CN102487408A - Network equipment monitoring method - Google Patents
Network equipment monitoring method Download PDFInfo
- Publication number
- CN102487408A CN102487408A CN2011100064245A CN201110006424A CN102487408A CN 102487408 A CN102487408 A CN 102487408A CN 2011100064245 A CN2011100064245 A CN 2011100064245A CN 201110006424 A CN201110006424 A CN 201110006424A CN 102487408 A CN102487408 A CN 102487408A
- Authority
- CN
- China
- Prior art keywords
- address translation
- network
- network address
- network equipment
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 71
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000013519 translation Methods 0.000 claims abstract description 90
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000007704 transition Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Abstract
A network device monitoring method is used for monitoring network devices connected with a network address translation router, the network address translation router records a network address translation table, and the network address translation table contains network address translation data of the network devices, the network device monitoring method comprises the following steps: inquiring a network address translation table recorded by the network address translation router at a first time point; inquiring the network address translation table recorded by the network address translation router at a second time point; and analyzing the network address translation table inquired at the first time point and the network address translation table inquired at the second time point, and sending alarm information when analyzing that the network address translation data in the network address translation table inquired at the first time point is not contained in the network address translation table inquired at the second time point, thereby effectively mastering the equipment condition of the network equipment.
Description
Technical field
The present invention relates to a kind of network equipment monitoring method, know clearly it, grasp the network equipment monitoring method of the network equipment for a kind of network address translation table through the network address translation router records.
Background technology
In order to keep the line quality, the network dealer must grasp the status of equipment of the network equipment that links with router at any time, with regard to present situation, three kinds of comparatively feasible monitoring methods is arranged.
First kind of monitoring method is applied to framework shown in Figure 1A; That is; The network dealer can hold and be linked to the monitoring main frame 1 of network system 7 through being set up in the network dealer; The network equipment 4,5 that requires to link with router two is initiatively repaid to monitoring main frame 1 according to repayment route L1; The network equipment 6 that requires simultaneously to link with router three is initiatively repaid to monitoring main frame 1 according to repayment route L2, thereby grasps the status of equipment of the network equipment 4,5,6 that is arranged at user's end according to the repayment content that monitoring main frame 1 obtains.
Second kind of monitoring method is applied to framework shown in Figure 1B; That is; The network dealer can make the monitoring main frame 1 that is set up in dealer's end and is linked to network system 7; Initiatively send inquiry to the network equipment 4,5, initiatively send inquiry to the network equipment 6 simultaneously, and then grasp the status of equipment of the network equipment 4,5,6 that is arranged at user's end according to the inquiry result that monitoring main frame 1 obtains with the router three binding according to inquiry route L4 with the router two binding according to inquiry route L3.
The third monitoring method then is applied to framework shown in Fig. 1 C; That is; The network dealer can make the monitoring main frame 1a that is set up in user end initiatively send inquiry according to inquiry route L5 to the network equipment 4,5 with the router two binding; Initiatively send inquiry to the network equipment 6 with the monitoring main frame 1b that is set up in another user's end season, and then grasp the status of equipment of the network equipment 4,5,6 according to the inquiry result that monitoring main frame 1a, 1b obtain with the router three binding according to inquiry route L6.
Yet; The prerequisite important document that first kind of monitoring method wanted to implement according to this is; The network equipment 4,5,6 need pre-set relevant repayment mechanism, but because the existing network equipment that has dispatched from the factory does not pre-set relevant repayment mechanism mostly, so; Also need consuming time take a lot of work ground respectively again each network equipment relevant repayment mechanism is set, it is higher to implement difficulty.
Though second kind of monitoring method must not be provided with relevant repayment mechanism at the network equipment 4,5,6; But position with user's end; Monitoring main frame 1 sends inquiry route L3, the L4 of inquiry; Be equal to from the outside and directly intrude into the network equipment 4,5,6, so, make the user hold really and produce no small information security doubt; Secondly; If router two, 3 is network address translation (Network Address Translation; NAT) during framework; Therefore and can't actually implement second kind of monitoring method also can be because of the cause of 4,5,6 pairs of internet protocol addresses that internal network and external network adopted (IP) of the network equipment and/or network connection port conversion, thereby the network equipment that the monitoring main frame 1 that sends inquiry can't be discerned reply this inquiry why.
Moreover, further, aforementioned first kind and second kind of puzzlement that monitoring method also can produce the frequency range deficiency.Specifically; Because first kind of monitoring method receives the repayment of the network equipment 4,5,6 through router two, 3, second kind of monitoring method sent inquiry through router two, 3 and given the network equipment 4,5,6, and receives the number of operations of repaying/send inquiry; Corresponding with the quantity of the network equipment; In case so the quantity of the network equipment is too much, the frequency range of router promptly can by increasing reception repayment or to send the operation of inquiry occupied, more has influence on the original utilization benefit of router.
