CN102497298B - Network audit equipment and method based on flow statistic network card - Google Patents

Network audit equipment and method based on flow statistic network card Download PDF

Info

Publication number
CN102497298B
CN102497298B CN 201110427091 CN201110427091A CN102497298B CN 102497298 B CN102497298 B CN 102497298B CN 201110427091 CN201110427091 CN 201110427091 CN 201110427091 A CN201110427091 A CN 201110427091A CN 102497298 B CN102497298 B CN 102497298B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
statistics
module
network
card
traffic statistics
Prior art date
Application number
CN 201110427091
Other languages
Chinese (zh)
Other versions
CN102497298A (en )
Inventor
刘朝辉
窦晓光
李锋伟
刘灿
邵宗有
Original Assignee
曙光信息产业(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明提供一种基于流量统计网卡的网络审计设备和方法,所述流量统计设备由网络统计网卡和网络审计软件够成,流量统计网卡硬件芯片上实现报文分类和报文统计两个模块。 The present invention provides an apparatus and method for auditing the network traffic statistics based on the card, the device by the network traffic statistics and network statistics card auditing software enough to achieve packet classification and packet statistics on traffic statistics two modules hardware chip card. 基本流量统计结果通过硬件寄存器供软件读取,需要进行内容分析的数据才上传给软件。 The basic data for traffic statistics software reads the hardware registers, the need for content analysis was uploaded to the software. 与现有技术相比,本发明的有益效果在于:提升流量审计设备的性能。 Compared with the prior art, the beneficial effects of the present invention is: to enhance the performance of flow equipment audit.

Description

一种基于流量统计网卡的网络审计设备和方法 A network audit apparatus and method for card-based traffic statistics

技术领域 FIELD

[0001] 本发明属于网络数据处理领域,具体涉及一种基于流量统计网卡的网络审计设备和方法。 [0001] The present invention belongs to the field of data processing networks, particularly relates to apparatus and method for auditing the network traffic statistics based on the network card.

背景技术 Background technique

[0002] 流量审计设备是指IDS等对网络流量和内容进行审计的设备,这类设备需要对网络流量中各种类型的报文特征,和网络传输的内容进行识别、统计和分析。 [0002] Flow audit apparatus refers to the content of the network traffic and the like IDS audit equipment, such equipment packets as required for various types of network traffic characteristics, and identifying the content transmitted over the network, statistics and analysis. 一般高速网络审计设备包括两部分功能,一部分是基本的流量统计,比如某个端口、ip、协议的流量计数,另一部分是对网络数据内容的分析。 General high-speed network audit function device consists of two parts, one is the basic traffic statistics, such as a port number of the flow meter, ip, protocol, and the other part is the analysis of network data content. 其中,前者的处理过程简单固定,但需要处理所有的数据,后者处理过程复杂但需要处理的数据较少。 Wherein the fixed former process is simple, but requires all of the data processing, which process is less complex, but data to be processed. 在高速网络的应用环境中,网络审计对设备性能要求很高。 In the application of high-speed network environment, the network device audit of high performance requirements.

[0003] 专利号“CN200610124026.2”发明名称为“一种网络流量统计的方法及系统”,公开了一种网络流量的统计方法,包括:网络流量订阅设备向网络流量统计设备发送SIP订阅消息,请求订阅网络流量;网络流量统计设备根据接收到的所述SIP订阅消息进行网络流量统计;网络流量统计设备通过SIP通知消息将网络流量统计结果返回给网络流量订阅设备。 [0003] Patent No. "CN200610124026.2" entitled "Method and system for network traffic statistics", discloses a method of network traffic statistics, comprising: a device to subscribe to network traffic network traffic statistics device sends a SIP SUBSCRIBE message , request to subscribe network traffic; network traffic statistics for network traffic statistics device according to the received SIP SUBSCRIBE message; network traffic statistics device notification message SIP network traffic back to the network traffic statistics subscription device. 本发明还公开了一种网络流量统计系统。 The present invention also discloses a system of network traffic statistics. 采用本发明,使得软交换和SIP服务器可以方便地获取SIP终端和媒体网关的流量信息,从而使得运营商可以根据统计的数据包和信令流量为用户提供相应的服务措施。 According to the present invention, so that softswitch and SIP server can easily obtain flow information of the SIP terminal and a media gateway, so that the operator may provide service action data packets according to user traffic statistics and signaling.

