IP heading and TCP heading.
Shown in the following table of TDS heading structure:
Under the situation that TDS protocol analysis module has just started; The tcp data bag that it captures possibly be the application data of a TDU mid portion; This situation is because the TDS heading of this TDU and can't resolve this TDU data not, so need provide a kind of testing mechanism to detect this kind situation.To the TCP application data that captures, detect the legitimacy of corresponding TDS heading, directly abandon for illegal application data bag, till the tcp data bag that captures legal TDS heading.Reassembly algorithm among Fig. 1 has been got rid of the situation of above-mentioned packet loss, and it is illustrated in the reorganization of TDS message and the situation of resolving that first tcp data bag is the first tcp data bag of TDU (full request or response):
Step 1-1, TDS protocol analysis module receives a TCP network packet, receive packet after, get into step 1-2 and handle;
Step 1-2 judges whether current PDU byte number equals 0, if be not equal to 0, then change step 1-3 over to and handles; If current PDU byte number equals 0, then extract the TDS header content, according to the TDS header current PDU byte number is set, this TDU comprises next PDU sign, and then changes step 1-3 processing over to;
Step 1-3 has preserved byte number with current PDU byte number and this PDU and has counted sum with the tcp data packet byte and compare, if equal, then carries out step 1-4; If current PDU byte number has preserved byte number greater than this PDU and the tcp data packet byte is counted sum, then this PDU has preserved byte number and has been set to the byte number sum that this PDU has preserved byte number and tcp data bag, changes step 1-1 then over to; If current PDU byte number has preserved byte number less than this PDU and the tcp data packet byte is counted sum; Then unnecessary byte is next PDU data in the tcp data bag; And current PDU byte number and this PDU are set have preserved byte number and be 0; Be used as the TCP bag to redundance byte in the tcp data bag and import TDS protocol analysis module into, promptly change step 1-1 over to;
Step 1-4, it is 0 that current PDU byte number is set, this PDU is set, and to have preserved byte number be 0, gets into step 1-5 and handle;
Step 1-5 judges whether this TDU comprises next PDU, if change step 1-1 over to; If not, carry out step 1-6;
Step 1-6 obtains a complete TDU;
Step 1-7 carries out TDS TDU and resolves, with the content stores after resolving, to accomplish this TDU refitting and to resolve;
Step 1-8, it is 0 that current PDU byte number is set, and this TDU is set does not comprise next PDU sign position for true, it is 0 that this PDU has preserved byte number, the state that gets into next TDU refitting of reception and resolve.
In the reality; For through catching the database auditing system that network packet is recombinated and resolved; Often exist owing to flow is uprushed or the not ideal enough subnetwork packet situation at large that produces of network environment; Thereby cause and correctly to assemble TDU by the TDS agreement, can't carry out protocol analysis according to formative Token.Given this, the accuracy of lifting TDS protocol analysis just becomes very important and urgent under the packet loss environment.
Summary of the invention
In view of the TDS agreement is the agreement of sequential organization; So will accurately obtain the information of a service interaction; Necessarily require to catch complete application data, the reason of various complicacies such as actual application environment is then uprushed owing to flow or network environment is not ideal enough exists inevitably catches the infull scene of data.The present invention is directed to above-mentioned deficiency; Purpose provides the method that promotes TDS protocol analysis accuracy under a kind of packet loss environment; Under the situation of certain applications loss of data, Service Data Unit is correctly reset, thereby promote the accuracy of TDS protocol analysis.
The objective of the invention is to be achieved through following technical proposals:
A kind of packet loss environment promotes the method for TDS protocol analysis accuracy down, it is characterized in that, comprises the steps:
A, TDS protocol analysis module are analyzed its legitimacy through the TDS heading that extracts in the application data after receiving the application data of accomplishing the reorganization of TCP message, thereby identification judges whether to take place packet drop;
B, after packet drop takes place and is identified, to the application data of follow-up generation, utilize the characteristics of TDS half duplex communication, carry out the group bag of Service Data Unit TDU;
C, after accomplishing TDU group bag, if there is packet drop, then to the byte stream behind the packet loss among the TDU, according to keywords the method sought of joint is resolved.