Though the shortcoming that the third monitoring method can avoid aforementioned first and second kind monitoring method to have; But, this monitoring method sets up monitoring host computer individually because need holding dispersion user everywhere; So not only increased the cost burden of dealer's end and user's end simultaneously, defective such as also can cause the network dealer can't unify control and can't keep in repair fast.
Summary of the invention
In view of the many disadvantages of prior art, the object of the present invention is to provide a kind of must the extra network equipment monitoring method that relevant repayment mechanism is set at the network equipment.
Another object of the present invention is to provide a kind of must not be provided with relevant repayment mechanism and can reduce the network equipment monitoring method of information security risk at network equipment end.
Another object of the present invention is to provide a kind of network equipment monitoring method of unifying to control and can not increase cost burden.
Another purpose of the present invention is to provide a kind of network equipment monitoring method that can not occupy the frequency range of router.
Reach other purposes in order to achieve the above object; The present invention provides a kind of network equipment monitoring method then; In order to the network equipment of monitoring with the binding of network address translation router; This network address translation router records has network address translation table, and comprises the network address translation data of this network equipment in this network address translation table, and this network equipment monitoring method may further comprise the steps: 1) inquire the network address translation table of this network address translation router records in very first time point; 2) inquire the network address translation table of this network address translation router records in second time point; And 3) network address translation table that inquires for very first time point and analyze in the network address translation table that second time point inquires; And the network address translation data in analyzing the network address translation table that inquires from very first time point do not comprise when being in the network address translation table that second time point inquires, send warning message.
Therefore; Network equipment monitoring method of the present invention only needs originally just possessed the network address translation table that has through inquiry and phase-split network address transition router; Can when the network equipment generation abnormal conditions that link with the network address translation router, send warning message, than prior art, the present invention not only must extraly not be provided with relevant repayment mechanism at the network equipment; Can not make the user hold the doubt that produces the information security aspect yet; More can not increase the cost of dealer's end or user's end, simultaneously, also have the advantage that to unify to control and can not occupy the router frequency range.
Description of drawings
Figure 1A is a kind of existing enforcement configuration diagram of the network equipment being monitored processing;
Figure 1B is another kind of existing enforcement configuration diagram of the network equipment being monitored processing;
Fig. 1 C is another existing enforcement configuration diagram of the network equipment being monitored processing;
Fig. 2 is for carrying out a system architecture sketch map of network equipment monitoring method of the present invention;
The network address translation table of Fig. 3 for being inquired in the network equipment monitoring method processing procedure of the present invention; And
Fig. 4 another network address translation table for being inquired in the network equipment monitoring method processing procedure of the present invention.
The main element symbol description
1,1a, 1b monitor main frame
2,3 routers
2 ' network address translation router
4,5,6 network equipments
7 network systems
8 servers
L1, L2 repay route
L3, L4, L5, L6 inquire route
The L7 enquiring route
T1, T2 network address translation table.
Embodiment
Below through specific practical implementation form technology contents of the present invention is described, those skilled in the art can understand other advantages of the present invention and effect easily by the content that this specification disclosed.Certainly, the present invention also can implement or use through other different practical implementation forms.
For clear understanding network equipment monitoring method of the present invention, see also Fig. 2, it carries out the system architecture sketch map of network equipment monitoring method of the present invention in order to explanation.
Network equipment monitoring method of the present invention is applied to network address translation (Network Address Translation; NAT) under the system architecture; In order to monitoring and network address translation (nat) router two ' status of equipment of the network equipment 4,5 that links; Wherein, the network address translation router two ' can record network address translation table (NAT table), and comprise the respectively network address translation data of this network equipment in this network address translation table.
The network address translation router two ' can with for example be internet (internet) or VPN (Virtual private network; VPN) network system 7 is connected, and network system 7 also can link the monitoring main frame 1 that is arranged at network dealer end is arranged.Thus; The network equipment 4,5 can be through the network address translation router two ' and through network system 7 for example (Session Initiation Protocol, SIP) server 8 of service end sends log-on message or other similar information for session initiation protocol to being arranged at other ends.And described network address translation data then can comprise corresponding to the network equipment 4,5 and are arranged at network convention, internet protocol address, and the network terminal slogan of the server 8 of other ends.
Actual when carrying out network equipment monitoring method of the present invention, inquire the network address translation router two prior to very first time point order monitoring main frame 1 ' network address translation table of record.Then, inquire the network address translation router two in second time point order monitoring main frame 1 again ' network address translation table of record.Thereafter; Satisfy again network address translation table that 1 pair in order monitoring main frame before inquired in very first time point and analyze in the network address translation table that second time point inquires; And the network address translation data in analyzing the network address translation table that inquires from very first time point do not comprise when being in the network address translation table that second time point inquires, immediately send warning message.
For instance, if the internet protocol address before the network convention of the network equipment 4, conversion, the network terminal slogan before the conversion, the internet protocol address after the conversion, and conversion after the network terminal slogan be respectively " UDP ", " 192.168.0.1 ", " 5060 ", " 61.219.12.3 " reaches " 1000 "; Internet protocol address before the network convention of the network equipment 5, the conversion, the network terminal slogan before the conversion, the internet protocol address after the conversion, and conversion after the network terminal slogan be respectively " UDP ", " 192.168.0.2 ", " 5060 ", " 61.219.12.3 " reaches " 2000 "; The internet protocol address of server 8 and network terminal slogan are respectively " 203.66.96.148 " and reach " 5060 ".Then at very first time point instantly, suppose that the network equipment 4,5 all is in normal condition, according to previous example, then monitoring main frame 1 can be according to enquiring route L7 automatic network address transition router two in very first time point ' inquire network address translation table T1 as shown in Figure 3.But suppose that in second time point instantly the unusual condition of damage has taken place for example to do the network equipment 5, then monitoring main frame 1 can be according to enquiring route L7 in the second time point automatic network address transition router two ' inquire network address translation table T2 as shown in Figure 4.
And when monitoring main frame 1 after the network address translation table T1 that inquires and the network address translation table T2 that inquires are analyzed; Promptly can find the network address translation router two ' though normally record network address translation data instantly, do not record the network address translation data of representing the network equipment 5 instantly at second time point corresponding to the network equipment 5 and server 8 at very first time point.At this moment, monitoring main frame 1 can be judged the network equipment 5 unusual condition possibly take place, so immediately to the network address translation router two ' send warning message, to notify relevant maintenance personal the network equipment 5 is keeped in repair.
What need replenish is that monitoring main frame 1 also optionally sends warning message through other modes, for example sends the SMS with warning message and gives relevant maintenance personal.Moreover; Except carrying out the network equipment monitoring method of the present invention as executive agent with the monitoring main frame 1 that is arranged at network dealer end; Also can optionally carry out, so that preferable enforcement elasticity to be provided in response to different actual demands through the executive agent that is arranged at other ends.
In sum; Network equipment monitoring method of the present invention; Only need through the network address translation table of inquiring about and phase-split network address transition router originally just possessed; Can immediately be directed against when any abnormal conditions take place the network equipment with the binding of network address translation router and send warning message, so than prior art, the present invention has advantage at least:
1) must not repay on one's own initiative by the network equipment that links with the network address translation router, so, not be used in that the network equipment is extra to be provided with relevant repayment mechanism, it is low to implement difficulty.
2) must initiatively not inquire the network equipment that links with the network address translation router, so, can not make the user hold the doubt that produces any information security aspect.
3) must not hold the monitoring main frame is set individually in the user who disperses various places, so, not only can not increase the cost of dealer's end or user's end, also can supply network dealer end to unify control.
4) the monitoring main frame is linked through the network address translation router and the network equipment, so, can not occupy network address translation router frequency range, do not influence the utilization benefit of network address translation router.
But above-mentioned example is illustrative principle of the present invention and effect thereof only, but not is used to limit the present invention.Any those skilled in the art all can be under spirit of the present invention and category, and above-mentioned example is modified and changed.Therefore, rights protection scope of the present invention should be listed like claims.
Claims (5)
1. network equipment monitoring method; In order to the network equipment of monitoring with the binding of network address translation router; This network address translation router records has network address translation table; And comprise the network address translation data of this network equipment in this network address translation table, it is characterized in that this network equipment monitoring method may further comprise the steps:
1) inquires the network address translation table of this network address translation router records in very first time point;
2) inquire the network address translation table of this network address translation router records in second time point; And
3) network address translation table that inquires for very first time point and analyze in the network address translation table that second time point inquires; And the network address translation data in analyzing the network address translation table that inquires from very first time point do not comprise when being in the network address translation table that second time point inquires, send warning message.
2. according to the described network equipment monitoring method of claim 1, it is to be carried out by the monitoring main frame that links with this network system, and in this step 3), is by this monitoring main frame this warning message to be issued this network address translation router.
3. according to the described network equipment monitoring method of claim 1; It is characterized in that; This network address translation router and network system are connected, and this network equipment can send information to the server of other ends through this network address translation router and through this network system.
4. according to the described network equipment monitoring method of claim 3, it is characterized in that these network address translation data comprise network convention, internet protocol address and the network terminal slogan corresponding to the server of this network equipment and these other ends.
5. according to the described network equipment monitoring method of claim 3, it is characterized in that this network system refers to internet or VPN, and this server is the session initiation protocol service end.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW099141840 | 2010-12-02 | ||
| TW99141840A TWI419513B (en) | 2010-12-02 | 2010-12-02 | Network apparatus monitoring method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102487408A true CN102487408A (en) | 2012-06-06 |
Family
ID=46152861
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100064245A Pending CN102487408A (en) | 2010-12-02 | 2011-01-05 | Network equipment monitoring method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102487408A (en) |
| TW (1) | TWI419513B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1489817A1 (en) * | 2003-06-19 | 2004-12-22 | Samsung Electronics Co., Ltd. | Apparatus and method for detecting duplicate IP addresses in mobile ad hoc network environment |
| CN101083594A (en) * | 2006-05-31 | 2007-12-05 | 西门子通信技术(北京)有限公司 | Method and system for managing network appliance |
| CN101515297A (en) * | 2009-04-16 | 2009-08-26 | 浙江浙大中控信息技术有限公司 | History data inquiry method, route server and inquiry terminal and system |
| CN101886956A (en) * | 2009-05-11 | 2010-11-17 | 北京时代凌宇科技有限公司 | Strain force measuring device and system based on wireless sensor network |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100765325B1 (en) * | 2006-02-13 | 2007-10-09 | 삼성전자주식회사 | Symmetric Network Address Translator using STUN and Method Thereof |
| CN101047548A (en) * | 2006-03-31 | 2007-10-03 | 株式会社日立制作所 | Communication in multiple NAT private network |
| US7881318B2 (en) * | 2007-02-28 | 2011-02-01 | Microsoft Corporation | Out-of-band keep-alive mechanism for clients associated with network address translation systems |
| US8751669B2 (en) * | 2007-12-20 | 2014-06-10 | Telefonaktiebolaget L M Ericsson (Publ) | Method and arrangement to maintain a TCP connection |
-
2010
- 2010-12-02 TW TW99141840A patent/TWI419513B/en not_active IP Right Cessation
-
2011
- 2011-01-05 CN CN2011100064245A patent/CN102487408A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1489817A1 (en) * | 2003-06-19 | 2004-12-22 | Samsung Electronics Co., Ltd. | Apparatus and method for detecting duplicate IP addresses in mobile ad hoc network environment |
| CN101083594A (en) * | 2006-05-31 | 2007-12-05 | 西门子通信技术(北京)有限公司 | Method and system for managing network appliance |
| CN101515297A (en) * | 2009-04-16 | 2009-08-26 | 浙江浙大中控信息技术有限公司 | History data inquiry method, route server and inquiry terminal and system |
| CN101886956A (en) * | 2009-05-11 | 2010-11-17 | 北京时代凌宇科技有限公司 | Strain force measuring device and system based on wireless sensor network |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201225580A (en) | 2012-06-16 |
| TWI419513B (en) | 2013-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9185093B2 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
| US9860107B2 (en) | Computer network system and a method for monitoring and controlling a network | |
| US8997202B2 (en) | System for secure transfer of information from an industrial control system network | |
| CN102523218B (en) | Network safety protection method, equipment and system thereof | |
| CN102884764B (en) | Message receiving method, deep packet inspection device, and system | |
| US20170134957A1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
| US20200045073A1 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
| CN108965123A (en) | A kind of link switch-over method and network communicating system | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| US9338657B2 (en) | System and method for correlating security events with subscriber information in a mobile network environment | |
| CN106878135A (en) | A kind of connection method and device | |
| CN105071989A (en) | Video content distribution quality monitoring system and monitoring method therefor | |
| CN101465763A (en) | Method for monitoring and analyzing user terminal network appliance flux | |
| CN107911496A (en) | A kind of VPN service terminal acts on behalf of the method and device of DNS | |
| CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
| CN105323128A (en) | Method, device and system for connecting front-end device to server | |
| CN105262628A (en) | Campus dormitory network management system based on multi-operator link sharing | |
| WO2015121389A1 (en) | Method and hardware device for remotely connecting to and controlling a private branch exchange | |
| CN102487408A (en) | Network equipment monitoring method | |
| JP6151827B2 (en) | Monitoring control device, monitoring device, monitoring system, and monitoring program | |
| CN104954440A (en) | Operation and maintenance system and method of Android set-top box | |
| JP5955720B2 (en) | Monitoring device, monitoring method and monitoring program | |
| CN106452896A (en) | Method and system for realizing virtual special network platform | |
| Feld et al. | Objectives and added value of an Internet Key Figure System for Germany | |
| Kloiber et al. | Test-beds and guidelines for securing IoT products and for |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120606 |