[0004] 专利号“CN201110055849.5”发明名称为“一种网络流量确定方法、装置及网络设备”,公开了一种网路流量确定方法、装置及网络设备,用以解决现有技术无法准确、有效确定网络流量的问题。 [0004] Patent No. "CN201110055849.5" entitled "A network flow rate determination method, apparatus and network device", discloses a method for determining network traffic, network equipment, and means to solve the prior art can not be accurately effectively identify problems that network traffic. 该方法通过获取统计周期内每个接口在每个采集时刻的数据转发速率,并将获取的该数据转发速率保存到存储空间中,根据存储空间中保存的每个数据转发速率,确定该接口的网络流量。 The method by obtaining each of the interface data-transfer rate at the time of acquisition of each statistical period, and the acquired saved data forwarding rate into the storage space, according to each of the data forwarding rate stored in the storage space, the interface is determined Network traffic. 由于在本发明实施例中获取统计周期内每个采集时刻该接口的数据转发速率,根据获取的每个数据转发速率,确定该接口的网络流量,因此可以有效的避免短时突发数据,对确定网络流量准确性的影响,从而提高了确定的网络流量的准确性。 Since the data transfer rate acquired embodiment each acquisition period of the statistical time within the interface in the embodiment of the present invention, according to each of the acquired data transfer rate, determining the flow rate of the network interface, it is possible to effectively prevent short burst of data, determine the impact of the accuracy of network traffic, thereby improving the accuracy of determining the network traffic.

[0005] 但上述系统是由网络审计软件和通用硬件实现的,通用硬件把所有流量采集到软件中,由软件进行基本的流量统计和数据内容的分析。 [0005] However, the above system is a network audit software and hardware implementation of common, general purpose hardware to all traffic data collection software, the software performed by the basic traffic statistics and analysis of the data content. 因为基本流量统计的工作是每个报文都需要的,所以在高速网络上,软件实现的流量统计需要消耗大量的计算资源,效率较低。 Because the work is basic traffic statistics for each packet are needed, so the high-speed network, traffic statistics software needs to consume a large amount of computing resources, low efficiency.

发明内容 SUMMARY

[0006] 本发明克服现有技术不足,基于专用的流量统计网卡实现网络审计设备,提高网络审计设备的效率。 [0006] The present invention overcomes the deficiencies of the prior art, network device based on the audit card-specific traffic statistics, auditing devices to improve the efficiency of the network.

[0007] 本发明提供了一种基于流量统计网卡的网络审计设备,其包括网络审计软件模块和流量统计网卡模块,该流量统计网卡模块包括报文分类模块和报文统计模块。 [0007] The present invention provides an apparatus for auditing the network traffic statistics based on the card, which includes a network audit software modules and network adapter modules traffic statistics, the traffic statistics module card comprises a packet classification module and the message statistics module.

[0008] 本发明提供的基于流量统计网卡的网络审计设备,其网络审计软件模块包括内容分析模块和流量统计模块。 [0008] Based on the network traffic statistics card audit apparatus provided by the invention, which comprises a network audit software module and content analysis module traffic statistics module.

[0009] 本发明提供的基于流量统计网卡的网络审计设备,其流量统计网卡模块的报文分类模块将需要进行内容分析的流量上传给网络审计软件模块中的内容分析模块。 Flow [0009]-based network equipment traffic statistics audit card, its traffic statistics network adapter modules packet classification module will need to be content analysis of the present invention provides upload to the network audit software module content analysis module.

[0010] 本发明提供的基于流量统计网卡的网络审计设备,其网络审计软件模块包括统计寄存器模块,用于存储报文统计模块上传的数据并传给流量统计模块。 [0010] Based on the network traffic statistics card audit device, which includes a network audit software module statistics register block for storing data packets transmitted statistics module and uploaded traffic statistics module of the present invention is provided.

[0011] 本发明提供的基于流量统计网卡的网络审计设备,其报文分类模块根据网卡ip、端口、协议、长度等特征把报文分类处理。 [0011] Based on the network traffic statistics card audit device which packet classification module to classify the packets according to the process of the present invention provides NIC IP, port, protocol, characterized in length.

[0012] 本发明提供的基于流量统计网卡的网络审计设备,其报文统计模块根据报文特征进行统计并更新网络审计软件模块中可读取的统计寄存器模块。 [0012] The present invention provides a device based on network traffic statistics card audit, which packet statistics The statistics module wherein packets and update statistics register block network audit software module can read.

[0013] 本发明还提供了一种基于流量统计网卡的网络审计方法,在所述流量统计网卡的硬件芯片上实现报文分类和报文统计。 [0013] The present invention further provides a method of auditing the network traffic statistics based on the network card, packet classification and to achieve packet statistics on the traffic statistics hardware chip card.

[0014] 本发明提供的基于流量统计网卡的网络审计方法,输入流量到达所述流量统计网卡后,根据网卡ip、端口、协议、长度等特征把报文分类处理,需要进行内容分析的流量上传给软件,需要基本统计信息的数据传给报文统计模块。 [0014] The method of auditing network traffic statistics based on the card, after the arrival of the input flow traffic statistics card, according to card IP, port, protocol, wherein the length of the packet classification process provided by the present invention, the need for analysis of the traffic content upload to the software, basic statistical information required data to the packet statistics module.

[0015] 本发明提供的基于流量统计网卡的网络审计方法,所述根据报文特征,在硬件中进行报文统计,并更新软件可读取的统计寄存器。 [0015] The present invention provides, according to the message characteristics, network traffic statistics card audit method based on statistics packets in hardware, software, and update statistics register can be read.

[0016] 本发明提供的基于流量统计网卡的网络审计方法,网络审计软件从所述流量统计网卡获得需要进行内容分析的网络流量,同时从硬件寄存器读取流量统计信息,软件把两者结合实现全面的网络审计。 [0016] The present invention provides a method of auditing the network traffic statistics based on the network card, a network audit software needs to obtain network traffic and content analysis of traffic statistics from the card, while the read traffic statistics from hardware registers, software, a combination of both to achieve comprehensive network audit.

[0017] 本发明基于专用的流量统计网卡实现网络审计设备,流量统计网卡是专门定制的硬件网卡,可以在硬件中对输入流量实现基本的分类和统计,基本流量统计结果通过硬件寄存器供软件读取,需要进行内容分析的数据才上传给软件。 [0017] The present invention is dedicated traffic statistics card for network audit equipment, traffic statistics card is customized hardware card, can achieve the basic classification and count of incoming traffic in the hardware-based basic traffic statistics for software reading a hardware register take, the need for content analysis of the data was uploaded to the software.

[0018] 与现有技术相比,本发明的有益效果在于:本发明可以提升流量审计设备的性能。 [0018] Compared with the prior art, the beneficial effects of the present invention is that: the present invention can improve the performance of flow equipment audit.

附图说明 BRIEF DESCRIPTION

[0019] 图1是本发明的结构示意图。 [0019] FIG. 1 is a structural diagram of the present invention.

具体实施方式 detailed description

[0020]图1是本发明的结构示意图,包括网络审计软件模块和流量统计网卡模块,该流量统计网卡模块包括报文分类模块和报文统计模块而其网络审计软件模块包括内容分析模块和流量统计模块以及统计寄存器模块,用于存储报文统计模块上传的数据并传给流量统计模块。 [0020] FIG. 1 is a structural diagram of the present invention, comprising a network audit software modules and traffic statistics card module, the traffic statistics card module comprises a packet classification module and the message statistics module with its network audit software module comprises a content analysis module and flow statistics module and statistics module registers for storing data packets statistics module to upload and pass traffic statistics module.

[0021] 其中流量统计网卡模块的报文分类模块根据网卡ip、端口、协议、长度等特征把报文分类处理,将需要进行内容分析的流量上传给网络审计软件模块中的内容分析模块。 [0021] wherein the traffic statistics card module according to the message classification module NIC IP, port, protocol, wherein the length of the packet sorting process, will need to be uploaded to the content analysis of traffic network audit software modules content analysis module. 其中报文统计模块根据报文特征进行统计并更新网络审计软件模块中可读取的统计寄存器模块。 Wherein the message statistics The statistics module wherein packets and update statistics register block network audit software module can read.

[0022] 本发明的实现方法和过程如下: [0022] implementing the methods and processes of the present invention are as follows:

[0023] (I)流量统计网卡硬件芯片上实现报文分类和报文统计两个模块。 [0023] implementing packet classification and packet statistics on two modules (I) traffic statistics LAN hardware chips.

[0024] (2)输入流量到达流量统计网卡后,报文分类模块根据网卡ip、端口、协议、长度等特征把报文分类处理,需要进行内容分析的流量上传给软件,需要基本统计信息的数据传给报文统计模块。 [0024] (2) feed rate reaches traffic statistics card, packet classification module according to the NIC IP, port, protocol, length wherein the packet classification process, the need for software content analysis flow uploaded to the required basic statistics data to packet statistics module.

[0025] (3)报文统计模块根据报文特征,在硬件中进行统计,并更新软件可读取的统计寄存器。 [0025] (3) packet according to the packet statistics module characteristics, statistics in hardware, software, and update statistics register can be read.

[0026] (4)网络审计软件的内容分析模块从网卡获得需要进行内容分析的网络流量,流量统计模块从硬件寄存器读取流量统计信息,软件把两者结合实现全面的网络审计。 [0026] (4) network auditing software content analysis module to obtain content analysis of network traffic required from the card, traffic statistics module reads the traffic statistics from hardware registers, software, combining the two to achieve full network audit.

[0027] 本发明是在高速网络上,可以提升流量审计设备的性能。 [0027] The present invention is a high-speed network traffic can improve the performance of the audit apparatus.

[0028] 以上实施例仅用以说明本发明的技术方案而非对其限制,尽管参照上述实施例对本发明进行了详细的说明,所述领域的普通技术人员应当理解:依然可以对本发明的具体实施方式进行修改或者同等替换,而未脱离本发明精神和范围的任何修改或者等同替换,其均应涵盖在本发明的权利要求范围当中。 [0028] The above embodiments are intended to illustrate the present invention but not to limit, although the above-described embodiments with reference to embodiments of the present invention has been described in detail, one of ordinary skill in the art should be understood: still specific to the invention embodiment modifications or equivalent replacements without departing from the spirit and scope of any modifications or equivalents of the present invention, which should be covered by the present invention as claimed in which the required range.

Claims (1)

  1. 1.一种基于流量统计网卡的网络审计设备,其包括网络审计软件模块和流量统计网卡模块,其特征在于流量统计网卡模块包括报文分类模块和报文统计模块; 网络审计软件模块包括内容分析模块和流量统计模块; 流量统计网卡模块的报文分类模块将需要进行内容分析的流量上传给网络审计软件模块中的内容分析模块; 网络审计软件模块包括统计寄存器模块,用于存储报文统计模块上传的数据并传给流量统计模块; 报文统计模块根据报文特征进行统计并更新网络审计软件模块中可读取的统计寄存器模块; 报文分类模块根据网卡ip、端口、协议、长度特征把报文分类处理; 基于流量统计网卡的网络审计设备的过程如下:在所述流量统计网卡的硬件芯片上实现报文分类和报文统计; 网络审计软件从所述流量统计网卡获得需要进行内容分析的网络流量, A device based on the network traffic statistics card audit, comprising software modules and network traffic statistics audit card module, wherein the module comprises a card traffic statistics packet classification module and the message statistics module; network audit software modules include content analysis traffic statistics module and a module; the flow of traffic statistics module card packet classification module will need to be uploaded to the content analysis of the content of network auditing software module analysis module; network auditing software modules including statistical register module for storing the packet statistics module uploading the data and pass traffic statistics module; the message statistics the statistics module wherein packets and update statistics register block network audit software module can be read; packet classification module according to the NIC IP, port, protocol, wherein the length packet classification process; based on traffic statistics network equipment audit card is as follows: to achieve packet classification and packet statistics on the traffic statistics hardware chip card; network auditing software obtained from the analysis of the need for content traffic statistics card network traffic, 时从统计寄存器读取流量统计信息,网络审计软件把两者结合实现全面的网络审计; 输入流量到达所述流量统计网卡后,根据网卡ip、端口、协议、长度特征把报文分类处理,需要进行内容分析的流量上传给网络审计软件中的内容分析模块,需要基本统计信息的数据传给报文统计模块; 根据报文特征,在硬件中进行报文统计,并更新软件可读取的统计寄存器。 When the register is read from the statistical traffic statistics, network audit software to achieve a comprehensive combination of both network auditing; after reaching the input flow traffic statistics card, according to card IP, port, protocol, wherein the length of the packet classification process, it is necessary traffic content analysis of network auditing software to upload content analysis module, the basic statistical information required data to the packet statistics module; according to the packet characteristics, traffic statistics, in hardware, and software updates can be read statistics register.
CN 201110427091 2011-12-19 2011-12-19 Network audit equipment and method based on flow statistic network card CN102497298B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110427091 CN102497298B (en) 2011-12-19 2011-12-19 Network audit equipment and method based on flow statistic network card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110427091 CN102497298B (en) 2011-12-19 2011-12-19 Network audit equipment and method based on flow statistic network card

Publications (2)

Publication Number Publication Date
CN102497298A true CN102497298A (en) 2012-06-13
CN102497298B true CN102497298B (en) 2015-04-01

Family

ID=46189086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110427091 CN102497298B (en) 2011-12-19 2011-12-19 Network audit equipment and method based on flow statistic network card

Country Status (1)

Country Link
CN (1) CN102497298B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904729B (en) * 2012-10-26 2018-05-01 曙光信息产业(北京)有限公司 Under the agreement, the port bypass support multi-application smart card acceleration
CN102904730A (en) * 2012-10-26 2013-01-30 曙光信息产业(北京)有限公司 Intelligent acceleration network card capable of filtering and picking traffic according to protocol, port and IP address
CN105978706A (en) * 2016-04-14 2016-09-28 丽水市睿鼎知识产权咨询有限公司 Network traffic linkage auditing equipment and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257399A (en) * 2007-12-29 2008-09-03 中国移动通信集团四川有限公司 Service system united safe platform
CN101459523A (en) * 2007-12-12 2009-06-17 浪潮乐金数字移动通信有限公司 On-line traffic statistical method and device based on mobile communication terminal
US7735140B2 (en) * 2004-06-08 2010-06-08 Cisco Technology, Inc. Method and apparatus providing unified compliant network audit
US7826377B2 (en) * 2006-06-16 2010-11-02 Ixia Memory access optimization and communications statistics computation
CN102195868A (en) * 2010-12-17 2011-09-21 曙光信息产业(北京)有限公司 Method and device for dynamically classifying network messages at high efficiency

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1196296C (en) * 2001-12-04 2005-04-06 上海复旦光华信息科技股份有限公司 Easy-to-expand network invasion detecting and safety auditing system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7735140B2 (en) * 2004-06-08 2010-06-08 Cisco Technology, Inc. Method and apparatus providing unified compliant network audit
US7826377B2 (en) * 2006-06-16 2010-11-02 Ixia Memory access optimization and communications statistics computation
CN101459523A (en) * 2007-12-12 2009-06-17 浪潮乐金数字移动通信有限公司 On-line traffic statistical method and device based on mobile communication terminal
CN101257399A (en) * 2007-12-29 2008-09-03 中国移动通信集团四川有限公司 Service system united safe platform
CN102195868A (en) * 2010-12-17 2011-09-21 曙光信息产业(北京)有限公司 Method and device for dynamically classifying network messages at high efficiency

Also Published As

Publication number Publication date Type
CN102497298A (en) 2012-06-13 application

Similar Documents

Publication Publication Date Title
US7171464B1 (en) Method of tracing data traffic on a network
US20090310491A1 (en) Distributed Flow Analysis
CN101202652A (en) Device for classifying and recognizing network application flow quantity and method thereof
US20080144655A1 (en) Systems, methods, and computer program products for passively transforming internet protocol (IP) network traffic
CN1750485A (en) Network simulation detection system and method
US20070291654A1 (en) Memory Access Optimization and Communications Statistics Computation
US20030081623A1 (en) Virtual queues in a single queue in the bandwidth management traffic-shaping cell
CN1564547A (en) High speed filtering and stream dividing method for keeping connection features
CN101217467A (en) An inter-core load dispensing device and method
CN101321090A (en) Statistical method and device for performance data
US20080168190A1 (en) Input/Output Tracing in a Protocol Offload System
CN1933431A (en) Method for detecting QoS
CN1798043A (en) Device and method for implementing charge of flow rate by using shunt mode
CN101605018A (en) Method, device and system for decoding depth message detection protocol based on stream
CN102025650A (en) Message processing system and message processing method of enterprise service bus
CN101068242B (en) Method for obtaining internal and external network address mapping relation in safety auditing system
CN102006588A (en) Method and system for monitoring network behavior of smart mobile phone
US20070223385A1 (en) Method and system of using counters to monitor a system port buffer
CN102104611A (en) Promiscuous mode-based DDoS (Distributed Denial of Service) attack detection method and device
CN101902484A (en) Method and system for classifying local area network http application services
CN102629909A (en) Traffic counting method and system based on processes
CN104579823A (en) Large-data-flow-based network traffic abnormality detection system and method
US8134927B2 (en) Apparatus and methods for capturing data packets from a network
CN103067943A (en) Method for confirming existence of WiFi (wireless fidelity) mobile terminal and counting number thereof
US8954080B2 (en) Monitoring traffic across diameter core agents

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
C41 Transfer of patent application or patent right or utility model