As preferably, described steps A comprises:
A1, for first PDU of a TDU, need to judge that whether these data are that first TCP of first PDU of TDU wraps, if these data are ineligible, abandon this application data, up to receiving the application data that meets this condition;
A2, for the follow-up PDU of a TDU; Need to judge whether the TDS heading of these data is legal; Whether be the PDU that a last PDU follows closely; If ineligible, show that then there is packet drop in this TDU, and the packet loss position is exactly between all application datas and this application data of before this TDU, receiving.PDU, i.e. Protocol Data Unit belongs to a service data interaction unit of TDS communication protocol, because use Transmission Control Protocol, so can carry out TCP on the basis of Transmission Control Protocol and cut apart following.It all is the TCP application data that the packet of catching is intercepted in bypass, so detect PDU, is actually and detects the captive TCP application data bag that is subordinated to this PDU.
As preferably, ineligible in the described steps A 1, specifically be meant:
A11, this TCP application data byte number are less than 8 bytes or greater than 8192 bytes;
Follow-up PDU indicates the position and is not equal to 0 and also is not equal to 1 in A12, the TDS heading; It is that Last Packet Indicator mainly is for Sybase that the follow-up data bag indicates position English, and then this sign position can only be 0x01 or 0x00, is not 0x01 or 0x00 if indicate the position, and is then undesirable.
A13, to SYBASE, back 4 bytes of TDS heading are not continuous 0x00 byte;
A14, to MSSQL SERVER, the Packet numbering is not 1 in the TDS heading.
As preferably, ineligible in the described steps A 2, specifically be meant:
A21, this TCP application data byte number are less than 8 bytes or greater than 8192 bytes;
Follow-up PDU indicates the position and is not equal to 0 and also is not equal to 1 in A22, the TDS heading;
A23, to SYBASE, back 4 bytes of TDS heading are not continuous 0x00 byte;
A24, to MSSQL SERVER, Packet numbering in the TDS heading is not that a last PDU numbers and adds 1; If last one is numbered 255, then this numbering is not 0.
As preferably, described step B further comprises:
B1, TDS agreement adopt semiduplex communication modes; Be to read a complete response from server end again after the client writes a complete request; If previous application data and follow-up application data are reverse in transmission direction, show that then these two application datas belong to different TDU;
Among B2, the step B1 only when last application data be response party to; Back one application data be the requesting party to and this request package content when asking for this time of cancellation; Response party to the still unassembled completion of TDU, need continue to read the assembling that follow-up application data is accomplished this TDU;
B3, when the transmission direction of application data is consistent with the TDU institute data in buffer transmission direction of finding to exist packet loss, continue to be cached in an orderly manner among this TDU;
B4, only when the transmission direction of application data with when having found to exist the TDU institute data in buffer transmission direction of packet loss opposite, explain that this TDU has obtained captive all application datas that belong to this TDU on the network, can resolve this TDU;
Application data among B5, the step B4 still needs further to be assembled and resolve as first application data of new TDU after the TDU assembling of buffer memory is accomplished and successfully resolved;
B6, for the TDU institute data in buffer that has packet loss, indicate refitting accomplishes and can resolve except follow-up reverse application data, also should connect and interrupt, do not pass under the data timer expiry condition and trigger at this TCP.
As preferably, the trigger condition in the above-mentioned B6 step further comprises:
B7, the client of being intercepted when quilt normally or unusually withdraw from;
B8, when the time interval of receiving new application data and data cached last application data above 60 seconds; Considering TCP in the reality retransmits the built-in overtime setting of time, number of retransmissions, TDS agreement itself, catches and the empirical data of processing delay and site of deployment collection conclusion; Intercept auditing system audit time-delay fair can condition under; What reality was provided with is 60 seconds; If the delivery time of promptly continuous two tcp data bags surpasses 60 seconds, can judge that then these two tcp data bags are not subordinated to same TDU's;
B9, surpass 1800 seconds when the time interval of receiving new application data and data cached first application data; What consider here mainly is the time of returning of a SQL operation, and in theory, this time can be endless; And in the reality; Because the numerical value that returns of an operation always has a certain size; And the database place network condition at user scene is more satisfactory often, and reference is the field data of a plurality of points in the past, and the time threshold that adopts here is 1800 seconds; If promptly a TDU still had application data need to come reorganization after 30 minutes, we think that then follow-up application data is not subordinated to this TDU.
B10, when the tcp connect timeout that is buffered data institute subordinate is released.
As preferably, described step C further comprises:
If there is not the packet loss phenomenon in this TDU of C1, the formative Token that then adopts TDS to use begins sequence analysis from first byte, until last byte, and then analysis result is encapsulated;
If there is the packet loss phenomenon in this TDU of C2; Then the byte before packet loss point set by step C1 resolve, to the byte behind the packet loss point, then search key 0xd1 and 0xfd; New record of 0xd1 byte representation wherein; Return end and the request of 0xfd byte representation one whole is pairing, through resolving follow-up data and the follow-up data of 0xfd byte of 0xd1 byte, can corresponding acquisition return data with influence line number.
Technical scheme by the invention described above provides can find out, the present invention resolves with TDS under the packet loss environment not and compares, and the recognition methods to packet drop is provided, and can have write down the scene of packet loss; After packet loss takes place, a kind of method of feasible business of assembling data cell is provided; To there being the Service Data Unit of packet loss, a kind of analytic method that can comparatively accurately, more fully obtain application message is provided.
Figure of description
Fig. 1 is the not reorganization of the TDS message under the packet loss environment and the process chart of resolving;
Fig. 2 is the concrete process chart of the method for the invention.
Embodiment
The invention provides the method that promotes TDS protocol analysis accuracy under a kind of packet loss environment; Core concept of the present invention is: provide the TDS application data incomplete method of discrimination; Under the incomplete situation of application data; Utilize the characteristics of TDS half duplex communication, realize the TDS Service Data Unit is carried out the method for correct assembling; And a kind of analytic method that from the incomplete Service Data Unit of data, can more accurately, more fully extract application message is provided.
Below we combine accompanying drawing to describe the method for the invention in detail, the concrete handling process of the method for the invention is as shown in Figure 1, comprises the steps:
Step 1-1:TDS parsing module is received the TCP application data.
The present invention adopts bypass mode interception data bag; Thereby carry out the database auditing system of data parsing; The TDS agreement is the C/S communication protocol that MSSQL Server and Sybase are adopted; For Microsoft and Sybase company, TDS protocol analysis module is the TCP application data of importing into through analysis, obtains a module of SQL request and return data.
TDS protocol analysis module should be guaranteed to receive in order all the captive unduplicated application datas under the same TCP connection.After receiving application data, get into step 1-2 and handle.
Step 1-2: judge the data that whether have this Service Data Unit TDU in the buffer memory.
If TDU is excessive, will in a plurality of PDU, transmit data, and PDU is excessive, then can be divided into a plurality of tcp data bags again, so when TDU has not transmitted all data as yet, the application data that needs buffer memory to receive.This step will judge in the buffer memory whether received the data of this TDU, if received, then get into step 1-3; Otherwise, then get into step 1-5.
Step 1-3: whether the time interval of judging this application data and data cached last application data surpasses an about definite value.This about definite value is set to 60 seconds.
If the transmission time of former and later two application datas reaches 60 seconds, can judge that they do not belong to same TDU.If the time interval surpasses about definite value, promptly surpass 60 seconds, get into step 1-14; Otherwise, get into step 1-4.
Step 1-4: whether the time interval of judging this application data and data cached first application data surpasses about definite value.This about definite value is 1800 seconds at present, in claims, has filled detailed description.
Same Service Data Unit TDU; Be same request or response; Generally all can accomplish within a short period of time,, can judge that they do not belong to same TDU if the time interval between the current application data of receiving and data cached first application data surpasses an about definite value.If the time interval surpasses about definite value, get into step 1-14; Otherwise, get into step 1-5.
Step 1-5: judge at present whether the TDU of buffer memory had lost packet.
If current no data cached, then do not lose packet certainly; If exist data cachedly, will indicate by packet loss and represent whether this TDU lost packet, was initially not lose packet.If lost packet, get into step 1-10; Otherwise, get into step 1-16.
Step 1-6: obtain the corresponding TDS heading of application data, and judge this its legitimacy.
Through judging the legitimacy of this application data, discern the generation of packet drop.Judge that promptly whether this TCP application data byte number is less than 8 bytes or greater than 8192 bytes; Perhaps follow-up PDU indicates the position and whether is not equal to 0 and also is not equal to 1 in the TDS heading; Perhaps to SYBASE; Whether back 4 bytes of TDS heading are not continuous 0x00 byte, and perhaps to MSSQL SERVER, whether the Packet numbering is not 1 in the TDS heading; If it is illegal then to judge this application data, get into step 1-12; Otherwise, get into step 1-7.
Step 1-7: package by the TDS agreement.
Indicated this TDU in the heading of TDS agreement and whether contained the sign position of next PDU and the packet length of this PDU, the packet length through these two data and the application data of catching packages.After the group end-of-packet, get into step 1-8.
Step 1-8: judge whether the TDU assembling is accomplished.
If the TDS heading among the current PDU shows this TDU and do not comprise next PDU, and after current PDU collected all bytes of this PDU, the assembling completion.If TDU does not accomplish assembling, get into step 1-15; Otherwise, get into step 1-9.
Step 1-9: resolve this TDU.
TDU has accomplished assembling, and the packet loss phenomenon does not take place all application datas among this TDU, and the formative Token that adopts TDS to use begins sequence analysis from first byte, until last byte, and then analysis result is encapsulated.After resolving completion, get into step 1-15.
Step 1-10: judge whether the application data transmission direction is identical with data cached transmission direction.
When the buffer memory application data information, require to preserve the transmission direction of this application data.If the current application data transmission direction of receiving is different with data cached transmission direction, then get into step 1-13; Otherwise, get into step 1-11.
Step 1-11: further the buffer memory application data is in buffer memory.
Data in the buffer area belong to same TDU, and indicate the transmission direction that data are arranged, and all application datas that are buffered are all deposited according to the order of sequence.This time of buffer memory application data gets into step 1-15 behind buffer area.
Step 1-12: this TDU is set had lost bag.
Packet loss is set indicates, show before this application data bag to also have other application datas at large, also should note before the byte number of buffer memory, show the place that packet loss occurs.Get into step 1-11.
Step 1-13: whether be the CANCEL request package.Whether be the cancellation request package promptly.
If last application data be response party to and be not last application data of this TDU according to these data of TDS agreement; Back one application data for the requesting party to and this request package content during for cancellation this time request (being the CANCEL request); Show response party to the still unassembled completion of TDU, need continue to read the assembling that follow-up application data is accomplished this TDU.If the CANCEL request package gets into step 1-15; Otherwise, get into step 1-14.
Step 1-14: extract that all have been data cached, remove packet loss and indicate; This application data is imported TDS protocol analysis module once more into and is resolved.
Current application data and data cached does not belong to same TDU; Data cached is a data acquisition system that has the TDU of packet loss phenomenon; Extract that all are data cached, the byte before the packet loss place is resolved by the TDS agreement is byte-by-byte, and the byte search key behind the packet loss place is saved; Mainly be 0xd1 and 0xfd byte, and the method for analyzing is piecemeal resolved.New record of 0xd1 byte representation wherein returns end and the request of 0xfd byte representation one whole is pairing, through resolving follow-up data and the follow-up data of 0xfd byte of 0xd1 byte, can corresponding acquisition return data with influence line number.Initialization TDS protocol analysis module is inserted TDS protocol analysis module to the current application data of receiving again and is resolved.Get into step 1-1.
Step 1-15: prepare to receive next application data.
Prepare to receive the next application data that connects from this TCP.
In the method for the invention, can discern the packet loss phenomenon automatically; After packet drop takes place and is identified, can correctly recombinate to the application data of follow-up generation; To the Service Data Unit that has packet loss recombinated accomplish after, can extract the information that application data is transmitted comparatively exactly, more fully.
The above; Be merely the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; The variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (6)
1. the following method that promotes TDS protocol analysis accuracy of packet loss environment is characterized in that, comprises the steps:
A, tabular data stream TDS protocol analysis module are analyzed its legitimacy through the TDS heading that extracts in the application data after receiving the application data of accomplishing the reorganization of TCP message, thereby identification judges whether to take place packet drop;
B, after packet drop takes place and is identified, to the application data of follow-up generation, utilize the characteristics of TDS half duplex communication, carry out the group bag of Service Data Unit TDU;
Step B further comprises:
B1, TDS agreement adopt semiduplex communication modes; Be to read a complete response from server end again after client is write a complete request; If previous application data and follow-up application data are reverse in transmission direction, show that then these two application datas belong to different TDU;
Among B2, the step B1 only when last application data be response party to; Back one application data be the requesting party to and this request package content when asking for this time of cancellation; Response party to the still unassembled completion of TDU, need continue to read the assembling that follow-up application data is accomplished this TDU;
B3, when the transmission direction of application data is consistent with the TDU institute data in buffer transmission direction of finding to exist packet loss, continue to be cached in an orderly manner among this TDU;
B4, only when the transmission direction of application data with when having found to exist the TDU institute data in buffer transmission direction of packet loss opposite, explain that this TDU has obtained captive all application datas that belong to this TDU on the network, can resolve this TDU;
Application data among B5, the step B4 is after the TDU assembling of buffer memory is accomplished and successfully resolved, and first application data that still need further be taken as new TDU is assembled and resolved;
B6, for the TDU institute data in buffer that has packet loss, indicate refitting accomplishes and can resolve except follow-up reverse application data, also should connect and interrupt, do not pass under the data timer expiry condition and trigger at this TCP;
C, after accomplishing TDU group bag, if there is packet drop, then to the byte stream behind the packet loss among the TDU, according to keywords the method sought of joint is resolved.
2. a kind of packet loss environment according to claim 1 promotes the method for TDS protocol analysis accuracy down, it is characterized in that described step comprises as follows:
A1, for first PDU of a TDU, need to judge that whether these data are that first TCP of first PDU of TDU wraps, if these data are ineligible, abandon this application data, up to receiving the application data that meets this condition;
A2, for the subsequent protocol data unit PDU of a TDU; Need to judge whether the TDS heading of these data is legal; Whether be the PDU that a last PDU follows closely; If ineligible, show that then there is packet drop in this TDU, and the packet loss position is exactly between all application datas and this application data of before this TDU, receiving.
3. a kind of packet loss environment according to claim 2 promotes the method for TDS protocol analysis accuracy down, it is characterized in that " ineligible " described in the steps A 1 specifically is meant following situation:
A11, this TCP application data byte number are less than 8 bytes or greater than 8192 bytes;
Follow-up PDU indicates the position and is not equal to 0 and also is not equal to 1 in A12, the TDS heading;
A13, to SYBASE, back 4 bytes of TDS heading are not continuous 0x00 byte;
A14, to MSSQL SERVER, the Packet numbering is not 1 in the TDS heading.
4. a kind of packet loss environment according to claim 2 promotes the method for TDS protocol analysis accuracy down, it is characterized in that " ineligible " described in the steps A 2 specifically is meant following situation:
A21, this TCP application data byte number are less than 8 bytes or greater than 8192 bytes;
Follow-up PDU indicates the position and is not equal to 0 and also is not equal to 1 in A22, the TDS heading;
A23, to SYBASE, back 4 bytes of TDS heading are not continuous 0x00 byte;
A24, to MSSQL SERVER, Packet numbering in the TDS heading is not that a last PDU numbers and adds 1; If last one is numbered 255, then this numbering is not 0.
5. a kind of packet loss environment according to claim 1 promotes the method for TDS protocol analysis accuracy down,
It is characterized in that the trigger condition among the described step B6 also further comprises:
B7, the client of being intercepted when quilt normally or unusually withdraw from;
B8, when the time interval of receiving new application data and data cached last application data above 60 seconds;
B9, surpass 1800 seconds when the time interval of receiving new application data and data cached first application data;
B10, when the tcp connect timeout that is buffered data institute subordinate is released.
6. a kind of packet loss environment according to claim 1 promotes the method for TDS protocol analysis accuracy down, it is characterized in that described step C further comprises:
If there is not the packet loss phenomenon in this TDU of C1, the formative Token that then adopts TDS to use begins sequence analysis from first byte, until last byte, and then analysis result is encapsulated;
If there is the packet loss phenomenon in this TDU of C2; Then the byte before packet loss point set by step C1 resolve, to the byte behind the packet loss point, then search key 0xd1 and 0xfd; New record of 0xd1 byte representation wherein; Return end and the request of 0xfd byte representation one whole is pairing, through resolving follow-up data and the follow-up data of 0xfd byte of 0xd1 byte, can corresponding acquisition return data with influence line number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101013883A CN101631122B (en) | 2009-08-03 | 2009-08-03 | Method for improving TDS protocol analysis accuracy in packet-losing environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101013883A CN101631122B (en) | 2009-08-03 | 2009-08-03 | Method for improving TDS protocol analysis accuracy in packet-losing environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101631122A CN101631122A (en) | 2010-01-20 |
| CN101631122B true CN101631122B (en) | 2012-01-11 |
Family
ID=41576068
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101013883A Active CN101631122B (en) | 2009-08-03 | 2009-08-03 | Method for improving TDS protocol analysis accuracy in packet-losing environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101631122B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006304B (en) * | 2010-12-06 | 2013-06-26 | 北京中创信测科技股份有限公司 | Method and system for automatic delimitation of TCP-bearing upper layer protocol data unit |
| CN107451491B (en) * | 2017-07-28 | 2020-03-10 | 杭州安恒信息技术股份有限公司 | Method for improving protocol analysis accuracy when database connection information is lost |
| CN112217809A (en) * | 2020-09-27 | 2021-01-12 | 遂宁浩洋商贸有限公司 | Clinical risk early warning method and system based on libpcap |
| CN112398863A (en) * | 2020-11-19 | 2021-02-23 | 全知科技(杭州)有限责任公司 | Data analysis method for incomplete flow of TCP long connection |
| CN114930898A (en) * | 2020-11-30 | 2022-08-19 | 北京小米移动软件有限公司 | Data loss detection method and device, communication equipment and storage medium |
| CN113364862B (en) * | 2021-06-03 | 2022-10-11 | 上海天旦网络科技发展有限公司 | Packet decoding system and method |
| CN113904960B (en) * | 2021-12-06 | 2022-03-15 | 上海金仕达软件科技有限公司 | Method, device, system and storage medium for measuring data transmission delay |
| CN115277881A (en) * | 2022-06-17 | 2022-11-01 | 奇安信科技集团股份有限公司 | Network message analysis method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1350385A (en) * | 2001-10-15 | 2002-05-22 | 东方通信股份有限公司 | Reliable message transmitting method of simple network management protocol |
| CN1825846A (en) * | 2005-02-25 | 2006-08-30 | 华为技术有限公司 | Message transmission system based on transmission control protocol and method thereof |
| CN101030924A (en) * | 2006-03-03 | 2007-09-05 | 中兴通讯股份有限公司 | Method for adapting dynamic bandwidth |
-
2009
- 2009-08-03 CN CN2009101013883A patent/CN101631122B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1350385A (en) * | 2001-10-15 | 2002-05-22 | 东方通信股份有限公司 | Reliable message transmitting method of simple network management protocol |
| CN1825846A (en) * | 2005-02-25 | 2006-08-30 | 华为技术有限公司 | Message transmission system based on transmission control protocol and method thereof |
| CN101030924A (en) * | 2006-03-03 | 2007-09-05 | 中兴通讯股份有限公司 | Method for adapting dynamic bandwidth |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101631122A (en) | 2010-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101631122B (en) | Method for improving TDS protocol analysis accuracy in packet-losing environment | |
| CN103051725B (en) | Application and identification method, data digging method, Apparatus and system | |
| CN105357082B (en) | A kind of recognition methods of network flow and device | |
| CN103139315A (en) | Application layer protocol analysis method suitable for home gateway | |
| CN104320304B (en) | A kind of core network user flow application recognition methods of the multimode fusion easily extended | |
| US20130191890A1 (en) | Method and system for user identity recognition based on specific information | |
| US10735501B2 (en) | System and method for limiting access request | |
| CN112039904A (en) | Network traffic analysis and file extraction system and method | |
| CN102184391A (en) | Distributed type face recognition method and system as well as face recognition terminal | |
| CN103327025A (en) | Method and device for network access control | |
| CN101827073A (en) | Tracking fragmented data flows | |
| CN103384242A (en) | Intrusion detection method and system based on Nginx proxy server | |
| CN106452688A (en) | Beidou data lost message retransmission method and system | |
| CN103491069A (en) | Filtering method for network data package | |
| CN107666486A (en) | A kind of network data flow restoration methods and system based on message protocol feature | |
| CN103618726A (en) | Method for recognizing mobile data service based on HTTPS | |
| CN101360090B (en) | Application protocol recognition method | |
| CN109450733A (en) | A kind of network-termination device recognition methods and system based on machine learning | |
| CN101710898B (en) | Method for describing characteristics of communication protocol of application software | |
| CN112436998B (en) | Data transmission method and electronic equipment | |
| CN103001966A (en) | Processing and identifying method and device for private network IP | |
| CN104917757A (en) | Event-triggered MTD protection system and method | |
| CN107864126A (en) | A kind of cloud platform virtual network behavioral value method | |
| CN101895469A (en) | Peer-to-peer network flow traction system and method | |
| CN104104675A (en) | Internet control message protocol camouflage capture and analysis technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Hangzhou City, Zhejiang province 310051 Binjiang District and Zhejiang road in the 15 storey building Patentee after: Hangzhou Annan information technology Limited by Share Ltd Address before: Room 311-315, building No. 9, No. 1, high new software park, Binjiang District Weiye Road, Binjiang District, Zhejiang Patentee before: Dbappsecurity Co.,ltd. |