CN107171901A - A kind of TCP flow trade shows method based on network packet flow - Google Patents

A kind of TCP flow trade shows method based on network packet flow Download PDF

Info

Publication number
CN107171901A
CN107171901A CN201710618027.0A CN201710618027A CN107171901A CN 107171901 A CN107171901 A CN 107171901A CN 201710618027 A CN201710618027 A CN 201710618027A CN 107171901 A CN107171901 A CN 107171901A
Authority
CN
China
Prior art keywords
time
tcp
transaction
flow
tcp flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710618027.0A
Other languages
Chinese (zh)
Inventor
林康
罗鹰
李响
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU COLASOFT Co Ltd
Original Assignee
CHENGDU COLASOFT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU COLASOFT Co Ltd filed Critical CHENGDU COLASOFT Co Ltd
Priority to CN201710618027.0A priority Critical patent/CN107171901A/en
Publication of CN107171901A publication Critical patent/CN107171901A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/067Generation of reports using time frame reporting

Abstract

The invention discloses a kind of TCP flow trade shows method based on network packet flow.The present invention has pre-defined TCP flow transaction, TCP flow Turns concept, and network flow data bag is analyzed based on the two concepts, and is shown in the way of transaction.The present invention can clearly show the interaction of TCP flow, allow user to have apparent understanding and analysis to the transmission of TCP flow in a network.

Description

A kind of TCP flow trade shows method based on network packet flow
Technical field
The invention belongs to network technique field, more particularly to the TCP flow trade shows method based on network packet flow.
Background technology
Current network analysis field has many network analysis technique and network analysis product, and each product has its unique Analytical technology and proprietary field, essentially all of network analysis product has the TCP flow analytic function of oneself, still, at present Not, the interaction of TCP flow is explained from transaction perspective.And being explained from process of exchange can allow user to TCP flow in net Transmission in network has apparent understanding and analysis.
The content of the invention
To solve the above problems, the invention provides a kind of TCP flow trade shows method based on network packet flow, Comprise the following steps:
Step one:Pre-defined TCP flow transaction, TCP flow turns concept.Wherein, shaking hands during TCP flow is initiated Stage, connection disconnected phase be respectively the data transfer on equidirectional each time in the transaction of TCP flow, data transfer phase with And the response of transmission is a TCP flow transaction.Handshake phase, connection disconnected phase are respectively comprising once during TCP flow is initiated The transmission of data each time and the response of other side are defined as a TCP flow turns in TCP flow turns, data transfer phase.
Step 2:Network packet is captured, the packet for meeting and specifying requirement is gone out by Analysis and Screening.
Step 3:The packet filtered out is traded according to pre-defined TCP flow transaction, TCP flow Turns concepts Divide, create transaction statistical form.
Step 4:The response time of each TCP flow transaction is calculated, specific method is:By last number of last transaction According to bag correspondence the time be the time started, using next time transaction first packet correspondence the time as the end time, the end time with The time difference of time started is the transaction response time.
Step 5:The processing time of each TCP flow transaction is calculated, specific method is:With first data merchandised every time The bag time is the time started, last packet time is merchandised as the end time using this time, when the time difference is trading processing Between.
Step 6:When counting the total bag number of TCP flow transaction data, data packet byte sum, transaction response time, trading processing Between.
Step 7:The statistics that step display six is obtained.
Further, it is specially in step 7:TCP transaction List Tables display module, transaction statistics display are set on computers Module.
The TCP transaction List Tables display module includes transaction List Table display unit, transaction timing diagram display unit.It is described to hand over Easy list display unit is shown in the way of list hits each TCP transaction.Timing diagram display unit of merchandising, which will be shown, to be chosen The relevant information of all packets of TCP transaction.
The data message that the TCP transaction statistics display module is used for during TCP flow is merchandised is shown.
Further, the relevant information of transaction timing diagram display unit displaying includes packet sequence number, relative time, time Difference, source IP address, purpose IP address, loaded length.
Further, TCP transaction statistics display module is shown including data statistics display unit, TCP flow time scale Unit.The data statistics display unit is used for display session time related information, session traffic relevant information, TCP transmission Statistical correlation information.TCP flow time scale display unit is used to show three-way handshake time, server response time, client Free time, the server transport time, the client transmissions time, connection the end time each shared by total time ratio.
Further, the Session Time relevant information is lasting including session start time, conversation end time, TCP flow Time, three-way handshake time, connection end time, server data transport time, server response time, client data are passed Defeated time, client free time.
Further, the session traffic relevant information includes packet sum, client data bag quantity, server count According to bag quantity, byte number summation, client byte number, server byte number.
Further, the TCP transmission statistical correlation information is per second including connection number of times, connection number of success, client Number-of-packet, server number-of-packet per second, client bytes per second, server bytes per second, client stream number of retransmissions, Client retransmission rate, server number of retransmissions, server retransmission rate, total retransmission rate, client fragment loss number of times, client point Section Loss Rate, server segment lose number of times, always server segment Loss Rate, segmentation Loss Rate, maximum ACK times, minimum ACK Time, client average ACK times.
Further, in step 2, the foundation of garbled data bag is TCP data bag flag bit and TCP/IP four-tuples.
Further, in step 7, setting packet display module, the packet display module on computer are additionally included in All data cached bags for showing current TCP flow.
Further, in step 7, setting data flow display module, the data flow display module on computer are additionally included in Data content for showing all transmission of current TCP flow.
Beneficial effects of the present invention are:
The invention define TCP flow transaction, TCP flow Turns concept, and based on the two concepts to network Data on flows bag is analyzed, and is shown, the interaction for the displaying TCP flow that can be become apparent from, and allows user to exist TCP flow Transmission in network can have apparent understanding and analysis.
Brief description of the drawings
Fig. 1 is the method for the invention schematic flow sheet.
Embodiment
The detailed process of the present invention is illustrated with reference to Fig. 1.Step 2~seven are shown in Fig. 1.
The invention mainly comprises following steps:
Step one:Pre-defined TCP flow transaction, TCP flow turns concept.Concept is specific as follows:
TCP flow is merchandised:Handshake phase, connection disconnected phase during TCP flow initiation are respectively a TCP flow transaction, In data transfer phase it is equidirectional each time on data transfer and the response of transmission be the transaction of TCP flow.
Once occurring in that data transfer and the response of opposite direction, then this transaction cut-off, a new transaction starts.
TCP flow turns:Handshake phase, connection disconnected phase are respectively comprising a TCP flow during TCP flow is initiated The transmission of data each time and the response of other side are defined as a TCP flow turns in turns, data transfer phase.
In order to be better understood from above-mentioned concept, illustrated now with A, B for entering row data communication.It is assumed that there is A, B.A Be carried out continuously request data transmission several times towards B, each B responds A and without data, then this continuously several times A towards B directions Request data transmission and B towards A directions response just once to merchandise, data transfer, answering each time are one turns.Once B occur has carried out data transfer towards A, A is towards B responses and without data, then last transaction terminates, newly once Transaction starts.If response is, with data, new transaction to be calculated once since this secondary response.
Step 2:Network packet is captured, the packet of specified session is gone out by Analysis and Screening.
The foundation of garbled data bag is TCP data bag flag bit (SYN, ACK, FIN etc.) and TCP/IP four-tuples.TCP/IP Four-tuple include source IP v4 addresses, purpose IPv4 addresses, source port, destination interface.
Step 3:The packet filtered out is traded according to pre-defined TCP flow transaction, TCP flow Turns concepts Divide, create transaction statistical form.
Wherein, three-way handshake, which belongs to, once merchandises, and the connection disconnection of four steps belongs to last time and merchandised, in remaining data, The response of data transfer and transmission on equidirectional each time is defined as once merchandising.The content of transaction statistical form is current meeting The set of All Activity in words.
There is transaction statistical form, will can merchandise all " mistake " one time every time successively, according to above determining TCP flow turns Justice, counts turns number of TCP flow of each TCP transaction.
Step 4:Calculate the response time of each TCP flow transaction.
According to each transaction counted in step 3 and the packet of transaction, by last data of last transaction Bag timestamp (each packet can be labeled with capture time when captured, this time be exactly each packet when Between stab) as the time started, using first packet timestamp of transaction next time as the end time, when the end time is with starting Between time difference be transaction the response time.
Step 5:Count the processing time of each TCP flow transaction.
According to each transaction counted in step 3 and the packet of transaction, with first data to merchandise every time The bag correspondence time is the time started, merchandises last packet time as the end time using this time, the time difference is at transaction The reason time.
Step 6:Count TCP flow transaction data package number, data packet byte number, transaction response time, trading processing time.
According to the transaction above counted on, the packet of transaction and data packet byte number are added up, transaction system is formed Count, and by Step 4: five time also counts, formation exchange hour is counted.
Step 7:Show statistical result.
Realize that this step needs to set TCP transaction List Tables display module, TCP transaction statistics display modules on computers.Also It is preferably provided with packet display module, data flow display module.Modules are introduced below.
1.TCP transaction List Table display modules
The TCP transaction List Tables display module includes transaction List Table display unit, transaction timing diagram display unit.
The transaction List Table display unit is shown in the way of list hits each TCP transaction, when clicking on certain transaction When, lower section window will show two TAB of band view window, respectively merchandise timing diagram window and data flow window Mouthful.
The transaction timing diagram display unit will show the relevant information for all packets for being clicked TCP transaction, described Relevant information includes packet sequence number, relative time, and (with some packet time stamp for origin, other packet times are stabbed for setting Relative to the time difference of this origin, be defaulted as first packet timestamp for origin), time difference (each two packet The difference of timestamp), source IP address, purpose IP address, (each data contract out the data carried after protocol headers to loaded length Length, is TCP transaction analyses here, thus be remove TCP and its under protocol headers after data length).Data flow will Show the transmission data of current TCP transaction.The data stream window shows the data content of current TCP transaction.
2.TCP transaction statistics display modules
The detailed data information that the TCP transaction statistics display module is used for during TCP flow is merchandised is shown.It includes Data statistics display unit, the time scale display unit of TCP flow.
The data statistics display unit display session time related information, session traffic relevant information, TCP transmission system Count relevant information.
The time scale display unit of the TCP flow is used to show three-way handshake time, server response time, client Free time, the server transport time, the client transmissions time, connection the end time each shared by total time ratio.
The Session Time relevant information include the session start time, the conversation end time, the TCP flow duration, three times Shake hands time, connection end time, server data transport time, server response time, client data transmission time, visitor Family end free time.
The session traffic relevant information include packet sum, client data bag quantity, server data bag quantity, Byte number summation, client byte number, server byte number.
The TCP transmission statistical correlation information include connection number of times, connection number of success, client number-of-packet per second, Server number-of-packet per second, client bytes per second, server bytes per second, client's stream number of retransmissions, client weight Biography rate, server number of retransmissions, server retransmission rate, total retransmission rate, client fragment loss number of times, client fragment loss Rate, server segment lose number of times, server segment Loss Rate, always segmentation Loss Rate, the maximum ACK times, the minimum ACK times, The client average ACK times.
3. packet display module
Packet display module is used for all data cached bags for showing current TCP flow.
4. data flow display module
Data flow display module is used for the data content for showing all transmission of current TCP flow.

Claims (10)

1. a kind of TCP flow trade shows method based on network packet flow, it is characterised in that comprise the following steps:
Step one:Pre-defined TCP flow transaction, TCP flow turns concept;Wherein, TCP flow initiate during handshake phase, The connection disconnected phase is respectively the data transfer and biography on equidirectional each time in the transaction of TCP flow, data transfer phase Defeated response is a TCP flow transaction;Handshake phase, connection disconnected phase are respectively comprising a TCP flow during TCP flow is initiated The transmission of data each time and the response of other side are defined as a TCP flow turns in turns, data transfer phase;
Step 2:Network packet is captured, the packet for meeting and specifying requirement is gone out by Analysis and Screening;
Step 3:The packet filtered out is traded and drawn according to pre-defined TCP flow transaction, TCP flow Turns concepts Point, create transaction statistical form;
Step 4:The response time of each TCP flow transaction is calculated, specific method is:By last packet of last transaction The correspondence time is the time started, and first packet correspondence time using transaction next time, the end time was with starting as the end time The time difference of time is the transaction response time;
Step 5:The processing time of each TCP flow transaction is calculated, specific method is:With merchandise every time first packet when Between be the time started, last packet time is merchandised as the end time using this time, the time difference is the trading processing time;
Step 6:Count the total bag number of TCP flow transaction data, data packet byte sum, transaction response time, trading processing time;
Step 7:The statistics that step display six is obtained.
2. the TCP flow trade shows method as claimed in claim 1 based on network packet flow, it is characterised in that step It is specially in seven:TCP transaction List Tables display module, transaction statistics display module are set on computers;
The TCP transaction List Tables display module includes transaction List Table display unit, transaction timing diagram display unit;The transaction row Table display unit is shown in the way of list hits each TCP transaction;Timing diagram display unit of merchandising will show that being chosen TCP hands over The relevant information of easy all packets;
The data message that the TCP transaction statistics display module is used for during TCP flow is merchandised is shown.
3. the TCP flow trade shows method as claimed in claim 2 based on network packet flow, it is characterised in that transaction The relevant information of timing diagram display unit displaying includes packet sequence number, relative time, time difference, source IP address, purpose IP Location, loaded length.
4. the TCP flow trade shows method as claimed in claim 2 based on network packet flow, it is characterised in that TCP is handed over Easily statistics display module includes data statistics display unit, TCP flow time scale display unit;The data statistics display Unit is used for display session time related information, session traffic relevant information, TCP transmission statistical correlation information;TCP flow time ratio Example display unit be used for show the three-way handshake time, server response time, client free time, the server transport time, The client transmissions time, connection the end time each shared by total time ratio.
5. the TCP flow trade shows method as claimed in claim 4 based on network packet flow, it is characterised in that described Session Time relevant information includes session start time, conversation end time, TCP flow duration, three-way handshake time, connection End time, server data transport time, server response time, client data transmission time, client free time.
6. the TCP flow trade shows method as claimed in claim 4 based on network packet flow, it is characterised in that described Session traffic relevant information include packet sum, client data bag quantity, server data bag quantity, byte number summation, Client byte number, server byte number.
7. the TCP flow trade shows method as claimed in claim 4 based on network packet flow, it is characterised in that described TCP transmission statistical correlation information includes connection number of times, connection number of success, client number-of-packet per second, server per number of seconds Think highly of according to bag number, client bytes per second, server bytes per second, client's stream number of retransmissions, client retransmission rate, service Number of times, server retransmission rate, total retransmission rate, client fragment loss number of times, client fragment loss rate, server segment is passed to lose When losing number of times, server segment Loss Rate, being always segmented Loss Rate, maximum ACK times, minimum ACK times, client averagely ACK Between.
8. the TCP flow trade shows method as claimed in claim 1 based on network packet flow, it is characterised in that step In two, the foundation of garbled data bag is TCP data bag flag bit and TCP/IP four-tuples.
9. the TCP flow trade shows method as claimed in claim 2 based on network packet flow, it is characterised in that step In seven, setting packet display module on computer is additionally included in, the packet display module is used for the institute for showing current TCP flow There is data cached bag.
10. the TCP flow trade shows method as claimed in claim 2 based on network packet flow, it is characterised in that step In seven, setting data flow display module on computer is additionally included in, the data flow display module is used to show that current TCP flow owns The data content of transmission.
CN201710618027.0A 2017-07-26 2017-07-26 A kind of TCP flow trade shows method based on network packet flow Withdrawn CN107171901A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710618027.0A CN107171901A (en) 2017-07-26 2017-07-26 A kind of TCP flow trade shows method based on network packet flow

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710618027.0A CN107171901A (en) 2017-07-26 2017-07-26 A kind of TCP flow trade shows method based on network packet flow

Publications (1)

Publication Number Publication Date
CN107171901A true CN107171901A (en) 2017-09-15

Family

ID=59818189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710618027.0A Withdrawn CN107171901A (en) 2017-07-26 2017-07-26 A kind of TCP flow trade shows method based on network packet flow

Country Status (1)

Country Link
CN (1) CN107171901A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1914952A1 (en) * 2006-10-17 2008-04-23 Deutsche Telekom AG Method and communication system for transmission power adaptation and TCP throughput optimization in a wireless network
CN101465763A (en) * 2008-12-30 2009-06-24 上海地面通信息网络有限公司 Method for monitoring and analyzing user terminal network appliance flux
CN101527719A (en) * 2009-04-27 2009-09-09 成都科来软件有限公司 Method for parallel analyzing TCP data flow

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1914952A1 (en) * 2006-10-17 2008-04-23 Deutsche Telekom AG Method and communication system for transmission power adaptation and TCP throughput optimization in a wireless network
CN101465763A (en) * 2008-12-30 2009-06-24 上海地面通信息网络有限公司 Method for monitoring and analyzing user terminal network appliance flux
CN101527719A (en) * 2009-04-27 2009-09-09 成都科来软件有限公司 Method for parallel analyzing TCP data flow

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
火龙果_曦: "《TCP流分析》", 《HTTPS://WENKU.BAIDU.COM/VIEW/CE7F6F3067EC102DE2BD892D.HTML》 *

Similar Documents

Publication Publication Date Title
Camarillo et al. Evaluation of transport protocols for the session initiation protocol
EP3535932B1 (en) Application characterization using transport protocol analysis
Moore et al. Discriminators for use in flow-based classification
US7779133B2 (en) Estimation of web client response time
US6118765A (en) System method and computer program product for eliminating unnecessary retransmissions
EP1368919B1 (en) Methods and systems for testing stateful network communications devices
EP2632102A1 (en) Method and device for data transmission
CN104486243B (en) Data transmission method, equipment and system
CN104038845B (en) Message transmitting method and device
CN107135216B (en) Method for enhancing streaming media transmission in weak network environment
Shen et al. On TCP-based SIP server overload control
CN101110767A (en) Accelerating method for asymmetric and multi-concurrency network
CN107852371A (en) Data packet network
CN107666486A (en) A kind of network data flow restoration methods and system based on message protocol feature
CN105207949B (en) A kind of TCP optimization methods and system, SP servers
US20190387029A1 (en) Method and system for upload optimization
CN102769520A (en) Wireless network congestion control method based on stream control transmission protocol (SCTP)
CN104283716B (en) Data transmission method, equipment and system
CN109167734A (en) The method and apparatus for identifying transmission control protocol state
Brennan et al. SCTP congestion control: Initial simulation studies
CN107197392B (en) Packet discarding method and packet loss device in barrage video stream transmission procedure
CN107171901A (en) A kind of TCP flow trade shows method based on network packet flow
CN116074401B (en) Method for realizing transmission layer protocol on programmable exchanger
Natarajan et al. Multistreamed web transport for developing regions
Kanagarathinam et al. Enhanced QUIC protocol for transferring time-sensitive data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170915

WW01 Invention patent application withdrawn after publication