CN103532789B - Inter-network transparent transmission detecting system - Google Patents
Inter-network transparent transmission detecting system Download PDFInfo
- Publication number
- CN103532789B CN103532789B CN201310511456.XA CN201310511456A CN103532789B CN 103532789 B CN103532789 B CN 103532789B CN 201310511456 A CN201310511456 A CN 201310511456A CN 103532789 B CN103532789 B CN 103532789B
- Authority
- CN
- China
- Prior art keywords
- detection
- inter
- transparent transmission
- server
- described detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides an inter-network transparent transmission detecting system which comprises detection probe ends interconnected on the internet, a probe configuration management server and an application analysis server. The detection probe ends are used for executing detection programs and sending detection data; the probe configuration management server is used for verifying the detection probe ends, controlling execution of the detection programs; the application analysis server is used for receiving and analyzing the detection data; and when an interconnection and interworking gateway is not included in routing information of the detection data, and a source IP address in a data packet sent by the detection probe ends is the home network address, then the detection probe ends are determined to send the detection data through the inter-network transparent transmission mode. The inter-network transparent transmission detecting system facilitates maintenance of the security and stability of network operation.
Description
Technical field
The invention belongs to internet communication technical field, particularly to a kind of system that inter-network transparent transmission behavior is judged.
Background technology
There are a lot of telecom operators internet at present, and the network access between different operators needs by default mutual
Join intercommunication to complete, and settled accounts according to agreement.Except being settled accounts, it is easy to operator through the mutual access of this specification
Carry out the network managements such as flow, with the smooth of Logistics networks and stably.As Fig. 4.
In recent years, occur in that a kind of inter-network transparent transmission behavior, acquire the network special line account of operator D in some way
DA, is used as network switch point by DA and carries out network operation, bypassed the money interconnecting and directly having had access to operator D
Source.This behavior one side brings loss economically to operator D, on the other hand also gives the operation maintenance band of operator D
Carried out adverse effect, to the smooth of network with stably cause potential threat.As Fig. 5
Content of the invention
In order to find inter-network transparent transmission behavior in time, the invention provides a kind of inter-network transparent transmission detecting system.
Technical scheme is as follows:
Inter-network transparent transmission detecting system, including on network interconnection detection probe end, probe configuration management server and should
Use Analysis server;
Described detection probe end is used for:Perform detection program, sends detection data;
Described probe configuration management server is used for:Described detection probe end carried out verify, control the described detection of execution
Program;
Described applied analysis server is used for:Receive and analyze described detection data, when the route letter of described detection data
Not comprising the source IP address in interconnection gateway, and the packet being sent at described detection probe end in breath is this entoilage
Location, then judge that this detection probe end sends described detection data by inter-network transparent transmission mode.
Described inter-network transparent transmission detecting system includes detecting auxiliary server;The auxiliary server of described detection is used for:Receive described inspection
Survey the described detection data that sound end sends, and described detection data is sent to described applied analysis server.
Described inter-network transparent transmission detecting system includes registering upgrade server, for described detection probe end, described probe
Configuration management server and/or the auxiliary server of described detection are upgraded.
Described probe configuration management server is used for receiving described detection data, and described detection data is sent to described
Applied analysis server.
Described probe configuration management server is used for detecting duration, that is, detect described probe configuration management server with described
Whether the session at detection probe end terminated within the predetermined cycle.
Described probe configuration management server is used for determining the detection frequency to detection probe end, and communicates this information to
Described detection probe end.
Described probe configuration management server is used for preserving the detection daily record that described detection probe end generates.
The technique effect of the present invention:
By being arranged on rete mirabile(Other for example relative with the Home Network that this operator is located networks)On detection probe end
Send detection data, applied analysis server is analyzed to detection data.If do not had in the routing iinformation of described detection data
Have including default interconnection gateway, and in the packet that sent of this detection probe end, source IP address belongs to this operator
(I.e. Home Network, a side of the inter-network transparent transmission detecting system of the setting present invention)The IP address of management, then it may be concluded that this detection
The detection data that sound end is sent is transmitted by inter-network transparent transmission mode, that is, there is this behavior of inter-network transparent transmission.By this
The setting of invention inter-network transparent transmission detecting system, it can be found that the presence of inter-network transparent transmission behavior, is easy to network is carried out safer to have
The management of effect.
Brief description
Fig. 1 is an example of inter-network transparent transmission detecting system of the present invention.
Fig. 2 is another example of inter-network transparent transmission detecting system of the present invention.
The flow chart that Fig. 3 is analyzed to detection data for applied analysis server.
Fig. 4 is the network environment schematic diagram carrying out data exchange by interconnecting.
Fig. 5 is to pass through the network environment schematic diagram carrying out data exchange by rete mirabile.
Specific embodiment
Below in conjunction with accompanying drawing, technical scheme is described in detail.
Fig. 1 shows an example of inter-network transparent transmission detecting system of the present invention, including the detection communicating with one another on network
Sound end, probe configuration management server and applied analysis server.Wherein, examinations sound end is arranged on needs detection
In network range, typically it is provided in rete mirabile(Other for example relative with the Home Network that this operator is located networks), by interconnection
Net is connected with probe configuration management server and applied analysis server.Detection probe end is controlled by probe configuration management server
Execution is corresponding to detect program, concurrently send detection data, described detection data is the packet of self-defined privately owned form, this data
The encapsulation test position network information, associated person information etc..Probe configuration management server enters line pipe to described detection probe end
Reason and monitoring, such as authentication, Detection task distribution etc., also undertakes the described detection data of reception, and by described detection data
It is transferred to the function of applied analysis server.Applied analysis server Main Function is to receive the inspection that described detection probe end sends
Survey data and be analyzed, to judge whether detection probe end is to send described detection data by inter-network transparent transmission mode.Detection
Sound end can arrange multiple.
Fig. 2 shows another example of inter-network transparent transmission detecting system of the present invention.Compared with example shown in Fig. 1, its structure
More more complicated, mainly it is the increase in the auxiliary server of detection and registration upgrade server.Certainly, the auxiliary server of described detection and institute
State registration upgrade server to be also attached in the network shown in Fig. 1, can join with described detection probe end and other servers
Logical.
The Main Function detecting auxiliary server is to receive the described detection data that described detection probe end sends, and will be described
Detection data sends described applied analysis server to.Detect that auxiliary server can be arranged multiple, to tackle multiple detection probes
End transmission detection data operation.
Registration upgrade server Main Function be to described detection probe end, described probe configuration management server and/
Or described detection auxiliary server upgraded.
Below by way of to inter-network transparent transmission detecting system of the present invention(Example shown in Fig. 2)The course of work description, further
Describe technical scheme in detail.
It is possible to start detection process after the completion of network structure carries out system assembling as shown in Figure 2.
(1)Certification request is initiated to probe configuration management server in detection probe end, by self-contained No. ID(No. ID with
Detection probe software is issued together, and different detection probe ID is by difference))Send to probe configuration management server, probe is joined
Put management server and will check whether this ID is legal, such as legal, then respond to detection probe end, notify detection probe end " to pass through
The message of certification ";Otherwise, authentification failure notify detection probe end.
(2)After the certification of detection probe end is passed through, probe configuration management server will set up normal conversation with detection probe end,
Task configuration is carried out to detection probe end.When probe configuration management server will configure detection frequency, detection to detection probe end
Network application type that is long, specifying simulation, such as Http accesses, ftp downloads etc..
(3)The auxiliary list of server addresses of detection is also sent to each detection probe end by probe configuration management server, detection
The network information detecting is also sent to detect auxiliary server by sound end simultaneously.
(4)After detection probe end gets the Detection task that probe configuration management server distributes, proceed by detection and obtain
Obtain detection data, and notify probe configuration management server simultaneously.Described detection data includes detection probe end place network
Route data and outer net IP address.Detection daily record is sent to probe configuration management server by detection probe end, by probe configuration
Management server preserves.
(5)Probe configuration management server will record detection probe end detection time started, detection physical end time.Visit
Pin configuration management server will preset an acquiescence session cycle, and above-mentioned detection probe end detection time started, detection are real
Border end time interval is more than the described acquiescence session cycle, or is not received by the described notice examining physical end, then be considered as " inspection
Survey abnormal interrupt ".
(6)Detection probe end Detection task will upload to probe configuration management server the detection data obtaining after terminating
With detect auxiliary server, configuration management server and detect auxiliary server by the data prediction receiving and be uploaded to application point
Analysis server.
(7)Applied analysis server is analyzed after receiving detection data, and specific flow process is as shown in Figure 3.First, should
Read the message data in detection data with Analysis server, check whether it includes normal Interworking gateway node(Application point
Analysis server will have the gateway address table interconnecting in advance)If including normal Interworking gateway node, drawing knot
By:This detection probe end sends described detection data not over inter-network transparent transmission mode.Terminate analysis.
If not including normal Interworking gateway node in the route data of detection data, subsequently being judged, that is, being judged
Whether the source IP address in the sent packet in detection probe end is this net address, if this source IP address is not this net address,
Then reach a conclusion:This detection probe end sends described detection data not over inter-network transparent transmission mode.Terminate analysis.If detection
Source IP address in the sent packet of sound end is this net address, then reach a conclusion:Inter-network transparent transmission is passed through at this detection probe end
Mode sends described detection data.Terminate analysis.
Applied analysis server complete analysis after formed analysis report, including source IP address, transparent transmission operator name,
The information such as transparent transmission path.
Registration upgrade server is used for described detection probe end, described probe configuration management server and/or described inspection
Survey auxiliary server to be upgraded, its process all same.Taking the upgrade request at detection probe end as a example explanation registration upgrading clothes below
The course of work of business device.
Detection probe end sends request to registration upgrade server, asks for latest version information.Registration upgrade server to
Latest version information is fed back at this detection probe end.Detection probe end judges whether to upgrade according to latest version information.If
Need to upgrade, detection probe end continues to send upgrade request to registration upgrade server.Registration upgrade server is visited to this detection
Pin end sends upgrade command, and this detection probe end starts software release upgrade.
It should be noted that the foregoing is only presently preferred embodiments of the present invention, not thereby limit the patent of the present invention
Protection domain, the present invention can also be replaced using equivalent technologies.Therefore the specification of all utilization present invention and diagramatic content institute
The equivalence changes made, or directly or indirectly apply to other correlative technology fields and be all contained in the model that the present invention is covered in the same manner
In enclosing.
Claims (8)
1. inter-network transparent transmission detecting system it is characterised in that:Including the detection probe end of interconnection on network, probe configuration management clothes
Business device and applied analysis server;
Described detection probe end is used for:Perform detection program, sends detection data;
Described probe configuration management server is used for:Described detection probe end carried out verify, control the described detection program of execution;
Described applied analysis server is used for:Receive and analyze described detection data, when in the routing iinformation of described detection data
The source IP address not comprised in interconnection gateway, and the sent packet in described detection probe end is this net address, then sentence
This detection probe end disconnected sends described detection data by inter-network transparent transmission mode;
Described detection probe end is provided in the detection probe end on rete mirabile.
2. according to claim 1 inter-network transparent transmission detecting system it is characterised in that:Including the auxiliary server of detection;
The auxiliary server of described detection is used for:Receive the described detection data that described detection probe end sends, and by described detection number
According to sending described applied analysis server to.
3. according to claim 1 inter-network transparent transmission detecting system it is characterised in that:Including registration upgrade server, for right
Described detection probe end and/or described probe configuration management server are upgraded.
4. according to claim 2 inter-network transparent transmission detecting system it is characterised in that:Including registration upgrade server, for right
The auxiliary server of described detection is upgraded.
5. according to claim 3 inter-network transparent transmission detecting system it is characterised in that:Described probe configuration management server is used for
Receive described detection data, and described detection data is sent to described applied analysis server.
6. according to claim 3 inter-network transparent transmission detecting system it is characterised in that:Described probe configuration management server is used for
Whether detection duration, that is, detect described probe configuration management server and the session at described detection probe end within the predetermined cycle
Terminate.
7. according to claim 3 inter-network transparent transmission detecting system it is characterised in that:Described probe configuration management server is used for
Determine the detection frequency to detection probe end, and communicate this information to described detection probe end.
8. according to claim 3 inter-network transparent transmission detecting system it is characterised in that:Described probe configuration management server is used for
Preserve the detection daily record that described detection probe end generates.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310511456.XA CN103532789B (en) | 2013-10-25 | 2013-10-25 | Inter-network transparent transmission detecting system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310511456.XA CN103532789B (en) | 2013-10-25 | 2013-10-25 | Inter-network transparent transmission detecting system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103532789A CN103532789A (en) | 2014-01-22 |
CN103532789B true CN103532789B (en) | 2017-02-15 |
Family
ID=49934488
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310511456.XA Active CN103532789B (en) | 2013-10-25 | 2013-10-25 | Inter-network transparent transmission detecting system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103532789B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106059854B (en) * | 2016-05-30 | 2019-05-07 | 南京优速网络科技有限公司 | Rete mirabile flow breakthrough detection method and system |
CN114666072B (en) * | 2020-12-04 | 2023-06-02 | 中国联合网络通信集团有限公司 | Illegal switching point detection method, server, platform, system and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102469078A (en) * | 2010-11-08 | 2012-05-23 | 中国移动通信集团公司 | Method, system and device for accessing campus network to external network |
CN102833167A (en) * | 2012-08-28 | 2012-12-19 | 瑞斯康达科技发展股份有限公司 | Method and data for transmitting data between local area networks |
CN103036733A (en) * | 2011-10-09 | 2013-04-10 | 上海城际互通通信有限公司 | Unconventional network access behavior monitoring system and monitoring method |
-
2013
- 2013-10-25 CN CN201310511456.XA patent/CN103532789B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102469078A (en) * | 2010-11-08 | 2012-05-23 | 中国移动通信集团公司 | Method, system and device for accessing campus network to external network |
CN103036733A (en) * | 2011-10-09 | 2013-04-10 | 上海城际互通通信有限公司 | Unconventional network access behavior monitoring system and monitoring method |
CN102833167A (en) * | 2012-08-28 | 2012-12-19 | 瑞斯康达科技发展股份有限公司 | Method and data for transmitting data between local area networks |
Also Published As
Publication number | Publication date |
---|---|
CN103532789A (en) | 2014-01-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101447898B (en) | Test system used for network safety product and test method thereof | |
EP3276907B1 (en) | A method and apparatus for testing a security of communication of a device under test | |
CN104169937B (en) | Chance system scans | |
US8533799B2 (en) | Service integration platform system and method for internet services | |
CN108353004A (en) | Method, system and computer-readable medium for test network virtualization of function (NFV) | |
CN110351228A (en) | Remote entry method, device and system | |
CN110430096A (en) | A kind of gateway test method and equipment | |
WO2016082289A1 (en) | Content distribution network (cdn)-based website acceleration method and system | |
CN107566152A (en) | Method and device for virtual network link detection | |
CN102546292B (en) | Detect the method and apparatus of server application health status | |
CN110048908B (en) | Network test platform, network test method and device | |
CN105898790B (en) | A kind of network speed measurement method and equipment | |
CN103873449B (en) | Method for network access and system | |
Spinoso et al. | Formal verification of virtual network function graphs in an sp-devops context | |
CN105871881A (en) | Portal authentication method based on Openwrt router | |
CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
CN104954508B (en) | A kind of system and its auxiliary charging method for DHCP protocol auxiliary charging | |
CN109446075A (en) | Interface testing method and device | |
CN107634871B (en) | Connectivity test method, device and system | |
US20180123898A1 (en) | Network verification device, network verification method and program recording medium | |
KR20170108029A (en) | Inspection system for inspecting computer of computer system in inspection network | |
CN106131066A (en) | A kind of authentication method and device | |
CN105791059B (en) | A kind of broadband speed-measuring method, device, system | |
CN103532789B (en) | Inter-network transparent transmission detecting system | |
CN106603339B (en) | Simulate the test macro and test method of wan environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |