CN107809344B - Real-time traffic collection and analysis system and method - Google Patents

Real-time traffic collection and analysis system and method Download PDF

Info

Publication number
CN107809344B
CN107809344B CN201610813619.3A CN201610813619A CN107809344B CN 107809344 B CN107809344 B CN 107809344B CN 201610813619 A CN201610813619 A CN 201610813619A CN 107809344 B CN107809344 B CN 107809344B
Authority
CN
China
Prior art keywords
traffic
module
network
real
collection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610813619.3A
Other languages
Chinese (zh)
Other versions
CN107809344A (en
Inventor
周愉捷
朱煜煌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chunghwa Telecom Co Ltd
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to CN201610813619.3A priority Critical patent/CN107809344B/en
Publication of CN107809344A publication Critical patent/CN107809344A/en
Application granted granted Critical
Publication of CN107809344B publication Critical patent/CN107809344B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Environmental & Geological Engineering (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Monitoring And Testing Of Exchanges (AREA)

Abstract

The invention provides a real-time traffic collection and analysis system and method, which consists of a control plane and a data plane of a software defined network, wherein the data plane comprises a flow-based traffic packet classification and matching method and a traffic volume statistical method, the traffic packet classification and matching method carries out classification and matching on various headers of packets, the traffic volume statistical method carries out statistics according to the traffic packet classification and matching method, the control plane is provided with a real-time traffic collection module and a traffic analysis module, the real-time traffic collection module reduces the obtained traffic volume information transmission volume by the traffic volume statistical method so as to collect traffic types of the traffic packet classification and matching method based on flows, and the traffic analysis module carries out traffic type statistics and analysis and analyzes the use situation, abnormal behavior and the like of network traffic types for network managers to refer.

Description

Real-time traffic collection and analysis system and method
Technical Field
The invention relates to a system and a method for collecting and analyzing broadband network traffic, in particular to a system and a method for collecting and analyzing real-time traffic.
Background
For the conventional method of collecting, monitoring and analyzing traffic in network management, the method usually uses other network devices (such as network packet probe, network traffic monitoring device, etc.) to collect traffic, and uses the network devices to perform pre-packet classification or filter and provide the filtered traffic to traffic analysis software (such as netflow, etc.).
In a situation of collecting traffic through other network devices, the network device can collect traffic information by using a network switch to perform traffic mirroring, or a method of pre-classifying and filtering traffic packets is implanted into the network switch, so that the excessive unnecessary data received by the traffic collecting device is reduced. Another situation is that in the situation of embedding the method of collecting traffic into the network switch, it is usually unable to perform too complicated pre-traffic packet classification or filtering, and the applicability is limited, the network switch also increases the hardware requirement due to embedding the function of traffic packet classification and filtering, and increases the cost of the network switch, and the general method of collecting traffic also fails to present accurate data due to too long sampling interval, so the analysis result cannot reflect the detailed information of traffic, such as the influence of surge.
Disclosure of Invention
The invention provides a real-time traffic collection and analysis system and a method thereof, which can realize the real-time monitoring of traffic flow and provide accurate traffic information analysis for the monitoring of a network.
A real-time traffic collection and analysis system and method is capable of obtaining traffic information from a programmable network switch in real time. The programmable exchanger belongs to the data plane of the software defined Network, it includes the flow-based packet classification matching method and the traffic statistical method, the flow-based packet classification matching method can be used as the packet classification method to collect the traffic besides transmitting or modifying the packets after matching different kinds of packets, the classification mode includes Media Access Control address (MAC), Virtual Local Area Network (VLAN), Internet Protocol address (IP), field in the Internet Protocol address packet (Differentiated Services Code Point, DSCP), Transmission Control Protocol (TCP), etc., after each kind of packet is classified, the method for counting the traffic volume is provided, and the method for counting the traffic volume can count the packet volume, the total traffic volume, the time tag and the like, so that the efficiency of the traffic information collection module can be improved. The control plane of the software defined network comprises a controller application programming interface module for transmitting a traffic collection request message and a traffic information return message, a traffic collection module and a traffic analysis module, wherein the traffic collection module obtains classified traffic information from the traffic statistics module periodically through the application programming interface module of the network controller and stores the classified traffic information in a database, and the traffic analysis module analyzes the traffic information in the database to show the use situation, abnormal behavior and the like of various traffic types so as to achieve real-time traffic collection and analysis.
The invention relates to a real-time traffic collection and analysis system, which comprises a plurality of programmable network exchangers, a network controller, a real-time traffic collection and analysis module and a network controller, wherein the programmable network exchangers process a plurality of packets, the network controller is connected with the programmable network exchangers through a management network and manages and monitors the programmable network exchangers, and the real-time traffic collection and analysis module is connected to the network controller and carries out real-time traffic collection and analysis.
The programmable network exchanger includes one traffic classifying and matching module with several traffic classifying and matching rules to match the packets, one traffic counting module connected to the traffic classifying and matching module to generate one traffic information, one data plane network interface module to forward the packets to the data plane network, and one control plane network interface module connected via the control plane network interface module to the network controller.
The network controller includes one application program interface module for application program to send command of managing and monitoring the programmable network exchanger to the network controller.
The real-time traffic collection and analysis module comprises a traffic collection module for collecting the traffic information in the programmable network switch in real time through the network controller, a database module for storing the collected traffic information, and a traffic analysis module for analyzing the traffic information stored in the database module.
The real-time traffic collection and analysis system further comprises a real-time traffic collection and analysis module for collecting and analyzing real-time traffic on the network, wherein the real-time traffic collection and analysis module comprises a traffic collection module capable of sending a traffic information request and collecting the traffic information of the programmable network switch in real time through the network controller, a database module for storing the collected traffic information, and a traffic analysis module for analyzing the traffic information stored in the database module.
The network controller and the programmable network switch may be in a one-to-one or one-to-many connection relationship, that is, one network controller is connected to one or more programmable switches, and one programmable switch is connected to one network controller.
The message classification matching module stores message classification matching rules, each message classification matching rule can contain more than one packet classification setting and at least one packet processing action, wherein the packet classification setting is used for setting the message classification matching module to classify the packets according to the header contents from the second layer to the fourth layer of the network and the entity port number of the received packets, and the packet processing action defines how the message classification matching module processes the network packets, and the processing actions comprise packet forwarding, packet discarding and changing the header contents from the second layer to the fourth layer.
The traffic statistic module has a traffic statistic setting to generate traffic information, the data of the traffic statistic setting includes total amount of media packets, total traffic flow of the media packets and total time volume label of existing traffic classification media rule; and the message classification matching module matches one packet every time, the corresponding data increment quantity is set in the message statistics module, and each packet only matches one message classification matching rule in the packet classification matching method every time.
The traffic collection module performs the following operations: the method comprises the steps of transmitting a traffic collection demand to a programmable network exchanger through an application programming interface module on a network controller at regular time to obtain traffic information, retrieving packet classification information and traffic statistic information from a traffic classification media combination module and a traffic statistic module on the programmable network exchanger, generating and transmitting traffic information by the programmable network exchanger according to the packet classification information and the traffic statistic information, and storing the traffic information by a database module.
The database module stores the traffic information including the classification matching setting of the traffic packet, the total amount of the matching packet, the total traffic flow of the matching packet and the total time tag of the existence of the traffic classification matching rule, and the traffic analysis module can take out the classified traffic information from the database module, present the real-time and accurate traffic statistical information and analyze the network use situation and the abnormal network behavior.
In summary, through the software defined networking technology, the traffic collection module can directly obtain detailed and accurate traffic information from the programmable switch through the controller application programming interface module by using a stream-based traffic statistics method, so as to reduce the cost for additionally constructing a network traffic detection system, and in addition, can directly obtain pre-classified and combined traffic information, save the establishment of a packet reading component and avoid the loss of the efficiency of the switch, effectively reduce the time interval for the traffic collection system to sample the traffic information, and enable the traffic information to be presented in real time.
The invention aims to solve the problem that the current traffic collection system is generally inaccurate, provides a real-time traffic collection and analysis system and method, and directly obtains pre-classified and mediated traffic information from a switch by a traffic statistic method based on flow, thereby achieving the purpose of avoiding the cost of additionally constructing a network traffic detection system.
Drawings
Fig. 1 is a diagram of a conventional traffic monitoring and analyzing module architecture.
FIG. 2 is a diagram of a real-time traffic collection and analysis system architecture according to the present invention.
Fig. 3 is a flow chart of establishing a traffic classification matching rule according to the present invention.
FIG. 4 is a flow chart of a real-time traffic collection and analysis method of the present invention.
Description of reference numerals:
101. a legacy network switch; 102. a network interface; 103. a traffic mirroring component; 104. a terminal device; 105. a data network; 106. monitoring the network; 110. a traffic monitoring and analyzing module; 111. a traffic collection and classification component; 112. a traffic analysis component; 201. a programmable network switch; 202. a data plane network interface module; 203. a control plane network interface module; 204. a terminal device; 205. a data network; 206. managing the network; 207. a network controller; 208. an application programming interface module; 210. a real-time traffic collection and analysis module; 211. a traffic classification matching module; 212. a traffic statistic module; 213. a traffic collection module; 214. a database module; 215. a traffic analysis module; S301-S304, and a method flow; s401 to S406 and a method flow.
Detailed Description
Fig. 1 is a conventional traffic monitoring and analyzing system architecture, which generally employs a traffic mirroring component 103 on a conventional network switch 101 to mirror traffic to a traffic monitoring and analyzing module 110, in a manner that traffic on a network interface 102 is mirrored from the traffic mirroring component 103 and copied, and the traffic monitoring and analyzing module 110 mainly mirrors all data packet exchange between a terminal device 104 and a data network 105, acquires mirrored traffic information through a monitoring network 106, parses the mirrored traffic through a traffic collecting and classifying component 111, rejects unnecessary traffic information, and classifies remaining traffic data. The traffic analysis component 112 obtains the simplified traffic information from the traffic collection and classification component 111 and analyzes the traffic information, so as to provide analysis data of the network manager, such as the use situation and abnormal behavior of the network. Under the system architecture of fig. 1, the traffic mirroring component 103 loses the efficiency of the conventional network switch 101, and the traffic gathering and classification component 111 parses all packets.
Fig. 2 shows a configuration of the real-time traffic collection and analysis system, in which the network controller 207 establishes a control connection with the programmable network switch 201 via the management network 206 through the control plane network interface module 203. Writing a traffic classification matching rule into a traffic classification matching module 211 on the programmable network switch 201 through the network controller 207, performing classification matching on all data packets exchanged between the terminal device 204 and the data network 205, further processing packets after the packet matching rule, such as modifying packets, and forwarding the modified packets by the data plane network interface module 202, wherein the traffic statistics module 212 counts the number of packets, traffic volume, and other information of each rule matched according to all the traffic classification matching rules, the real-time traffic volume collection and analysis module 210 firstly sends a traffic volume collection request from the traffic collection module 213 through the application programming interface module 208 on the network controller 207 at regular time, the network controller 207 obtains traffic information from the traffic statistics module 212 in real time after receiving the request, and then returns the traffic information to the traffic collection module 213 through the application programming interface module 208, then, the collected classified traffic information is stored in the database module 214, and finally, the traffic analysis module 215 can obtain accurate and real-time network traffic data from the database module 214, and present the use condition of the accurate network and analyze abnormal network behavior in real time.
The flow chart of the establishment of the traffic classification matching rule and the flow chart of the real-time traffic volume collecting and analyzing method are shown in fig. 3 and fig. 4. Referring to fig. 3, in step S301 of the traffic classification matching rule establishing flowchart, the network controller 207 establishes a new connection with the programmable network switch 201, in this step, the network controller 207 establishes a control connection with one or more programmable network switches 201 through the management network 206 via the control plane network interface module 203, and then step S302 is performed to check whether the programmable network switch 201 has established the traffic classification matching rule.
Step S302 checks whether the programmable network switch 201 has established a traffic classification matching rule, the network controller 207 first checks whether the programmable network switch 201 has established a traffic classification matching rule, if so, the packet enters the programmable network switch 201 and then is classified and matched, if so, the packet enters step S304 and then is forwarded and the packet number and traffic flow are counted; otherwise, the unadjusted packet is notified from the programmable network switch 201 to the network controller 207 that the traffic classification matching rule is not established, and step S303 is executed to establish the traffic classification matching rule on the programmable network switch 201 through the network controller 207.
In the step S303, in the process of establishing the traffic classification matching rule in a programmable manner through the network controller 207, the network controller 207 performs a decision on the traffic classification matching rule for the packets that are not matched, determines the traffic classification matching rule to be written into the programmable network switch 201, writes the traffic classification matching rule into the programmable network switch 201 after the decision, and returns to the step S302 again to check whether the traffic classification matching rule is established in the programmable network switch 201, and checks whether the traffic classification matching rule is successfully written.
Step S304, after the packets are combined, packet forwarding is carried out and the number of the packets and the traffic flow are counted, after the packets enter the traffic classification combination module 211 for combination, the packets are processed according to the packet processing method defined on the traffic classification combination rule, the processing method comprises the actions of modifying the header of the packets, forwarding the packets and discarding the packets, each successfully combined packet is counted by the traffic counting module 212 connected with the traffic classification combination module 211 and comprises the packet flow of combination, the total traffic flow and the like, and then the flow enters the real-time traffic collection and analysis method.
Referring to fig. 4, in step S401 of the real-time traffic collection and analysis method flowchart, the traffic collection module 213 sends a traffic information request through the api module 208 on the network controller 207, and in this step, the traffic collection module 213 of the real-time traffic collection and analysis module 210 sends a specific traffic information request through the api module 208 on the network controller 207 at regular time intervals, and the regular time intervals may be adjusted according to the traffic information request of the application program, and the shortest settable time interval is every five seconds. The network controller 207 receives the traffic demand and forwards the demand to the programmable network switch 201 to obtain the traffic information.
In the classification method of checking whether the programmable network switch 201 has a requirement in step S402, the programmable network switch 201 checks whether there is a required traffic classification matching rule according to the requirement sent by the network controller 207, and if there is the traffic classification matching rule, step S404 is entered to return the real-time traffic statistic information to the traffic collection module 213 through the network controller 207; otherwise, it returns a message indicating that the traffic classification matching rule does not exist, and proceeds to step S403 to establish the traffic classification matching rule on the programmable network switch 201 through the network controller 207.
In step S403, in establishing the traffic classification matching rule on the programmable network switch 201 through the network controller 207, the network controller 207 determines again the traffic classification matching rule suitable for the real-time traffic collection requirement, and writes the determined traffic classification matching rule into the traffic classification matching module 211 on the programmable network switch 201, and returns to step S401 where the traffic collection module 213 sends the traffic information requirement through the application programming interface module 208 on the network controller 207.
Step S404 returns the real-time traffic statistics information to the traffic collection module 213 through the network controller 207, and after the programmable network switch 201 obtains the traffic information from the traffic classification matching module 211 and the traffic statistics module 212, the programmable network switch returns the traffic classification matching rules, the matching packet amount, the traffic flow and other traffic information to the real-time traffic collection and analysis module 210 through the network controller 207, and the traffic collection module 213 therein receives the traffic information and stores the traffic information into the database module 214 in step S405.
In step S405, the traffic information is stored in the database module 214, the traffic collection module 213 stores the traffic information into the database module 214 according to different traffic classification modes, stores data including packet amount, traffic flow, time tag, and the like, and then enters the next time interval, and returns to step S401, where the traffic collection module 213 sends a traffic information request through the application programming interface module 208 on the network controller 207, that is, continues to perform the next traffic collection operation; if the traffic analysis is required, step S406 is performed, and the traffic analysis module 215 obtains the traffic information from the database module 214 for analysis.
In step S406, the traffic analysis module 215 obtains the traffic information from the database module 214 for analysis, and the traffic analysis module 215 obtains various classified returned traffic information from the database module 214, because the collected traffic information has short intervals, the traffic analysis module 215 can present real-time and accurate traffic statistics information, and correctly analyze the network usage and abnormal network behavior for the reference of the network administrator.
Compared with other prior art, the real-time traffic collection and analysis system and method provided by the invention have the following advantages:
1. the invention provides various ways for collecting classification and matching of traffic, such as classification and matching ways of MAC, VLAN, IP, DSCP, TCP and the like, and provides a system for analyzing traffic to present more diversified traffic information.
2. The invention can save the package reading component, directly obtain the pre-classified and mediated traffic information from the flow-based traffic statistic method on the programmable exchanger, provide an accurate and real-time traffic collection mode, discover abnormal surge from the traffic statistics and reflect the abnormal condition of the traffic in real time.
3. The data plane of the invention also belongs to a distributed plane, and the real-time traffic collection and analysis module can obtain wide-range network traffic information through a centralized control plane.
The above detailed description is specific to the preferred embodiment of the present invention, but the embodiment is not intended to limit the scope of the present invention, and all equivalent implementations or modifications that do not depart from the technical spirit of the present invention should be included in the scope of the present invention.
In conclusion, the present invention has been made in an innovative manner in the technical idea and has various functions beyond the prior art, and fully meets the statutory patent requirements of novelty and creativity, so that the patent application is legally filed to solicit the noble office to approve the patent application for invention.

Claims (5)

1. A real-time traffic collection and analysis system, comprising:
a plurality of programmable network switches for processing a plurality of packets;
a network controller, which is connected with the programmable network switches through a management network and manages and monitors the programmable network switches;
a real-time traffic collection and analysis module, which is connected to the network controller and used for real-time traffic collection and analysis;
wherein each of the plurality of programmable network switches comprises:
a traffic classification matching module, which stores multiple traffic classification matching rules to match the multiple packets;
a traffic statistic module connected with the traffic classification media module and generating a traffic information;
a data plane network interface module, which forwards the packets to the data plane network;
a control plane network interface module, the traffic classification matching module is connected to the network controller through the control plane network interface module;
the network controller includes one application program interface module to make the application program send out the command of managing and monitoring the programmable network exchangers to the network controller via the application program interface module;
wherein the real-time traffic collection and analysis module comprises:
a traffic collection module for collecting the traffic information in the multiple programmable network switches in real time through the network controller;
a database module for storing the collected traffic information; and
and the traffic analysis module analyzes the traffic information stored in the database module.
2. The real-time traffic volume gathering and analyzing system of claim 1, wherein the plurality of traffic classification matching rules comprise at least one packet classification setting and at least one packet processing action, wherein:
the message classification matching module classifies the packets according to the header contents of the second layer to the fourth layer of the network in the packet classification setting and the entity port numbers of the received packets; and
the message classification matching module forwards the packet, discards the packet and changes the header contents from the second layer to the fourth layer of the network according to the packet processing action.
3. The real-time traffic aggregation and analysis system according to claim 1, wherein the traffic information includes a total number of unicast packets, a total traffic flow of the unicast packets, the plurality of traffic classification rules, and a total time tag for the plurality of traffic classification rules.
4. A real-time traffic collection and analysis method includes the following steps:
a real-time traffic collection and analysis module, a traffic collection module sends a traffic information request through an application programming interface module on a network controller, the network controller transfers the traffic information request to a programmable network exchanger to obtain a traffic information;
the programmable network exchanger checks whether there is a corresponding traffic classification matching rule according to the traffic information requirement sent by the network controller, if yes, the network controller returns the traffic information to the traffic collection module, if no, the network controller establishes the traffic classification matching rule on the programmable network exchanger;
the network controller writes the traffic classification matching rule into a traffic classification matching module on the programmable network exchanger, and the traffic collection module sends the traffic information requirement through the application programming interface module of the network controller again;
the programmable network exchanger gets the information from the classification media module and a statistic module, and then sends it back to the real-time information collecting and analyzing module through the network controller, and the information is received by the collecting module and stored in a database module;
the traffic collection module sends the traffic information demand through the application programming interface module; and
a traffic analysis module in the real-time traffic collection and analysis module obtains the traffic information from the database module for real-time analysis.
5. The real-time traffic collection and analysis method of claim 4, wherein the traffic collection module performs steps comprising:
transmitting the traffic collection requirement to the programmable network switch through the application programming interface module on the network controller to obtain the traffic information;
retrieving the traffic information from the traffic classification matching module and the traffic statistics module on the programmable network switch; and
the database module stores the traffic information.
CN201610813619.3A 2016-09-09 2016-09-09 Real-time traffic collection and analysis system and method Active CN107809344B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610813619.3A CN107809344B (en) 2016-09-09 2016-09-09 Real-time traffic collection and analysis system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610813619.3A CN107809344B (en) 2016-09-09 2016-09-09 Real-time traffic collection and analysis system and method

Publications (2)

Publication Number Publication Date
CN107809344A CN107809344A (en) 2018-03-16
CN107809344B true CN107809344B (en) 2021-01-22

Family

ID=61569654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610813619.3A Active CN107809344B (en) 2016-09-09 2016-09-09 Real-time traffic collection and analysis system and method

Country Status (1)

Country Link
CN (1) CN107809344B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013027920A1 (en) * 2011-08-24 2013-02-28 (주)케이티 Distribution system for analyzing high-capacity traffic in real time, and method for analyzing traffic in real time in distribution system
CN103607348A (en) * 2013-11-27 2014-02-26 北京邮电大学 Virtual network flow classifying method based on OpenFlow protocol
CN104935604A (en) * 2015-06-29 2015-09-23 南京邮电大学 Open Flow protocol-based SDN firewall system and method
CN104933357A (en) * 2015-06-01 2015-09-23 国家电网公司 Flooding attack detection system based on data mining
WO2015194604A1 (en) * 2014-06-18 2015-12-23 日本電信電話株式会社 Network system, control apparatus, communication apparatus, communication control method, and communication control program
CN105553769A (en) * 2015-12-15 2016-05-04 北京奇虎科技有限公司 Data collecting-analyzing system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140301226A1 (en) * 2013-04-09 2014-10-09 Electronics And Telecommunications Research Institute Apparatus and method for network monitoring and packet inspection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013027920A1 (en) * 2011-08-24 2013-02-28 (주)케이티 Distribution system for analyzing high-capacity traffic in real time, and method for analyzing traffic in real time in distribution system
CN103607348A (en) * 2013-11-27 2014-02-26 北京邮电大学 Virtual network flow classifying method based on OpenFlow protocol
WO2015194604A1 (en) * 2014-06-18 2015-12-23 日本電信電話株式会社 Network system, control apparatus, communication apparatus, communication control method, and communication control program
CN104933357A (en) * 2015-06-01 2015-09-23 国家电网公司 Flooding attack detection system based on data mining
CN104935604A (en) * 2015-06-29 2015-09-23 南京邮电大学 Open Flow protocol-based SDN firewall system and method
CN105553769A (en) * 2015-12-15 2016-05-04 北京奇虎科技有限公司 Data collecting-analyzing system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
视频监控系统软件平台及运动目标检测算法研究;文锦松;《中国优秀硕士学位论文全文数据库 信息科技辑》;20091115;全文 *

Also Published As

Publication number Publication date
CN107809344A (en) 2018-03-16

Similar Documents

Publication Publication Date Title
US8848528B1 (en) Network data flow collection and processing
US20090238088A1 (en) Network traffic analyzing device, network traffic analyzing method and network traffic analyzing system
US20010052011A1 (en) Network traffic monitoring system and monitoring method
US10652154B1 (en) Traffic analyzer for autonomously configuring a network device
US10924374B2 (en) Telemetry event aggregation
CN101933290A (en) Method for configuring acls on network device based on flow information
CN110855493B (en) Application topological graph drawing device for mixed environment
CN101626323A (en) Method and device for monitoring network data flow
CN111314179A (en) Network quality detection method, device, equipment and storage medium
WO2016169121A1 (en) Link analysis method, device and system
CN113347258A (en) Method and system for data acquisition, monitoring and analysis under cloud flow
KR20220029142A (en) Sdn controller server and method for analysing sdn based network traffic usage thereof
JP6764313B2 (en) Immediate traffic collection / analysis system and method
CN114422309A (en) Method for analyzing service message transmission effect based on abstract feedback comparison mode
CN107809344B (en) Real-time traffic collection and analysis system and method
CN112995358A (en) Large-scale network address translation traffic identification method and device and computer equipment
CN115766471B (en) Network service quality analysis method based on multicast flow
CN114095383B (en) Network flow sampling method and system and electronic equipment
TWI581590B (en) Real - time traffic collection and analysis system and method
CN112291076A (en) Packet loss positioning method, device and system and computer storage medium
KR101222209B1 (en) Combined system for collecting/analyzing internet protocol packet and method thereof
CN116319468B (en) Network telemetry method, device, switch, network, electronic equipment and medium
EP4142250A1 (en) Flow characteristic extraction method and apparatus
EP4250668A1 (en) Traffic table sending method and related apparatus
US20210014138A1 (en) Data transmission method and related apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant