CN103428295A - Method and system for monitoring P2P network application - Google Patents
Method and system for monitoring P2P network application Download PDFInfo
- Publication number
- CN103428295A CN103428295A CN2013103816587A CN201310381658A CN103428295A CN 103428295 A CN103428295 A CN 103428295A CN 2013103816587 A CN2013103816587 A CN 2013103816587A CN 201310381658 A CN201310381658 A CN 201310381658A CN 103428295 A CN103428295 A CN 103428295A
- Authority
- CN
- China
- Prior art keywords
- application
- packet
- network
- tcp
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000012544 monitoring process Methods 0.000 title abstract description 5
- 230000003542 behavioural effect Effects 0.000 claims description 26
- 230000000903 blocking effect Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
Images
Abstract
The invention provides a method and system for monitoring P2P network application. The method includes the steps of utilizing behavior characteristics to recognize P2P nodes in a P2P network in a local area network, utilizing the behavior characteristics or load characteristics to recognize network data packages of the P2P application from TCP/UDP data packages received and sent by the recognized P2P nodes, and releasing or blocking the recognized network data packages of the P2P application according to a preset strategy. By the adoption of the method and system, the P2P application in the local area network can be effectively monitored.
Description
Technical field
The present invention relates to areas of information technology, be specifically related to method for supervising and the system of peer-to-peer network application in a kind of local area network (LAN).
Background technology
At present, fast development along with network, the P2P(peer-to-peer network) application has become one of main application of the Internet, the pattern of P2P also becomes the preferred mode of many new business, the P2P technology is widely used in the fields such as file-sharing, Internet video, the networking telephone, with the characteristics of distributed resource sharing and parallel transmission, for the user provides more resource, higher available bandwidth and better service quality, simultaneously, the P2P application brings following problem:
(1) P2P application has surpassed the Web application and has taken the network bandwidth more than 50%, has caused network congestion, has affected user's experience of surfing the Net;
(2) Internet resources are seized in the P2P application, make other application in local area network (LAN) can't obtain due bandwidth, have caused critical services to be guaranteed.
Summary of the invention
The technical problem to be solved in the present invention is the P2P application of how effectively monitoring in local area network (LAN).
In order to address the above problem, the invention provides a kind of method for supervising of peer-to-peer network application, comprising:
Utilize behavioural characteristic to identify the Peer-to-Peer Network P2P node in described local area network (LAN);
TCP/UDP packet for identified P2P node transmitting-receiving, utilize behavioural characteristic or load characteristic to identify the network packet of P2P application;
According to predetermined policy, the network packet of the P2P application that clearance or blocking-up identify.
Alternatively, the described step of utilizing behavioural characteristic to identify the P2P node in described local area network (LAN) comprises:
For the one or more nodes in described local area network (LAN), in the time of statistics predetermined length, each node connects into power or broadcast packet number;
By the described node recognition that connects into power first predetermined condition or described broadcast packet number second predetermined condition, it is the P2P node.
Alternatively, the described TCP/UDP packet for identified P2P node transmitting-receiving, the step of utilizing behavioural characteristic or load characteristic to identify the network packet of P2P application comprises:
For each TCP/UDP packet of identified P2P node transmitting-receiving, record the five-tuple of this TCP/UDP packet, calculate the entropy of front 32 bytes in this TCP/UDP packet load;
When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if the loaded matching preassigned pattern of this TCP/UDP packet, the network packet that this TCP/UDP packet is the P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if in the five-tuple recorded, the ratio of IP number of addresses and port number is less than predetermined ratio threshold value, the network packet that this TCP/UDP packet is the P2P application.
Alternatively, described entropy threshold value is 0.35, and described ratio threshold value is 2.0.
Alternatively, described according to predetermined policy, the step of the network packet of the P2P application that clearance or blocking-up identify comprises:
Calculate the flow of the network packet of P2P application in described local area network (LAN), and the total flow of this local area network (LAN) gateway;
When described total flow is greater than the first flow threshold value, or the flow of the network packet of described P2P application is while being greater than the second flow threshold, the network packet of the P2P application that blocking-up identifies.
The present invention also provides a kind of supervisory control system of peer-to-peer network application, comprising:
The node recognition module, identify the P2P node of described local area network (LAN) for utilizing behavioural characteristic;
Application recognition module, for the TCP/UDP packet of the transmitting-receiving of the P2P node for identified, utilize behavioural characteristic or load characteristic to identify the network packet of P2P application;
The application controls module, for according to predetermined policy, let pass or the network packet of the P2P application that blocking-up identifies.
Alternatively, the P2P node that described node recognition module utilizes behavioural characteristic to identify in described local area network (LAN) refers to:
Described node recognition module is for the one or more nodes in described local area network (LAN), and in the time of statistics predetermined length, each node connects into power or broadcast packet number; By the described node recognition that connects into power first predetermined condition or described broadcast packet number second predetermined condition, it is the P2P node.
Alternatively, described application recognition module is for the TCP/UDP packet of identified P2P node transmitting-receiving, and the network packet of utilizing behavioural characteristic or load characteristic to identify the P2P application refers to:
Described application recognition module, for each TCP/UDP packet of identified P2P node transmitting-receiving, records the five-tuple of this TCP/UDP packet, calculates the entropy of front 32 bytes in this TCP/UDP packet load; When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if the loaded matching preassigned pattern of this TCP/UDP packet, the network packet that this TCP/UDP packet is the P2P application; When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if in the five-tuple recorded, the ratio of IP number of addresses and port number is less than predetermined ratio threshold value, the network packet that this TCP/UDP packet is the P2P application.
Alternatively, described entropy threshold value is 0.35, and described ratio threshold value is 2.0.
Alternatively, described application controls module is according to predetermined policy, and the network packet of the P2P application that clearance or blocking-up identify refers to:
Described application controls module is calculated the flow of the network packet of P2P application in described local area network (LAN), and the total flow of this local area network (LAN) gateway; When described total flow is greater than the first flow threshold value, or the flow of the network packet of described P2P application is while being greater than the second flow threshold, the network packet of the P2P application that blocking-up identifies.
Technical scheme of the present invention can solve P2P and seize the problem that Internet resources cause network blockage, affect other network application, makes user's obtaining information efficiently, improves user's experience of surfing the Net.
The accompanying drawing explanation
Fig. 1 is the schematic flow sheet of method for supervising of the P2P application of embodiment mono-;
Fig. 2 is the flow chart of P2P node recognition in the example of embodiment mono-;
Fig. 3 be in the example of embodiment mono-in the flow chart of P2P application identification;
Fig. 4 be in the example of embodiment mono-in the flow chart of P2P application controls;
Fig. 5 is the configuration diagram of supervisory control system of the P2P application of embodiment bis-;
Fig. 6 is the networking schematic diagram of supervisory control system of the P2P application of embodiment bis-;
Fig. 7 is the main flow chart of the supervisory control system of P2P application in the example of embodiment bis-.
Embodiment
Below in conjunction with drawings and Examples, technical scheme of the present invention is described in detail.
It should be noted that, if do not conflict, each feature in the embodiment of the present invention and embodiment can mutually combine, all within protection scope of the present invention.In addition, although there is shown logical order in flow process, in some cases, can carry out step shown or that describe with the order be different from herein.
The method for supervising of embodiment mono-, a kind of P2P application as shown in Figure 1, comprising:
S101, utilize behavioural characteristic to identify the P2P node in described local area network (LAN);
S102, the TCP(transmission control protocol of receiving and dispatching for identified P2P node)/the UDP(User Datagram Protoco (UDP)) packet, utilize behavioural characteristic or load characteristic to identify the network packet of P2P application;
S103, according to predetermined policy, let pass or the network packet of the P2P application that blocking-up identifies.
The present embodiment is identified local area network (LAN) P2P node by behavioural characteristic, flow by behavioural characteristic or load characteristic identification P2P application, thereby further control the P2P application, the present embodiment can be managed the P2P application in local area network (LAN) effectively, the network bandwidth can be accessed rationally and take.
In an embodiment of the present embodiment, described step S104 specifically can comprise:
For the one or more nodes in described local area network (LAN), in the time of statistics predetermined length, each node connects into power or broadcast packet number;
By the described node recognition that connects into power first predetermined condition or described broadcast packet number second predetermined condition, it is the P2P node.
In present embodiment, that can after receiving monitored instruction, add up each node in time of predetermined length connects into power or broadcast packet number, also can be periodically or constantly record in the recent period each node connect into power or broadcast packet number.Can periodically identify the P2P node, also can be identified after receiving monitored instruction.
In present embodiment, can shake hands by SYN(in described network packet) message or ACK(confirm) number of message calculates the described power that connects into.In a kind of alternative of present embodiment, first predetermined condition refers to that connecting into power is less than 0.8; Also this first predetermined condition can be set separately in other alternative.
In present embodiment, can be by the ICMP(Internet Internet Control Message Protocol) bag number and TTL(life span) comparison value calculate described broadcast packet number.In a kind of alternative of present embodiment, second predetermined condition refers to that it is 1 that the broadcast packet number is greater than 5 and adjacent broadcast packet TTL difference; Also this second predetermined condition can be set separately in other alternative.
An object lesson of this execution mode as shown in Figure 2, is periodically to identify the P2P node in this example, comprises the following steps 201~208.
Step 201: whenever intercepting the network packet of transmitting between a local area network (LAN) and the Internet, resolve this network packet and determine whether SYN or ACK message, if it is perform step 202; If not determining whether the ICMP bag, if it is perform step 205, if not returning to step 201.
Step 202: the number of respective nodes in local area network (LAN) being received/sent out to SYN and ACK message adds one.
Step 203: obtain the current time, and start the difference of the time of statistics in calculating and this recognition cycle, judge whether to arrive recognition cycle, if arrive, perform step 204; If do not arrive and return to step 201.
Step 204: calculating the power that connects into of each node in local area network (LAN), whether be P2P node, perform step 208 if identifying respectively each node.
Step 205: the number of respective nodes in local area network (LAN) being received/sent out to ICMP bag adds one, judges whether ttl value (life span) was preserved, if not preserve this ttl value.
Step 206: obtain the current time, and start the difference of the time of statistics in calculating and this recognition cycle, judge whether recognition cycle, if arrive, perform step 204, if arrive and return to step 201.
Step 207: calculating ICMP bag number and the TTL comparison value of each node in local area network (LAN), whether be P2P node, perform step 208 if identifying respectively each node.
Step 208: IP address and the port of the P2P node that identifies are stored in the P2P node table; Described P2P informational table of nodes can comprise table name, IP address, port and creation-time field etc.Finish the identification of this recognition cycle, by the statistical value zero clearing.
In an embodiment of the present embodiment, described step S102 specifically can comprise:
For each TCP/UDP packet of identified P2P node transmitting-receiving, record the five-tuple of this TCP/UDP packet, calculate the entropy of front 32 bytes in this TCP/UDP packet load;
When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if the loaded matching preassigned pattern of this TCP/UDP packet, the network packet that this TCP/UDP packet is the P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if in the five-tuple recorded, the ratio of IP number of addresses and port number is less than predetermined ratio threshold value, the network packet that this TCP/UDP packet is the P2P application.
In a kind of alternative of the present embodiment, it is 0.35 that described entropy threshold value can be, but not limited to, and it is 2.0 that described ratio threshold value can be, but not limited to; Described entropy threshold value and described ratio threshold value also can be set in other alternative separately; Described preassigned pattern can be set to one or more common patterns of P2P application load according to statistical conditions or experience.
As shown in Figure 3, the identification that P2P is applied comprises the following steps 301~306 to an object lesson of this execution mode.
Step 301: for the P2P node identified, whenever intercepting the network packet of transmitting between a local area network (LAN) and the Internet, resolve this network packet, and store the five-tuple (source IP address, purpose IP address, source port, destination interface, agreement) of this network packet, judge whether this network packet comprises the TCP/UDP bag, if comprise perform step 302, if do not comprise finish.
Step 302: the source IP address of this network packet and source port, purpose IP address and destination interface are stored in P2P link information table; Described P2P link information table can comprise table name, source IP address, purpose IP address, source port, destination interface and creation-time field etc.
Step 303: the entropy that calculates front 32 bytes of this network data payload package; Judge whether this entropy is greater than the entropy threshold value, if be greater than perform step 304, if be less than perform step 305; If equal can be set to perform step any in 304,305.
Step 304: the ratio that calculates IP number of addresses and port number; If ratio is less than the ratio threshold value carry out step 306; If be not less than the ratio threshold value finish.
Step 305: the load to this network packet is carried out pattern matching, if the match is successful carry out step 306, if mate unsuccessful finish.
Step 306: this network packet is identified as to the network packet of P2P application, finishes.
In an embodiment of the present embodiment, described step S103 specifically can comprise:
Calculate the flow of the network packet of P2P application in described local area network (LAN), and the total flow of this local area network (LAN) gateway;
When described total flow is greater than the first flow threshold value, or the flow of the network packet of described P2P application is while being greater than the second flow threshold, the network packet of the P2P application that blocking-up identifies.
In a kind of alternative of present embodiment, described first flow threshold value can be, but not limited to can be, but not limited to as 80% of described total flow into 80%, the second flow threshold of described local area network (LAN) gateway total bandwidth.Also described first, second flow threshold can be set as required separately in other alternative.
As shown in Figure 4, the control of the network packet that P2P is applied comprises the following steps 401~404 to an object lesson of this execution mode.
Step 401: when network packet is identified as the network packet of P2P application, carry out step 402;
Step 402: the flow (hereinafter being called for short the P2P flow) of adding up total flow and the network packet that P2P applies of described local area network (LAN) gateway;
Step 403: if total flow and P2P flow all are less than corresponding threshold value, this network packet of letting pass.
Step 404: if in total flow and P2P flow, at least one is greater than corresponding threshold value, block this network packet.
The supervisory control system of embodiment bis-, a kind of P2P application as shown in Figure 5, comprising:
The node recognition module, identify the P2P node of described local area network (LAN) for utilizing behavioural characteristic;
Application recognition module, for the TCP/UDP packet of the transmitting-receiving of the P2P node for identified, utilize behavioural characteristic or load characteristic to identify the network packet of P2P application;
The application controls module, for according to predetermined policy, let pass or the network packet of the P2P application that blocking-up identifies.
In an embodiment of the present embodiment, described supervisory control system can also comprise:
Memory module, comprise an information bank, for storing P2P informational table of nodes and P2P link information table; The P2P informational table of nodes comprises table name, IP address, port and creation-time field; P2P link information table comprises table name, source IP address, purpose IP address, source port, destination interface and creation-time field.
Administration module, for the monitoring strategies of managing P2P application and be saved in information bank; Can be used for arranging each threshold value etc.;
Communication module, for tackling the network packet of transmitting between local area network (LAN) and the Internet, and, when described P2P application controls module clearance network packet, forward this network packet.
In an embodiment of the present embodiment, the P2P node that described node recognition module utilizes behavioural characteristic to identify in described local area network (LAN) specifically can refer to:
Described node recognition module is for the one or more nodes in described local area network (LAN), and in the time of statistics predetermined length, each node connects into power or broadcast packet number; By the described node recognition that connects into power first predetermined condition or described broadcast packet number second predetermined condition, it is the P2P node.
In present embodiment, can shake hands by SYN(in described network packet) message or ACK(confirm) number of message calculates the described power that connects into.In a kind of alternative of present embodiment, first predetermined condition refers to that connecting into power is less than 0.8; Also this first predetermined condition can be set separately in other alternative.
In present embodiment, can be by the ICMP(Internet Internet Control Message Protocol) bag number and TTL(life span) comparison value calculate described broadcast packet number.In a kind of alternative of present embodiment, second predetermined condition refers to that it is 1 that the broadcast packet number is greater than 5 and adjacent broadcast packet TTL difference; Also this second predetermined condition can be set separately in other alternative.
In an embodiment of the present embodiment, described application recognition module is for the TCP/UDP packet of identified P2P node transmitting-receiving, and the network packet of utilizing behavioural characteristic or load characteristic to identify the P2P application specifically can refer to:
Described application recognition module, for each TCP/UDP packet of identified P2P node transmitting-receiving, records the five-tuple of this TCP/UDP packet, calculates the entropy of front 32 bytes in this TCP/UDP packet load; When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if the loaded matching preassigned pattern of this TCP/UDP packet, the network packet that this TCP/UDP packet is the P2P application; When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if in the five-tuple recorded, the ratio of IP number of addresses and port number is less than predetermined ratio threshold value, the network packet that this TCP/UDP packet is the P2P application.
In a kind of alternative of the present embodiment, it is 0.35 that described entropy threshold value can be, but not limited to, and it is 2.0 that described ratio threshold value can be, but not limited to; Described entropy threshold value and described ratio threshold value also can be set in other alternative separately; Described preassigned pattern can be set to one or more common patterns of P2P application load according to statistical conditions or experience.
In an embodiment of the present embodiment, described application controls module is according to predetermined policy, and the network packet of the P2P application that clearance or blocking-up identify specifically can refer to:
Described application controls module is calculated the flow of the network packet of P2P application in described local area network (LAN), and the total flow of this local area network (LAN) gateway; When described total flow is greater than the first flow threshold value, or the flow of the network packet of described P2P application is while being greater than the second flow threshold, the network packet of the P2P application that blocking-up identifies.
In a kind of alternative of present embodiment, described first flow threshold value can be, but not limited to can be, but not limited to as 80% of described total flow into 80%, the second flow threshold of described local area network (LAN) gateway total bandwidth.Also described first, second flow threshold can be set as required separately in other alternative.
Figure 6 shows that the networking schematic diagram of the supervisory control system of the present embodiment.
Described local area network (LAN) comprises the network equipment, Network Security Device, main frame and terminal etc.; Wherein the network equipment can comprise router and switch etc.; Network Security Device can comprise fire compartment wall, VPN, Network anti-virus system and intruding detection system etc.; Main frame can comprise Web server, mail server and file server etc.; Terminal can comprise subscriber computer and self-aided terminal etc.
The Internet(the Internet), can comprise router, for transmitting and routing network traffic.
Described supervisory control system be connected to described the Internet and the local area network (LAN) that will monitor between, can intercept the network packet of transmitting between local area network (LAN) and the Internet.
As shown in Figure 7, the workflow of described supervisory control system comprises the following steps 601~607 to an object lesson of the present embodiment.
Step 601: carry out initialization, P2P application monitoring strategies is set in administration module and is stored in the information bank of memory module.
Step 602: receive the P2P packet in communication module.
Step 603: utilize behavioural characteristic identification local area network (LAN) P2P node in the node recognition module.
Step 604: the network packet of utilizing behavioural characteristic or load characteristic identification P2P application in application recognition module; So the network packet to the P2P application, perform step 605.
Step 605: in the application controls module, decision-making blocking-up or clearance P2P packet.
Step 606: correspondingly blocked or let pass.
Step 607: for the action of letting pass, communication module forwards the network packet of P2P application.
One of ordinary skill in the art will appreciate that all or part of step in said method can come the instruction related hardware to complete by program, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Certainly; the present invention also can have other various embodiments; in the situation that do not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of claim of the present invention.
Claims (10)
1. the method for supervising of peer-to-peer network application comprises:
Utilize behavioural characteristic to identify the Peer-to-Peer Network P2P node in described local area network (LAN);
TCP/UDP packet for identified P2P node transmitting-receiving, utilize behavioural characteristic or load characteristic to identify the network packet of P2P application;
According to predetermined policy, the network packet of the P2P application that clearance or blocking-up identify.
2. the method for claim 1, is characterized in that, the described step of utilizing behavioural characteristic to identify the P2P node in described local area network (LAN) comprises:
For the one or more nodes in described local area network (LAN), in the time of statistics predetermined length, each node connects into power or broadcast packet number;
By the described node recognition that connects into power first predetermined condition or described broadcast packet number second predetermined condition, it is the P2P node.
3. the method for claim 1, is characterized in that, the described TCP/UDP packet for identified P2P node transmitting-receiving, and the step of utilizing behavioural characteristic or load characteristic to identify the network packet of P2P application comprises:
For each TCP/UDP packet of identified P2P node transmitting-receiving, record the five-tuple of this TCP/UDP packet, calculate the entropy of front 32 bytes in this TCP/UDP packet load;
When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if the loaded matching preassigned pattern of this TCP/UDP packet, the network packet that this TCP/UDP packet is the P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if in the five-tuple recorded, the ratio of IP number of addresses and port number is less than predetermined ratio threshold value, the network packet that this TCP/UDP packet is the P2P application.
4. method as claimed in claim 3 is characterized in that:
Described entropy threshold value is 0.35, and described ratio threshold value is 2.0.
5. the method for claim 1, is characterized in that, described according to predetermined policy, and the step of the network packet of the P2P application that clearance or blocking-up identify comprises:
Calculate the flow of the network packet of P2P application in described local area network (LAN), and the total flow of this local area network (LAN) gateway;
When described total flow is greater than the first flow threshold value, or the flow of the network packet of described P2P application is while being greater than the second flow threshold, the network packet of the P2P application that blocking-up identifies.
6. the supervisory control system of a peer-to-peer network application, is characterized in that, comprising:
The node recognition module, identify the P2P node of described local area network (LAN) for utilizing behavioural characteristic;
Application recognition module, for the TCP/UDP packet of the transmitting-receiving of the P2P node for identified, utilize behavioural characteristic or load characteristic to identify the network packet of P2P application;
The application controls module, for according to predetermined policy, let pass or the network packet of the P2P application that blocking-up identifies.
7. system as claimed in claim 6, is characterized in that, the P2P node that described node recognition module utilizes behavioural characteristic to identify in described local area network (LAN) refers to:
Described node recognition module is for the one or more nodes in described local area network (LAN), and in the time of statistics predetermined length, each node connects into power or broadcast packet number; By the described node recognition that connects into power first predetermined condition or described broadcast packet number second predetermined condition, it is the P2P node.
8. system as claimed in claim 6, is characterized in that, described application recognition module is for the TCP/UDP packet of identified P2P node transmitting-receiving, and the network packet of utilizing behavioural characteristic or load characteristic to identify the P2P application refers to:
Described application recognition module, for each TCP/UDP packet of identified P2P node transmitting-receiving, records the five-tuple of this TCP/UDP packet, calculates the entropy of front 32 bytes in this TCP/UDP packet load; When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if the loaded matching preassigned pattern of this TCP/UDP packet, the network packet that this TCP/UDP packet is the P2P application; When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if in the five-tuple recorded, the ratio of IP number of addresses and port number is less than predetermined ratio threshold value, the network packet that this TCP/UDP packet is the P2P application.
9. system as claimed in claim 8 is characterized in that:
Described entropy threshold value is 0.35, and described ratio threshold value is 2.0.
10. system as claimed in claim 6, is characterized in that, described application controls module is according to predetermined policy, and the network packet of the P2P application that clearance or blocking-up identify refers to:
Described application controls module is calculated the flow of the network packet of P2P application in described local area network (LAN), and the total flow of this local area network (LAN) gateway; When described total flow is greater than the first flow threshold value, or the flow of the network packet of described P2P application is while being greater than the second flow threshold, the network packet of the P2P application that blocking-up identifies.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310381658.7A CN103428295B (en) | 2013-08-28 | 2013-08-28 | A kind of monitoring method and system of peer-to-peer network application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310381658.7A CN103428295B (en) | 2013-08-28 | 2013-08-28 | A kind of monitoring method and system of peer-to-peer network application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428295A true CN103428295A (en) | 2013-12-04 |
| CN103428295B CN103428295B (en) | 2016-08-10 |
Family
ID=49652459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310381658.7A Active CN103428295B (en) | 2013-08-28 | 2013-08-28 | A kind of monitoring method and system of peer-to-peer network application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103428295B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219165A (en) * | 2014-09-25 | 2014-12-17 | 中国人民解放军信息工程大学 | Business bandwidth control method and apparatus |
| CN106006271A (en) * | 2016-07-18 | 2016-10-12 | 湖北天禾立方智能科技发展有限公司 | Single chip microcomputer driving MODEM internet-surfing transmission method and related intelligent elevator remote monitoring system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050030892A1 (en) * | 2003-06-23 | 2005-02-10 | Hagen David A. | System for providing network load distribution |
| CN101902365A (en) * | 2009-05-26 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method for monitoring P2P traffic of wide area network and system thereof |
| CN102387045A (en) * | 2011-09-30 | 2012-03-21 | 北京信息科技大学 | Embedded point to point (P2P) flow monitoring system and method thereof |
-
2013
- 2013-08-28 CN CN201310381658.7A patent/CN103428295B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050030892A1 (en) * | 2003-06-23 | 2005-02-10 | Hagen David A. | System for providing network load distribution |
| CN101902365A (en) * | 2009-05-26 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method for monitoring P2P traffic of wide area network and system thereof |
| CN102387045A (en) * | 2011-09-30 | 2012-03-21 | 北京信息科技大学 | Embedded point to point (P2P) flow monitoring system and method thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219165A (en) * | 2014-09-25 | 2014-12-17 | 中国人民解放军信息工程大学 | Business bandwidth control method and apparatus |
| CN106006271A (en) * | 2016-07-18 | 2016-10-12 | 湖北天禾立方智能科技发展有限公司 | Single chip microcomputer driving MODEM internet-surfing transmission method and related intelligent elevator remote monitoring system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103428295B (en) | 2016-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9276852B2 (en) | Communication system, forwarding node, received packet process method, and program | |
| US10148573B2 (en) | Packet processing method, node, and system | |
| CN105580317B (en) | Methods, systems, and computer readable media for DIAMETER load and overload information and virtualization | |
| JP5382451B2 (en) | Front-end system, front-end processing method | |
| US9438496B2 (en) | Monitoring link quality between network devices | |
| CN113132342B (en) | Method, network device, tunnel entry point device, and storage medium | |
| US9722926B2 (en) | Method and system of large flow control in communication networks | |
| US20070055789A1 (en) | Method and apparatus for managing routing of data elements | |
| WO2010132061A1 (en) | A method and apparatus for policy enforcement using a tag | |
| US9258213B2 (en) | Detecting and mitigating forwarding loops in stateful network devices | |
| WO2018197924A1 (en) | Method and system to detect virtual network function (vnf) congestion | |
| CN103281257A (en) | Method and device for processing protocol message | |
| CN111314236A (en) | Message forwarding method and device | |
| Bedi et al. | Mitigating congestion based DoS attacks with an enhanced AQM technique | |
| JP2008048131A (en) | P2p traffic monitoring and control system, and method therefor | |
| Beitollahi et al. | A cooperative mechanism to defense against distributed denial of service attacks | |
| JP5178573B2 (en) | Communication system and communication method | |
| CN103428295B (en) | A kind of monitoring method and system of peer-to-peer network application | |
| Bala et al. | Quality based Bottom-up-Detection and Prevention Techniques for DDOS in MANET | |
| Kokku et al. | A multipath background network architecture | |
| US11838197B2 (en) | Methods and system for securing a SDN controller from denial of service attack | |
| JP2006135776A (en) | Device and method for session relay | |
| US10230663B2 (en) | Technique for processing a data stream between a server and a client entity | |
| Khin et al. | Reducing Packet-In Messages in OpenFlow Networks | |
| Quang et al. | Delay-insensitive traffic detection and transfer on network edges |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100094 No. 4, building 8, No. 305, West flourishing road, Haidian District, Beijing Applicant after: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. Address before: 102208, room 530, amber world, No. 85, West Street, Changping District, Beijing, Huilongguan Applicant before: BEIJING YONGXIN ZHICHENG TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Chen Jun Inventor after: Cai Jingjing Inventor after: Zhang Xuefeng Inventor after: Zheng Hao Inventor after: Fu Lei Inventor before: Chen Jun |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221122 Address after: 100094 103, building 6, yard 9, FengHao East Road, Haidian District, Beijing Patentee after: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. Patentee after: Beijing Wuyi Jiayu Technology Co.,Ltd. Address before: No. 305, Building 4, Yard 8, Dongbei Wangxi Road, Haidian District, Beijing 100094 Patentee before: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100094 103, building 6, yard 9, FengHao East Road, Haidian District, Beijing Patentee after: Yongxin Zhicheng Technology Group Co.,Ltd. Patentee after: Beijing Wuyi Jiayu Technology Co.,Ltd. Address before: 100094 103, building 6, yard 9, FengHao East Road, Haidian District, Beijing Patentee before: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. Patentee before: Beijing Wuyi Jiayu Technology Co.,Ltd. |