CN102523221B - Detection method of data message and network safety detection device - Google Patents

Detection method of data message and network safety detection device Download PDF

Info

Publication number
CN102523221B
CN102523221B CN201110430380.9A CN201110430380A CN102523221B CN 102523221 B CN102523221 B CN 102523221B CN 201110430380 A CN201110430380 A CN 201110430380A CN 102523221 B CN102523221 B CN 102523221B
Authority
CN
China
Prior art keywords
network security
equipment
detection messages
security checkout
checkout equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110430380.9A
Other languages
Chinese (zh)
Other versions
CN102523221A (en
Inventor
邹昕
鲁松
张良
张晓明
王勇
王维晟
王万振
云长江
雷新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
National Computer Network and Information Security Management Center
Original Assignee
Huawei Technologies Co Ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd, National Computer Network and Information Security Management Center filed Critical Huawei Technologies Co Ltd
Priority to CN201110430380.9A priority Critical patent/CN102523221B/en
Publication of CN102523221A publication Critical patent/CN102523221A/en
Application granted granted Critical
Publication of CN102523221B publication Critical patent/CN102523221B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The invention provides a detection method of data message and a network safety detection device. The network safety detection device generates detection message containing inlet port information of the network safety detection device according to obtained data message transmitted by a network device and transmits the detection message to an analyzing device to enable the analyzing device to locate the corresponding network device according to the inlet port information. The detection method and the network safety detection device resolve the problem in the prior art that the analyzing device cannot accurately locate the network device where the data message comes and achieve the effect that the analyzing device can accurately locate the network device where the data message comes, thereby improving manageability and maintainability of the network device, improving management and maintenance efficiency of the network device or the network safety detection device and simultaneously reducing management and maintenance cost of the network device or the network safety detection device.

Description

The detection method of data message and network security checkout equipment
Technical field
The present invention relates to detection technique, relate in particular to a kind of detection method and network security checkout equipment of data message.
Background technology
In existing network, safe consideration Network Based, need to analyze data message.For example: network security checkout equipment is by point-to-point protocol (the Point-to-Point Protocol of network equipment transmission, abbreviation PPP) data message or High-Level Data Link Control (the High-Level Data Link Control of protocol massages form, abbreviation HDLC) data message of protocol massages form converts the data message of Ethernet message format to, and send to analytical equipment, whether by analytical equipment, the data message of the Ethernet message format receiving is carried out to data analysis, be legal data message.
Yet, when analytical equipment detects data message, cannot accurately locate this data message from the network equipment, caused the difficulty that administers and maintains of the network equipment or network security checkout equipment, thereby reduced the efficiency that administers and maintains of the network equipment or network security checkout equipment.
Summary of the invention
The invention provides a kind of detection method and network security checkout equipment of data message, in order to solve in prior art the accurately problem of the network equipment at locator data message place of analytical equipment.
According to the embodiment of the present invention aspect, a kind of detection method of data message, comprising:
Network security checkout equipment obtains the data message of network equipment transmission;
Described network security checkout equipment, according to described data message, generates detection messages, the ingress port information that comprises described network security checkout equipment in described detection messages;
Described network security checkout equipment sends described detection messages to analytical equipment, so that described analytical equipment is located the corresponding network equipment according to described ingress port information.
According to the embodiment of the present invention on the other hand, a kind of network security checkout equipment, comprising:
Acquiring unit, for obtaining the data message of network equipment transmission;
Generation unit, for according to described data message, generates detection messages, the ingress port information that comprises described network security checkout equipment in described detection messages;
Transmitting element, for sending the detection messages of described generation unit, so that described analytical equipment is located the corresponding network equipment according to described ingress port information to analytical equipment.
As shown from the above technical solution, the data message that the embodiment of the present invention is transmitted according to the network equipment obtaining by network security checkout equipment, the detection messages of the ingress port information that generation comprises this network security checkout equipment, and send to analytical equipment, make above-mentioned analytical equipment to locate the corresponding network equipment according to above-mentioned ingress port information, can solve in prior art the accurately problem of the network equipment at locator data message place of analytical equipment, realized analytical equipment accurately locator data message from the network equipment, thereby manageability and the maintainability of the network equipment have been improved, improved the efficiency that administers and maintains of the network equipment or network security checkout equipment, reduced the cost that administers and maintains of the network equipment or network security checkout equipment simultaneously.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The schematic flow sheet of the detection method of the data message that Fig. 1 provides for one embodiment of the invention;
The structural representation of the network security checkout equipment that Fig. 2 provides for another embodiment of the present invention.
Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The schematic flow sheet of the detection method of the data message that Fig. 1 provides for one embodiment of the invention, as shown in Figure 1, the detection method of the data message of the present embodiment can comprise:
101, network security checkout equipment obtains the data message of network equipment transmission;
Alternatively, network security checkout equipment can obtain the data message of ppp protocol message format or the data message of HDLC protocol massages form of network equipment transmission; Or the data message that can also obtain the Ethernet message format of network equipment transmission, the present embodiment does not limit this.
102, above-mentioned network security checkout equipment, according to above-mentioned data message, generates detection messages, the ingress port information that comprises above-mentioned network security checkout equipment in above-mentioned detection messages;
Wherein, the ingress port information of above-mentioned network security checkout equipment can include but not limited to
The inbound port sign of the link that network security checkout equipment detects on network security checkout equipment; Or
The inbound port sign of the link that the link information that network security checkout equipment information, network security checkout equipment detect and network security checkout equipment detect on network security checkout equipment.
Alternatively, above-mentioned network security checkout equipment can be according to the above-mentioned data message obtaining, generate the detection messages of Ethernet message format, the ingress port information that comprises above-mentioned network security checkout equipment in the Ethernet message head of the detection messages of above-mentioned Ethernet message format, for example: (Media Access Control is called for short MAC) address is controlled in the media interviews of the inbound port of network security checkout equipment; Again for example: the device identification of network security checkout equipment (ID), veneer ID, subcard ID and inbound port ID.
Alternatively, in the present embodiment, above-mentioned network security checkout equipment can utilize the field newly increasing in above-mentioned Ethernet message head to carry above-mentioned ingress port information according to the above-mentioned data message obtaining, and generates above-mentioned detection messages.
Alternatively, in the present embodiment, above-mentioned network security checkout equipment can also utilize the hashed field in above-mentioned Ethernet message head to carry above-mentioned ingress port information according to the above-mentioned data message obtaining, and generates above-mentioned detection messages.Be understandable that: owing to having some fields in above-mentioned Ethernet message head, for example: source MAC (the Source MAC that carries out the MAC Address of port, be called for short SMAC) field such as address field, for analytical equipment, be nonsensical, can think hashed field.
For example: if above-mentioned network security checkout equipment is connected with above-mentioned analytical equipment by switching equipment, hashed field can be the SMAC address field in above-mentioned Ethernet message head; So, correspondingly, above-mentioned network security checkout equipment can utilize the SMAC address field in above-mentioned Ethernet message head according to the above-mentioned data message obtaining, and carries above-mentioned ingress port information, generates above-mentioned detection messages.
Again for example: if above-mentioned network security checkout equipment is not connected with above-mentioned analytical equipment by any switching equipment, be that above-mentioned network security checkout equipment is directly connected with above-mentioned analytical equipment, hashed field can be the SMAC address field in above-mentioned Ethernet message head, object MAC (Destination MAC is called for short DMAC) address field or type of message field; So, correspondingly, above-mentioned network security checkout equipment can, according to the above-mentioned data message obtaining, utilize SMAC address field, dmac address field or type of message field in above-mentioned Ethernet message head, carry above-mentioned ingress port information, generate above-mentioned detection messages.
103, above-mentioned network security checkout equipment sends above-mentioned detection messages to analytical equipment, so that above-mentioned analytical equipment is located the corresponding network equipment according to above-mentioned ingress port information.
In an application scenarios of the present embodiment, if above-mentioned network security checkout equipment is connected with above-mentioned analytical equipment by switching equipment, in the Ethernet message head of the detection messages of so above-mentioned Ethernet message format, can also further comprise the outbound port information of above-mentioned network security checkout equipment, so that above-mentioned analytical equipment can be determined the forward-path of above-mentioned detection messages according to above-mentioned ingress port information and above-mentioned outbound port information, thereby can effectively improve the reliability of detection.For example: above-mentioned network security checkout equipment can utilize the SMAC address field in above-mentioned Ethernet message head according to the above-mentioned data message obtaining, and carries above-mentioned outbound port information, generates above-mentioned detection messages.
Wherein, the outbound port information of above-mentioned network security checkout equipment can include but not limited to
The outbound port sign of detection messages on network security checkout equipment; Or
The Hash information of using when detection messages is selected port on network security checkout equipment and the detection messages outbound port sign on network security checkout equipment.
In the Another application scene of the present embodiment, in the Ethernet message head of the detection messages of above-mentioned Ethernet message format, can also further comprise the rule match information of above-mentioned detection messages, for example: Access Control List (ACL) (Access Control List, be called for short ACL) sign (ID) and corresponding rule number (Rulenumber), so that above-mentioned analytical equipment can be carried out administering and maintaining of the network equipment or network security checkout equipment according to above-mentioned rule match information, thereby can further effectively improve the reliability of detection.For example: above-mentioned network security checkout equipment can utilize SMAC address field, dmac address field or type of message field in above-mentioned Ethernet message head according to above-mentioned data message, carries above-mentioned rule match information, generates above-mentioned detection messages.
In the present embodiment, the data message transmitting according to the network equipment obtaining by network security checkout equipment, the detection messages of the ingress port information that generation comprises this network security checkout equipment, and send to analytical equipment, make above-mentioned analytical equipment to locate the corresponding network equipment according to above-mentioned ingress port information, can solve in prior art the accurately problem of the network equipment at locator data message place of analytical equipment, realized analytical equipment accurately locator data message from the network equipment, thereby manageability and the maintainability of the network equipment have been improved, improved the efficiency that administers and maintains of the network equipment or network security checkout equipment, reduced the cost that administers and maintains of the network equipment or network security checkout equipment simultaneously.
It should be noted that: for aforesaid each embodiment of the method, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the present invention is not subject to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part of detailed description, can be referring to the associated description of other embodiment.
The structural representation of the network security checkout equipment that Fig. 2 provides for another embodiment of the present invention, as shown in Figure 2, the network security checkout equipment of the present embodiment can comprise acquiring unit 21, generation unit 22 and transmitting element 23.Wherein, acquiring unit 21 is for obtaining the data message of network equipment transmission; The above-mentioned data message of generation unit 22 for obtaining according to acquiring unit 21, generates detection messages, the ingress port information that comprises above-mentioned network security checkout equipment in above-mentioned detection messages; Transmitting element 23 is for send the detection messages of generation unit 22 to analytical equipment, so that above-mentioned analytical equipment is located the corresponding network equipment according to above-mentioned ingress port information.
The network security checkout equipment that in embodiment corresponding to above-mentioned Fig. 1, the function of network security checkout equipment can be provided by the present embodiment is realized.
Alternatively, the data message that generation unit 22 in the present embodiment specifically can obtain according to above-mentioned acquiring unit, generate the detection messages of Ethernet message format, the ingress port information that comprises above-mentioned network security checkout equipment in the Ethernet message head of the detection messages of above-mentioned Ethernet message format.
Alternatively, in the present embodiment, generation unit 22 can utilize the hashed field in above-mentioned Ethernet message head to carry above-mentioned ingress port information according to the above-mentioned data message obtaining, and generates above-mentioned detection messages.Be understandable that: owing to having some fields in above-mentioned Ethernet message head, for example: source MAC (the Source MAC that carries out the MAC Address of port, be called for short SMAC) field such as address field, for analytical equipment, be nonsensical, can think hashed field.Be that generation unit 22 specifically can utilize SMAC address field, dmac address field or type of message field in above-mentioned Ethernet message head according to above-mentioned data message, carry above-mentioned ingress port information, generate above-mentioned detection messages.
For example: if above-mentioned network security checkout equipment is connected with above-mentioned analytical equipment by switching equipment, hashed field can be the SMAC address field in above-mentioned Ethernet message head; So, correspondingly, generation unit 22 can utilize the SMAC address field in above-mentioned Ethernet message head according to the above-mentioned data message obtaining, and carries above-mentioned ingress port information, generates above-mentioned detection messages.
Again for example: if above-mentioned network security checkout equipment is not connected with above-mentioned analytical equipment by any switching equipment, be that above-mentioned network security checkout equipment is directly connected with above-mentioned analytical equipment, hashed field can be the SMAC address field in above-mentioned Ethernet message head, dmac address field or type of message field; So, correspondingly, generation unit 22 can utilize SMAC address field, dmac address field or type of message field in above-mentioned Ethernet message head according to the above-mentioned data message obtaining, and carries above-mentioned ingress port information, generates above-mentioned detection messages.
In an application scenarios of the present embodiment, if above-mentioned network security checkout equipment is connected with above-mentioned analytical equipment by switching equipment, the outbound port information that can also further comprise above-mentioned network security checkout equipment in the Ethernet message head of the detection messages that generation unit 22 generates so, so that above-mentioned analytical equipment can be determined the forward-path of above-mentioned detection messages according to above-mentioned ingress port information and above-mentioned outbound port information, thereby can effectively improve the reliability of detection.For example: 22 of generation units can utilize the SMAC address field in above-mentioned Ethernet message head according to the above-mentioned data message obtaining, and carry above-mentioned outbound port information, generate above-mentioned detection messages.
In the Another application scene of the present embodiment, the rule match information that can also further comprise above-mentioned detection messages in the Ethernet message head of the detection messages that generation unit 22 generates, for example: ACL ID and corresponding rule number (Rule number), so that above-mentioned analytical equipment can be carried out administering and maintaining of the network equipment or network security checkout equipment according to above-mentioned rule match information, thereby can further effectively improve the reliability of detection.For example: 22 of generation units can utilize SMAC address field, dmac address field or type of message field in above-mentioned Ethernet message head according to above-mentioned data message, carry above-mentioned rule match information, generate above-mentioned detection messages.
In the present embodiment, the data message of the network equipment transmission that network security checkout equipment obtains according to acquiring unit by generation unit, the detection messages of the ingress port information that generation comprises this network security checkout equipment, and send to analytical equipment by transmitting element, make above-mentioned analytical equipment to locate the corresponding network equipment according to above-mentioned ingress port information, can solve in prior art the accurately problem of the network equipment at locator data message place of analytical equipment, realized analytical equipment accurately locator data message from the network equipment, thereby manageability and the maintainability of the network equipment have been improved, improved the efficiency that administers and maintains of the network equipment or network security checkout equipment, reduced the cost that administers and maintains of the network equipment or network security checkout equipment simultaneously.
Those skilled in the art can be well understood to, for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.
In the several embodiment that provide in the application, should be understood that, disclosed system, apparatus and method, can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, during actual realization, can have other dividing mode, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
The described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in a plurality of network element.Can select according to the actual needs some or all of unit wherein to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form that also can adopt hardware to add SFU software functional unit realizes.
The integrated unit that the above-mentioned form with SFU software functional unit realizes, can be stored in a computer read/write memory medium.Above-mentioned SFU software functional unit is stored in a storage medium, comprise some instructions with so that computer equipment (can be personal computer, server, or the network equipment etc.) carry out the part steps of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (Read-Only Memory, be called for short ROM), the various media that can be program code stored such as random access memory (Random Access Memory is called for short RAM), magnetic disc or CD.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (20)

1. a detection method for data message, is characterized in that, comprising:
Network security checkout equipment obtains the data message of network equipment transmission;
Described network security checkout equipment is according to described data message, generate detection messages, the ingress port information that comprises described network security checkout equipment in described detection messages, wherein, described ingress port information comprises link that described network security checkout equipment the detects inbound port sign on network security checkout equipment; Or described ingress port information comprises: the inbound port sign of the link that the link information that described network security checkout equipment information, described network security checkout equipment detect and described network security checkout equipment detect on described network security checkout equipment;
Described network security checkout equipment sends described detection messages to analytical equipment, so that described analytical equipment is located the corresponding network equipment according to described ingress port information.
2. method according to claim 1, is characterized in that, described network security checkout equipment, according to described data message, generates detection messages, comprising:
Described network security checkout equipment, according to described data message, generates the detection messages of Ethernet message format, the ingress port information that comprises described network security checkout equipment in the Ethernet message head of the detection messages of described Ethernet message format.
3. method according to claim 2, is characterized in that, described network security checkout equipment, according to described data message, generates the detection messages of Ethernet message format, comprising:
Described network security checkout equipment, according to described data message, utilizes SMAC address field, dmac address field or type of message field in described Ethernet message head, carries described ingress port information, generates described detection messages.
4. according to the method in claim 2 or 3, it is characterized in that, described network security checkout equipment is connected with described analytical equipment by switching equipment; The outbound port information that also comprises described network security checkout equipment in the Ethernet message head of the detection messages of described Ethernet message format, so that described analytical equipment is determined the forward-path of described detection messages according to described ingress port information and described outbound port information.
5. method according to claim 4, is characterized in that, described network security checkout equipment, according to described data message, generates the detection messages of Ethernet message format, also comprises:
Described network security checkout equipment, according to described data message, utilizes SMAC address field, dmac address field or type of message field in described Ethernet message head, carries described outbound port information, generates described detection messages.
6. according to the method in claim 2 or 3, it is characterized in that, the rule match information that also comprises described detection messages in the Ethernet message head of the detection messages of described Ethernet message format, so that described analytical equipment is carried out administering and maintaining of the network equipment or network security checkout equipment according to described rule match information.
7. method according to claim 4, it is characterized in that, the rule match information that also comprises described detection messages in the Ethernet message head of the detection messages of described Ethernet message format, so that described analytical equipment is carried out administering and maintaining of the network equipment or network security checkout equipment according to described rule match information.
8. method according to claim 5, it is characterized in that, the rule match information that also comprises described detection messages in the Ethernet message head of the detection messages of described Ethernet message format, so that described analytical equipment is carried out administering and maintaining of the network equipment or network security checkout equipment according to described rule match information.
9. method according to claim 6, is characterized in that, described network security checkout equipment, according to described data message, generates the detection messages of Ethernet message format, also comprises:
Described network security checkout equipment, according to described data message, utilizes SMAC address field, dmac address field or type of message field in described Ethernet message head, carries described rule match information, generates described detection messages.
10. according to the method described in claim 7 or 8, it is characterized in that, described network security checkout equipment, according to described data message, generates the detection messages of Ethernet message format, also comprises:
Described network security checkout equipment, according to described data message, utilizes SMAC address field, dmac address field or type of message field in described Ethernet message head, carries described rule match information, generates described detection messages.
11. 1 kinds of network security checkout equipments, is characterized in that, comprising:
Acquiring unit, for obtaining the data message of network equipment transmission;
Generation unit, be used for according to described data message, generate detection messages, the ingress port information that comprises described network security checkout equipment in described detection messages, wherein, described ingress port information comprises link that described network security checkout equipment the detects inbound port sign on network security checkout equipment; Or described ingress port information comprises: the inbound port sign of the link that the link information that described network security checkout equipment information, described network security checkout equipment detect and described network security checkout equipment detect on described network security checkout equipment;
Transmitting element, for sending the detection messages of described generation unit, so that described analytical equipment is located the corresponding network equipment according to described ingress port information to analytical equipment.
12. network security checkout equipments according to claim 11, is characterized in that, described generation unit specifically for
The data message obtaining according to described acquiring unit, the detection messages of generation Ethernet message format, the ingress port information that comprises described network security checkout equipment in the Ethernet message head of the detection messages of described Ethernet message format.
13. network security checkout equipments according to claim 12, is characterized in that, described generation unit specifically for
According to described data message, utilize SMAC address field, dmac address field or type of message field in described Ethernet message head, carry described ingress port information, generate described detection messages.
14. according to the network security checkout equipment described in claim 12 or 13, it is characterized in that, described network security checkout equipment is connected with described analytical equipment by switching equipment; The outbound port information that also comprises described network security checkout equipment in the Ethernet message head of the detection messages that described generation unit generates, so that described analytical equipment is determined the forward-path of described detection messages according to described ingress port information and described outbound port information.
15. network security checkout equipments according to claim 14, is characterized in that, described generation unit also for
According to described data message, utilize SMAC address field, dmac address field or type of message field in described Ethernet message head, carry described outbound port information, generate described detection messages.
16. according to the network security checkout equipment described in claim 12 or 13, it is characterized in that, the rule match information that also comprises described detection messages in the Ethernet message head of the detection messages that described generation unit generates, so that described analytical equipment is carried out administering and maintaining of the network equipment or network security checkout equipment according to described rule match information.
17. network security checkout equipments according to claim 14, it is characterized in that, the rule match information that also comprises described detection messages in the Ethernet message head of the detection messages that described generation unit generates, so that described analytical equipment is carried out administering and maintaining of the network equipment or network security checkout equipment according to described rule match information.
18. network security checkout equipments according to claim 15, it is characterized in that, the rule match information that also comprises described detection messages in the Ethernet message head of the detection messages that described generation unit generates, so that described analytical equipment is carried out administering and maintaining of the network equipment or network security checkout equipment according to described rule match information.
19. network security checkout equipments according to claim 16, is characterized in that, described generation unit also for
Described network security checkout equipment, according to described data message, utilizes SMAC address field, dmac address field or type of message field in described Ethernet message head, carries described rule match information, generates described detection messages.
20. according to the network security checkout equipment described in claim 17 or 18, it is characterized in that, described generation unit also for
Described network security checkout equipment, according to described data message, utilizes SMAC address field, dmac address field or type of message field in described Ethernet message head, carries described rule match information, generates described detection messages.
CN201110430380.9A 2011-12-20 2011-12-20 Detection method of data message and network safety detection device Active CN102523221B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110430380.9A CN102523221B (en) 2011-12-20 2011-12-20 Detection method of data message and network safety detection device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110430380.9A CN102523221B (en) 2011-12-20 2011-12-20 Detection method of data message and network safety detection device

Publications (2)

Publication Number Publication Date
CN102523221A CN102523221A (en) 2012-06-27
CN102523221B true CN102523221B (en) 2014-11-19

Family

ID=46294013

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110430380.9A Active CN102523221B (en) 2011-12-20 2011-12-20 Detection method of data message and network safety detection device

Country Status (1)

Country Link
CN (1) CN102523221B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856975B (en) * 2012-12-04 2017-10-17 中国电信股份有限公司 The detection method and system of Network analyzing equipment accuracy
CN104113443B (en) 2013-04-19 2018-10-02 南京中兴新软件有限责任公司 A kind of network device detection methods, device and cloud detection system
CN104268165B (en) * 2014-09-09 2017-12-29 华为技术有限公司 A kind of online query method and apparatus
CN106330597B (en) * 2015-07-10 2019-07-26 新华三技术有限公司 Path between VXLAN endpoint of a tunnel VTEP is up to detection method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968082A (en) * 2006-10-27 2007-05-23 华为技术有限公司 Multicast authentication method, system and application
CN101404599A (en) * 2008-11-12 2009-04-08 华为技术有限公司 Network fault detection method, primary device, slave device, control terminal and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2410522C (en) * 2000-06-30 2010-01-26 Andrea Soppera Packet data communications
US7808919B2 (en) * 2008-03-18 2010-10-05 Cisco Technology, Inc. Network monitoring using a proxy

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968082A (en) * 2006-10-27 2007-05-23 华为技术有限公司 Multicast authentication method, system and application
CN101404599A (en) * 2008-11-12 2009-04-08 华为技术有限公司 Network fault detection method, primary device, slave device, control terminal and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DDoS攻击IP追踪及攻击源定位技术研究;蔡玮珺 等;《计算机工程》;20060731;第32卷(第14期);第151-153页 *
蔡玮珺 等.DDoS攻击IP追踪及攻击源定位技术研究.《计算机工程》.2006,第32卷(第14期),第151-153页. *

Also Published As

Publication number Publication date
CN102523221A (en) 2012-06-27

Similar Documents

Publication Publication Date Title
CN108366105B (en) Cross-block-chain data access method, device, system and computer readable medium
US9843594B1 (en) Systems and methods for detecting anomalous messages in automobile networks
CN103902427B (en) A kind of method with outer acquisition disk state
JP2018045688A5 (en)
CN102870377A (en) Monitoring method and device for virtual port
CN112560078B (en) Block chain data processing method, device, equipment and medium
CN103647777A (en) Safety certificate method and bidirectional forwarding detection BFD equipment
CN102523221B (en) Detection method of data message and network safety detection device
CN104199654A (en) Open platform calling method and device
CN110324416B (en) Download path tracking method, device, server, terminal and medium
CN103138988A (en) Positioning treatment method and positioning treatment device of network faults
US8497779B1 (en) Ensuring power source redundancy
CN103347031B (en) A kind of method and apparatus taking precautions against ARP message aggression
US20190042161A1 (en) Hard Disk Operation Method and Hard Disk Manager
CN113792319B (en) File encryption method, device, storage medium and electronic equipment
CN102801686A (en) Equipment control method, main equipment, secondary equipment as well as main-secondary equipment group
CN105210043A (en) Information processing device
CN102916967A (en) Method and device for protocol resolution
WO2021133254A1 (en) Method and system for robotic process automation
US10791032B2 (en) Method and apparatus for determining a physical position of a device
CN104484260A (en) Simulation monitoring circuit based on GJB289 bus interface SoC (system on a chip)
CN103580953A (en) Method and devices for detecting faults
CN104333515A (en) Method and device for processing SWIFT messages
CN110166252B (en) Digital certificate unified authentication gateway supporting multiple authentication modes
CN106131237A (en) Communication control method and device between container

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant