CN103647780B - The method and the network equipment of Lawful Interception - Google Patents

The method and the network equipment of Lawful Interception Download PDF

Info

Publication number
CN103647780B
CN103647780B CN201310688325.9A CN201310688325A CN103647780B CN 103647780 B CN103647780 B CN 103647780B CN 201310688325 A CN201310688325 A CN 201310688325A CN 103647780 B CN103647780 B CN 103647780B
Authority
CN
China
Prior art keywords
user
address
equipment
mark
network equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310688325.9A
Other languages
Chinese (zh)
Other versions
CN103647780A (en
Inventor
杨帆
李松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310688325.9A priority Critical patent/CN103647780B/en
Publication of CN103647780A publication Critical patent/CN103647780A/en
Application granted granted Critical
Publication of CN103647780B publication Critical patent/CN103647780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides the method and the network equipment of a kind of Lawful Interception.This method obtains monitoring information by the network equipment, monitoring information includes the mark and monitor sign of user, monitor sign is used to indicate whether to monitor user, and the mark of user includes the access link information of user, and access link information is used for the physical location for identifying user;Receive the mark that user is carried in the DHCP message that the first user equipment is sent, DHCP message, the IP address and MAC Address of the first user equipment;If according to the mark and monitoring information of the user carried in DHCP message, it is determined that needing to monitor user, then according to the IP address of the first user equipment and the MAC Address of the first user equipment, acl rule is set, the MAC Address of the first user equipment will be carried and the message of IP address is guided to audiomonitor.So as to reduce changed due to the MAC Address or IP address of user caused by audiomonitor re-issue the situation of snoop command.

Description

The method and the network equipment of Lawful Interception
Technical field
The present embodiments relate to the method and the network equipment of the communication technology, more particularly to a kind of Lawful Interception.
Background technology
Lawful Interception is by law enforcement agency(Law Enforcement Agency, referred to as:LEA)And Internet Service Provider (Internet Service Provide, referred to as:ISP)Coordinate the monitoring system completed.By disposing legal prison in ISP network Business is listened, LEA can be monitored and audited for network information content, recognize illegal activity effectively to be hit.
When user passes through DHCP(Dynamic Host Configuration Protocol, referred to as: DHCP)When the address got accesses network, audiomonitor is according to the medium education of user(Medium Access Control, referred to as:MAC)Address and Internet protocol(Internet Protocol, referred to as:IP)Address issues snoop command, The network equipment generates corresponding accesses control list according to the MAC Address and IP address(Access Control List, referred to as: ACL)Rule, the flow of user is guided to audiomonitor, so as to realize monitoring.If however, the MAC Address or IP address of user Change, audiomonitor needs to re-issue snoop command according to the MAC Address or IP address after change, causes operation numerous Trivial, efficiency is monitored in reduction.
The content of the invention
The embodiment of the present invention provides the method and the network equipment of a kind of Lawful Interception, to reduce the MAC Address due to user Or IP address change caused by audiomonitor re-issue the situation of snoop command.
In a first aspect, the embodiment of the present invention provides a kind of method of Lawful Interception, including:
The network equipment obtains monitoring information, and the monitoring information includes the mark and monitor sign of user, the monitoring mark Knowledge is used to indicate whether to monitor the user, and the mark of the user includes the access link information of the user, institute State the physical location that access link information is used to identify the user;
The network equipment receives the dynamic host configuration protocol DHCP message that the first user equipment is sent, the DHCP reports Carry the mark of the user in text, the internet protocol address of first user equipment and first user equipment MAC address;
The network equipment is according to the mark and the monitoring information of the user carried in the DHCP message, really It is fixed whether to need to monitor the user;
If it is determined that needing to monitor the user, then the network equipment is according to the IP of first user equipment Address and the MAC Address of first user equipment, set access control list ACL rule, the acl rule is used for will be described The report of the IP address of MAC Address that the network equipment is received, carrying first user equipment and first user equipment Text is guided to audiomonitor.
In the first possible implementation of first aspect, the DHCP reports sent in the first user equipment of the reception Wen Hou, methods described also includes:
The network equipment records the identifying of the user, the monitor sign, the IP address of first user equipment Mapping relations between the MAC Address of first user equipment.
According to the first possible implementation of first aspect, in second of possible implementation, in the net Network equipment is recorded after the mapping relations, and methods described also includes:
If the network equipment monitors that the user discharges the IP address of first user equipment, the network is set The standby value for removing the MAC Address of the IP address of the first user equipment and first user equipment described in the mapping relations.
With reference to the first or second of possible implementation of first aspect, in the third possible implementation, After the network equipment records the mapping relations, methods described also includes:
The network equipment receives the mark for terminating and including the user in snoop command, the termination snoop command;
The network equipment is according to the termination snoop command, the mapping relations of deletion record;
Or
The network equipment is right by the mark institute in the mapping relations with the user according to the termination snoop command The monitor sign answered is set to not monitor the user.
With reference to the third possible implementation of first aspect to first aspect, in the 4th kind of possible implementation In, the mark of the user carried in the DHCP message is to be obtained by access device in first user equipment by DHCP Added during taking IP address.
Second aspect, the embodiment of the present invention provides a kind of network equipment, including:
Acquisition module, for obtaining monitoring information, the monitoring information includes the mark and monitor sign of user, the prison Mark is listened to be used to indicate whether to monitor the user, the mark of the user includes the access link letter of the user Breath, the access link information is used for the physical location for identifying the user;
Receiving module, for receiving the dynamic host configuration protocol DHCP message that the first user equipment is sent, the DHCP The mark of the user, the internet protocol address of first user equipment and first user equipment are carried in message MAC address;
Determining module, for the mark and the monitoring information according to the user carried in the DHCP message, Determine the need for monitoring the user;
Processing module, if determining to need to monitor the user for the determining module, according to described the The MAC Address of the IP address of one user equipment and first user equipment, sets access control list ACL rule, the ACL Rule is used for MAC Address receiving the network equipment, carrying first user equipment and first user sets The message of standby IP address is guided to audiomonitor.
In the first possible implementation of second aspect, the network equipment also includes:
Logging modle, for record the identifying of the user, the monitor sign, first user equipment IP address Mapping relations between the MAC Address of first user equipment.
According to the first possible implementation of second aspect, in second of possible implementation, the network Equipment also includes:
Monitoring modular, if for monitoring that the user discharges the IP address of first user equipment, the network The MAC Address of the IP address of first user equipment described in mapping relations and first user equipment described in device clear Value.
With reference to the first or second of possible implementation of second aspect, in the third possible implementation, The receiving module is additionally operable to receive the mark for terminating and including the user in snoop command, the termination snoop command;
The processing module is additionally operable to according to the termination snoop command, the mapping relations of deletion record;
Or
The processing module is additionally operable to according to the termination snoop command, by the mark in the mapping relations with the user Know the corresponding monitor sign to be set to not monitor the user.
With reference to the third possible implementation of second aspect to second aspect, in the 4th kind of possible implementation In, the mark of the user carried in the DHCP message is to be obtained by access device in first user equipment by DHCP Added during taking IP address.
The method and the network equipment of Lawful Interception provided in an embodiment of the present invention, monitoring information is obtained by the network equipment, The monitoring information includes the mark and monitor sign of user, and the monitor sign is used to indicate whether to supervise the user Listen, the mark of the user includes the access link information of the user, and the access link information is used to identify the user Physical location;The network equipment, which is received, carries described in the DHCP message that the first user equipment is sent, the DHCP message The MAC Address of the mark of user, the IP address of first user equipment and first user equipment;The network equipment root According to the mark and the monitoring information of the user carried in the DHCP message, it is determined whether needs enter to the user Row is monitored;If it is determined that needing to monitor the user, then the network equipment is according to the IP of first user equipment Address and the MAC Address of first user equipment, set acl rule, and the acl rule is used to receive the network equipment To, the message of the IP address of the MAC Address that carries first user equipment and first user equipment guided to monitoring Equipment.So as to reduce changed due to the MAC Address or IP address of user caused by audiomonitor re-issue monitoring life The situation of order.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs Some bright embodiments, for those of ordinary skill in the art, without having to pay creative labor, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the embodiment of the method one of Lawful Interception of the present invention;
Fig. 2 is the flow chart of the embodiment of the method two of Lawful Interception of the present invention;
Fig. 3 is the flow chart of the embodiment of the method three of Lawful Interception of the present invention;
The application scenarios schematic diagram of the method for the Lawful Interception that Fig. 4 provides for the present embodiment;
Fig. 5 is the structural representation of inventive network apparatus embodiments one;
Fig. 6 is the structural representation of inventive network apparatus embodiments two.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
In actual applications, user, which stays at home, to access network by different modes, and e.g., user passes through computer to access During network, the MAC Address and IP address of acquisition may be MAC-1 and IP-1, when the user is by mobile phone access network, acquisition MAC Address and IP address may be MAC-2 and IP-2, if the user adds an equipment for surfing the net, increased equipment for surfing the net exists When accessing network, the MAC Address and IP address got may be MAC-3 and IP-3.In such a scenario, the user passes through When DHCP protocol obtains IP address, interchanger or digital subscriber line access multiplex(Digital Subscriber Line Access Multiplexer, referred to as:DSLAM)What the mark of the user added in the DHCP message of the user was just as, Being included in the mark of user is used to uniquely identify the access link information of the physical location of the user, therefore, and the present invention is implemented The snoop command that example includes the mark of user by issuing realized to the Lawful Interception of user, reduces the MAC due to user Audiomonitor re-issues the situation of snoop command caused by location or IP address change.
Fig. 1 is the flow chart of the embodiment of the method one of Lawful Interception of the present invention.As shown in figure 1, the conjunction that the present embodiment is provided Method monitor method can specifically be performed by the network equipment, and the method that the present embodiment is provided can specifically include:
Step 101, the network equipment obtain monitoring information, and the monitoring information includes the mark and monitor sign of user, institute State monitor sign to be used to indicate whether to monitor the user, the mark of the user includes the access link of the user Information, the access link information is used for the physical location for identifying the user.
Specifically, the mark of the user is the mistake for obtaining IP address by DHCP in the first user equipment by access device Added in journey;Optional, the access link information can be Option82, and/or Option18, and/or Option37, sheet Embodiment is not limited this.
Step 102, the network equipment are received in the DHCP message that the first user equipment is sent, the DHCP message and carried The MAC Address of the mark of the user, the IP address of first user equipment and first user equipment.
Step 103, the network equipment are according to the mark and the prison of the user carried in the DHCP message Listen information, it is determined whether needs are monitored the user.
Step 104, if it is determined that need the user is monitored, then the network equipment is according to first user The MAC Address of the IP address of equipment and first user equipment, sets acl rule, and the acl rule is used for the network The message of the IP address of MAC Address that equipment is received, carrying first user equipment and first user equipment draws It is directed at audiomonitor.
It should be noted that the acl rule can be first user of the network equipment according to the user The IP of the acl rule that the IP address and MAC Address of equipment update or the second user equipment according to the user Address and the newly-increased acl rule of MAC Address, i.e. as long as the network equipment determines to need to monitor the user, then not The user is managed by how many different user equipment access networks, the network equipment can be according to the user of the user The MAC Address and IP address of equipment set corresponding acl rule, realize the monitoring to the user.
The technical scheme of the present embodiment, monitoring information is obtained by the network equipment, and the monitoring information includes the mark of user Know and monitor sign, the monitor sign is used to indicate whether to monitor the user, the mark of the user includes institute The access link information of user is stated, the access link information is used for the physical location for identifying the user;The network equipment Receive the mark that the user is carried in the DHCP message that the first user equipment is sent, the DHCP message, first user The MAC Address of the IP address of equipment and first user equipment;The network equipment is according to carrying in the DHCP message The mark of the user and the monitoring information, it is determined whether needs are monitored the user;If it is determined that needs pair The user is monitored, then the network equipment is according to the IP address and first user equipment of first user equipment MAC Address, acl rule is set, the acl rule be used for it is that the network equipment is received, carry first user The message of the IP address of the MAC Address of equipment and first user equipment is guided to audiomonitor.So as to reduce due to user MAC Address or IP address change caused by audiomonitor re-issue the situation of snoop command.
Fig. 2 is the flow chart of the embodiment of the method two of Lawful Interception of the present invention.As shown in Fig. 2 in the base of above-described embodiment On plinth, after above-mentioned steps 104, the method that the present embodiment is provided can also further include:
Step 201, the network equipment record the identifying of the user, the monitor sign, first user equipment IP address and first user equipment MAC Address between mapping relations.
It should be noted that in a kind of feasible embodiment, the network equipment can first obtain the user's The MAC Address of mark, the IP address of first user equipment and first user equipment, then obtain the monitor sign, Record the mapping relations;In another feasible embodiment, the network equipment can first obtain the monitor sign, The MAC Address of the identifying of the user, the IP address of first user equipment and first user equipment, record are obtained again The mapping relations.The present embodiment is not limited this.
If step 202, the network equipment monitor that the user discharges the IP address of first user equipment, institute State the network equipment with removing the MAC of the IP address of the first user equipment and first user equipment described in the mapping relations The value of location.
The technical scheme of the present embodiment, the identifying of the user, the monitor sign, described are recorded by the network equipment Mapping relations between the MAC Address of the IP address of one user equipment and first user equipment;If the network equipment prison The IP address that the user discharges first user equipment is measured, then the network equipment is removed described in the mapping relations The value of the MAC Address of the IP address of first user equipment and first user equipment;So that the network equipment can be dynamic The mapping relations are recorded, after the network equipment determines to need to monitor the user, can be closed according to the mapping of record System is monitored the user, audiomonitor weight caused by reduction is changed due to the MAC Address or IP address of user The new situation for issuing snoop command.
Fig. 3 is the flow chart of the embodiment of the method three of Lawful Interception of the present invention.As shown in figure 3, in the base of above-described embodiment On plinth, after step 202, the method that the present embodiment is provided can also include:
Step 301, the network equipment, which receive to terminate, includes the user's in snoop command, the termination snoop command Mark.
Step 302, the network equipment are according to the termination snoop command, the mapping relations of deletion record;Or, According to the termination snoop command, it will be set in the mapping relations with the monitor sign corresponding to the mark of the user Not monitor the user.
If specifically, first user equipment has stopped accessing network, and the network equipment have received the prison Listen the mapping relations of the termination snoop command, the then network equipment deletion record of equipment transmission;If the network equipment When receiving the termination snoop command, first user equipment is not off accessing network, then the network equipment is by institute State in mapping relations and to be set to not monitor the user with the monitor sign corresponding to the mark of the user.
The technical scheme of the present embodiment, is received to terminate in snoop command, the termination snoop command by the network equipment and wrapped Mark containing the user;The network equipment is according to the termination snoop command, the mapping relations of deletion record;Or Person, according to the termination snoop command, by the mapping relations with the monitor sign corresponding to the mark of the user It is set to not monitor the user.So as to caused by reducing and being changed due to the MAC Address or IP address of user Audiomonitor re-issues the situation of snoop command.
By the user be designated Option82 information exemplified by, to the method for Lawful Interception provided in an embodiment of the present invention It is further described.
As shown in figure 4, in the application scenarios of the present embodiment, during user obtains IP address by DHCP protocol, Interchanger or DSLAM can add Option82 information in the DHCP message of user, and user is filled with Option82 information Access link information, the access link information can uniquely identify the physical address of the user.When carrying When the DHCP message of Option82 information is by the network equipment, the network equipment is by Option82 information, the MAC of the first user equipment Address and IP address are extracted, the mapping between record Option82 information, the MAC Address of the first user equipment and IP address Relation.
Specifically, using Lawful Interception function on network devices, audiomonitor is advised according to operator in on-premise network The Option82 information drawn issues snoop command, for example, monitoring Option82-1.After the network equipment receives snoop command, There are following two possible situations.
The first situation:During user obtains IP address using the first user equipment by DHCP message, network Equipment extracts Option82 information, the MAC Address of the first user equipment and the IP address in DHCP message, and the described of record is reflected Penetrate relation as shown in table 1:
Table 1
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-1 MAC-1 IP-1 It is no
2 Option82-1 MAC-2 IP-2 It is no
N Option82-N MAC-N IP-N It is no
Wherein, the monitor sign in table 1 is set according to whether audiomonitor issues snoop command.
In this case, the network equipment sets the monitor sign of Option82-1 in table 1 after snoop command is received Being set to is, as shown in table 2:
Table 2
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-1 MAC-1 IP-1 It is
2 Option82-1 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
After monitor sign is configured as, the network equipment extracts corresponding MAC Address in the list item that monitor sign is yes And IP address, corresponding acl rule is set, so that MAC-1 addresses and IP-1 addresses will be carried, and MAC-2 addresses and IP- is carried The message of 2 addresses is guided to audiomonitor, realizes the monitoring to the user for being designated Option82-1 of user.
Is the list item related to Option82-1 is not present in now table 1 in second situation.In this case, network is set Standby the Option82-1 in snoop command sets up list item after snoop command is received, and the corresponding monitor sign of setting is It is, as shown in table 3:
Table 3
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-2 MAC-1 IP-1 It is
2 Option82-2 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
N+1 Option82-1 It is
When user is by the DHCP message application IP address that carries Option82-1, the network equipment is extracted in DHCP message MAC Address and IP address, recorded in corresponding list item, as shown in table 4:
Table 4
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-2 MAC-1 IP-1 It is
2 Option82-2 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
N+1 Option82-1 MAC-N+1 IP-N+1 It is
And corresponding MAC Address and IP address in the list item that monitor sign is yes are extracted, corresponding acl rule is set, from And guide the message for carrying MAC-N+1 addresses and IP-N+1 addresses to audiomonitor, realization is designated to user The monitoring of Option82-1 user.
When terminating Lawful Interception, equally there are following two possible situations:
The first situation is that audiomonitor does not send termination snoop command, and user actively discharges IP address, stops accessing Network.In this case, the network equipment only deletes the MAC Address of user described in list item and the information of IP address, such as the institute of table 5 Show:
Table 5
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-2 MAC-1 IP-1 It is
2 Option82-2 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
N+1 Option82-1 It is
When user applies for IP address again, realized with reference to second of situation that above-mentioned Lawful Interception flow sets up process Lawful Interception.
After listening center is sent to the network equipment terminates snoop command, the network equipment is deleted corresponding with Option82-1 List item, as shown in table 6:
Table 6
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-2 MAC-1 IP-1 It is
2 Option82-2 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
Second of situation is that audiomonitor issues termination snoop command, and user does not discharge IP address, still accesses network. In this case, the network equipment is received after termination snoop command, and the monitor sign in corresponding list item in user's mark table is set Be set to it is no, as shown in table 7:
Table 7
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-2 MAC-1 IP-1 It is
2 Option82-2 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
N+1 Option82-1 MAC-N+1 IP-N+1 It is no
When user discharges IP address, stop accessing after network, the network equipment deletes list item corresponding with Option82-1, such as Shown in table 8:
Table 8
Sequence Option82 information MAC Address IP address Monitor sign
1 Option82-2 MAC-1 IP-1 It is
2 Option82-2 MAC-2 IP-2 It is
N Option82-N MAC-N IP-N It is no
When the user for being designated Option82-1 that audiomonitor is directed to user again issues snoop command, with reference to above-mentioned The first situation that Lawful Interception flow sets up process realizes Lawful Interception.
The method for the Lawful Interception that the present embodiment is provided, the mark for monitoring users is identical but MAC Address or IP address Different users, can be with dynamic generation acl rule, so as to reduce because the MAC Address or IP address of user change and lead The audiomonitor of cause re-issues the situation of snoop command.
Fig. 5 is the structural representation of inventive network apparatus embodiments one.As shown in figure 5, the network that the present embodiment is provided Equipment 10 can include:Acquisition module 11, receiving module 12, determining module 13 and processing module 14.
Wherein, acquisition module 11 is used to obtain monitoring information, and the monitoring information includes the mark and monitor sign of user, The monitor sign is used to indicate whether to monitor the user, and the mark of the user includes the access chain of the user Road information, the access link information is used for the physical location for identifying the user;
Receiving module 12, which is used to receive in the DHCP message that the first user equipment is sent, the DHCP message, carries the use The MAC Address of the mark at family, the IP address of first user equipment and first user equipment;
Determining module 13 is used for mark and the monitoring information according to the user carried in the DHCP message, Determine the need for monitoring the user;
If processing module 14 is used for the determining module and determines to need to monitor the user, according to described the The MAC Address of the IP address of one user equipment and first user equipment, sets acl rule, and the acl rule is used for institute State the IP address of MAC Address that the network equipment is received, carrying first user equipment and first user equipment Message is guided to audiomonitor.
It should be noted that the mark of the user carried in the DHCP message is described first by access device What user equipment was added during obtaining IP address by DHCP.
Further, the network equipment can also include logging modle, for recording the identifying of the user, described monitoring Mapping relations between the MAC Address of mark, the IP address of first user equipment and first user equipment;The net Network equipment can also include monitoring modular, if for monitoring that the user discharges the IP address of first user equipment, The network equipment removes the IP address and the MAC of first user equipment of the first user equipment described in the mapping relations The value of address.
Further, the receiving module 12 can be also used for receiving terminating in snoop command, the termination snoop command and wrap Mark containing the user;Accordingly, the processing module 14 can be also used for according to the termination snoop command, deletion record The mapping relations;Or, the processing module 14 be can be also used for according to the termination snoop command, and the mapping is closed It is set to the monitor sign corresponding to the mark of the user not monitor the user in system.
The network equipment of the present embodiment, available for the technical scheme for performing above method embodiment, its realization principle and skill Art effect is similar, and here is omitted.
Fig. 6 is the structural representation of inventive network apparatus embodiments two.As shown in fig. 6, the network that the present embodiment is provided Equipment 20 can include bus 24, and be connected to the processor 21, memory 22 and interface 23 of bus 24, wherein, interface 23 For obtaining monitoring information, the monitoring information includes the mark and monitor sign of user, and the monitor sign is for instruction No that the user is monitored, the mark of the user includes the access link information of the user, the access link letter Cease the physical location for identifying the user;Memory 22 is used for store instruction, and the processor 21, which performs the instruction, to be used for Receive the mark that the user is carried in the DHCP message that the first user equipment is sent, the DHCP message, first user The MAC Address of the IP address of equipment and first user equipment;The processor 21 performs the instruction and is additionally operable to according to described The mark and the monitoring information of the user carried in DHCP message, it is determined whether needs are supervised to the user Listen;If the processor 21, which performs the instruction, which is additionally operable to the determining module determination, needs to monitor the user, According to the IP address of first user equipment and the MAC Address of first user equipment, acl rule, the ACL rule are set Then it is used for MAC Address and first user equipment that receive the network equipment, carrying first user equipment The message of IP address guide to audiomonitor.
It should be noted that the mark of the user carried in the DHCP message is described first by access device What user equipment was added during obtaining IP address by DHCP.
In embodiments of the present invention, alternatively, the processor 21 performs the mark that the instruction is additionally operable to record the user Mapping between knowledge, the monitor sign, the MAC Address of the IP address of first user equipment and first user equipment Relation;The network equipment can also include monitoring modular, if for monitoring that the user discharges first user equipment IP address, then the network equipment remove the IP address of the first user equipment described in the mapping relations and described first and use The value of the MAC Address of family equipment.
In embodiments of the present invention, alternatively, the interface 23, which is additionally operable to receive, terminates snoop command, and the termination is monitored The mark of the user is included in order;
In embodiments of the present invention, alternatively, the processor 21 performs the instruction and is additionally operable to be monitored according to described terminate Order, the mapping relations of deletion record;Or according to the termination snoop command, will be used in the mapping relations with described The monitor sign corresponding to the mark at family is set to not monitor the user.
The network equipment of the present embodiment, available for the technical scheme for performing above method embodiment, its realization principle and skill Art effect is similar, and here is omitted.
, can be by it in several embodiments provided by the present invention, it should be understood that disclosed apparatus and method Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only Only a kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can be tied Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed Coupling each other or direct-coupling or communication connection can be the INDIRECT COUPLINGs or logical of device or unit by some interfaces Letter connection, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, it would however also be possible to employ hardware adds the form of SFU software functional unit to realize.
The above-mentioned integrated unit realized in the form of SFU software functional unit, can be stored in an embodied on computer readable and deposit In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are to cause a computer Equipment(Can be personal computer, server, or network equipment etc.)Or processor(processor)Perform the present invention each The part steps of embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage(Read- Only Memory, ROM), random access memory(Random Access Memory, RAM), magnetic disc or CD etc. it is various Can be with the medium of store program codes.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module Division progress for example, in practical application, can distribute complete by different functional modules by above-mentioned functions as needed Into the internal structure of device being divided into different functional modules, to complete all or part of function described above.On The specific work process of the device of description is stated, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, or which part or all technical characteristic are entered Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (8)

1. a kind of method of Lawful Interception, it is characterised in that including:
The network equipment obtains monitoring information, and the monitoring information includes the mark and monitor sign of user, and the monitor sign is used In indicating whether to monitor the user, the mark of the user includes the access link information of the user, described to connect Incoming link information is used for the physical location for identifying the user;
The network equipment is received in the dynamic host configuration protocol DHCP message that the first user equipment is sent, the DHCP message Carry the media of the mark of the user, the internet protocol address of first user equipment and first user equipment The mark of the user carried in access control MAC address, the DHCP message is in first user by access device What equipment was added during obtaining IP address by DHCP;
The network equipment is according to the mark and the monitoring information of the user carried in the DHCP message, it is determined that being No needs are monitored the user;
If it is determined that needing to monitor the user, then the network equipment is according to the IP address of first user equipment With the MAC Address of first user equipment, access control list ACL rule is set, the acl rule is used for the network The message of the IP address of MAC Address that equipment is received, carrying first user equipment and first user equipment draws It is directed at audiomonitor.
2. according to the method described in claim 1, it is characterised in that the DHCP message sent in the first user equipment of the reception Afterwards, methods described also includes:
The network equipment records the identifying of the user, the monitor sign, the IP address of first user equipment and institute State the mapping relations between the MAC Address of the first user equipment.
3. method according to claim 2, it is characterised in that after the network equipment records the mapping relations, institute Stating method also includes:
If the network equipment monitors that the user discharges the IP address of first user equipment, the network equipment is clear Except the IP address of the first user equipment described in the mapping relations and the value of the MAC Address of first user equipment.
4. according to the method in claim 2 or 3, it is characterised in that after the network equipment records the mapping relations, Methods described also includes:
The network equipment receives the mark for terminating and including the user in snoop command, the termination snoop command;
The network equipment is according to the termination snoop command, the mapping relations of deletion record;Or, the network equipment According to the termination snoop command, it will be set in the mapping relations with the monitor sign corresponding to the mark of the user Not monitor the user.
5. a kind of network equipment, it is characterised in that including:
Acquisition module, for obtaining monitoring information, the monitoring information includes the mark and monitor sign of user, the monitoring mark Knowledge is used to indicate whether to monitor the user, and the mark of the user includes the access link information of the user, institute State the physical location that access link information is used to identify the user;
Receiving module, for receiving the dynamic host configuration protocol DHCP message that the first user equipment is sent, the DHCP message The matchmaker of the middle mark for carrying the user, the internet protocol address of first user equipment and first user equipment The mark of the user carried in body access control MAC address, the DHCP message is to be used by access device described first What family equipment was added during obtaining IP address by DHCP;
Determining module, for the mark and the monitoring information according to the user carried in the DHCP message, it is determined that Whether need to monitor the user;
Processing module, if determining to need to monitor the user for the determining module, is used according to described first The MAC Address of the IP address of family equipment and first user equipment, sets access control list ACL rule, the acl rule For it is that the network equipment is received, carry the MAC Address and first user equipment of first user equipment The message of IP address is guided to audiomonitor.
6. the network equipment according to claim 5, it is characterised in that the network equipment also includes:
Logging modle, for recording the identifying of the user, the monitor sign, the IP address of first user equipment and institute State the mapping relations between the MAC Address of the first user equipment.
7. the network equipment according to claim 6, it is characterised in that the network equipment also includes:
Monitoring modular, if for monitoring that the user discharges the IP address of first user equipment, the network equipment Remove the value of the MAC Address of the IP address of the first user equipment described in the mapping relations and first user equipment.
8. the network equipment according to claim 5 or 6, it is characterised in that the receiving module, which is additionally operable to receive, terminates prison Listen the mark for including the user in order, the termination snoop command;
The processing module is additionally operable to according to the termination snoop command, the mapping relations of deletion record;
Or
The processing module is additionally operable to according to the termination snoop command, by the mark institute in the mapping relations with the user The corresponding monitor sign is set to not monitor the user.
CN201310688325.9A 2013-12-13 2013-12-13 The method and the network equipment of Lawful Interception Active CN103647780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310688325.9A CN103647780B (en) 2013-12-13 2013-12-13 The method and the network equipment of Lawful Interception

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310688325.9A CN103647780B (en) 2013-12-13 2013-12-13 The method and the network equipment of Lawful Interception

Publications (2)

Publication Number Publication Date
CN103647780A CN103647780A (en) 2014-03-19
CN103647780B true CN103647780B (en) 2017-08-25

Family

ID=50252936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310688325.9A Active CN103647780B (en) 2013-12-13 2013-12-13 The method and the network equipment of Lawful Interception

Country Status (1)

Country Link
CN (1) CN103647780B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897464B (en) * 2016-03-30 2019-08-23 国网福建省电力有限公司 Electric power Intranet remote application monitoring method based on MAC Address control
CN106921420B (en) * 2017-04-19 2020-12-22 义乌市智享通讯设备有限公司 Method and device for sending DHCP message
CN111490962A (en) * 2019-01-25 2020-08-04 华为技术有限公司 Monitoring method and network equipment
US20230370453A1 (en) * 2022-05-13 2023-11-16 Cisco Technology, Inc. Authentication and enforcement of differentiated policies for a bridge mode virtual machine behind a wireless host in a mac based authentication network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325781A (en) * 2007-06-15 2008-12-17 华为技术有限公司 Lawful snooping method, system and network equipment
CN101883090A (en) * 2010-04-29 2010-11-10 北京星网锐捷网络技术有限公司 Client access method, equipment and system
CN102195947A (en) * 2010-03-15 2011-09-21 华为技术有限公司 Lawful interception method and device
CN102255918A (en) * 2011-08-22 2011-11-23 神州数码网络(北京)有限公司 DHCP (Dynamic Host Configuration Protocol) Option 82 based user accessing authority control method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080318556A1 (en) * 2007-06-20 2008-12-25 Utstarcom, Inc. Ip based lawful interception on legacy equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325781A (en) * 2007-06-15 2008-12-17 华为技术有限公司 Lawful snooping method, system and network equipment
CN102195947A (en) * 2010-03-15 2011-09-21 华为技术有限公司 Lawful interception method and device
CN101883090A (en) * 2010-04-29 2010-11-10 北京星网锐捷网络技术有限公司 Client access method, equipment and system
CN102255918A (en) * 2011-08-22 2011-11-23 神州数码网络(北京)有限公司 DHCP (Dynamic Host Configuration Protocol) Option 82 based user accessing authority control method

Also Published As

Publication number Publication date
CN103647780A (en) 2014-03-19

Similar Documents

Publication Publication Date Title
CN103647780B (en) The method and the network equipment of Lawful Interception
CN104717107B (en) The method, apparatus and system of network equipment detection
CN102845123B (en) Virtual private cloud connection method and tunnel proxy server
CN104579887A (en) Cloud gateway as well as cloud gateway creation and configuration system and method
CN103136255B (en) The method and apparatus of information management
US20150288581A1 (en) Ipv6 address tracing method, apparatus, and system
CN101562542B (en) Response method for free ARP request and gateway device thereof
CN110048872A (en) A kind of network alarm method, apparatus, system and terminal
CN103250382B (en) Distribution method, apparatus and system
CN103795581B (en) Address processing method and equipment
CN100561954C (en) Method, system and the equipment of control detection of connectivity
CN104348749B (en) A kind of flow control methods, apparatus and system
CN107135189A (en) A kind of file transmitting method and physical machine
CN102612165A (en) Method and device for releasing resource
CN108270753A (en) The method and device of logging off users account
CN104009999B (en) Prevent method, device and network access server that ARP is cheated
CN202679642U (en) Advertising message filtering system
CN109219001B (en) Short message interception method, device, interception platform and storage medium
CN104507059B (en) A kind of multimedia message transmitting administrative method and multimedia message send managing device
CN107872553B (en) 4G industry application card detection system and method
CN109981386B (en) Network quality testing method, testing server and testing system
CN105634789B (en) A kind of method, equipment and the Log Collect System of collector associate device
CN103348740B (en) A kind of access processing method, equipment and system
KR101826728B1 (en) Method, system and computer-readable recording medium for managing log data
CN103532757B (en) Network communication method, access point equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant