CN109525509A - Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing - Google Patents
Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN109525509A CN109525509A CN201710850154.3A CN201710850154A CN109525509A CN 109525509 A CN109525509 A CN 109525509A CN 201710850154 A CN201710850154 A CN 201710850154A CN 109525509 A CN109525509 A CN 109525509A
- Authority
- CN
- China
- Prior art keywords
- packet capturing
- network interface
- interface card
- packet
- mirror image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
- H04L49/9063—Intermediate storage in different physical parts of a node or terminal
- H04L49/9068—Intermediate storage in different physical parts of a node or terminal in the network interface card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing.The mirror image packet snapping method is the following steps are included: configure mapping block, and will carry out the associated configuration with the mapping block to packet capturing network interface card and mirror port;The mirror image to packet capturing network interface card is generated in mirror port by mapping block;Packet capturing is carried out to the mirror image in mirror port, obtains the message of mirror port.This method is not can be under the premise of increasing additional external equipment and not changing the setting of original external network, physical host is enabled directly to grab the message for the network interface card not connected directly, can network interface card carry when virtual machine to network interface card carry out packet capturing, so as to effectively be analyzed network failure or carried out data monitoring.
Description
Technical field
The present invention relates to technical field of network information more particularly to a kind of network interface card mirror image packet snapping methods, terminal and readable
Storage medium.
Background technique
In computer technology and web-information technology, as soon as packet capturing is a very very common and useful technology, packet capturing technology
Be the data packet for sending and receiving network transmission intercepted and captured, retransmitted, being edited, the operation such as unloading, and can be used by packet capturing
Check network security or analysis flow etc., therefore packet capturing is that a practical value is very high, and little using difficulty
Technology.But in a virtual machine environment, physical host can not directly carry out packet capturing to the network interface card not connected directly, if thinking
Packet capturing is carried out in virtual machine or other network interface cards not being directly connected to physical host to carry, then needs additional external equipment
Or change the setting of original outside network device, the cost of packet capturing is thus then increased, operability is reduced, and
Also there are certain technical requirements to operator.
Summary of the invention
The main purpose of the present invention is to provide a kind of network interface card mirror image packet snapping methods, it is intended to solve physical host in virtual machine
The problem of can not carrying out packet capturing to the network interface card not being directly connected to physical host when carrying out packet capturing in environment.
To achieve the above object, the present invention provides a kind of network interface card mirror image packet snapping method, the mirror image packet snapping method include with
Lower step:
Mapping block is configured, and will be to the associated configuration of packet capturing network interface card and mirror port progress and the mapping block;
The mirror image to packet capturing network interface card is generated in mirror port by mapping block;
Packet capturing is carried out to the mirror image in mirror port, obtains the message of mirror port.
Optionally, described to be wrapped the step of carrying out the associated configuration with the mapping block with mirror port to packet capturing network interface card
It includes:
The port that selected physical host can directly carry out packet capturing is mirror port.
Optionally, the step of mirror image generated in mirror port by mapping block to packet capturing network interface card includes:
The message to packet capturing network interface card is obtained, message is mapped to by mirror port by mapping block.
Optionally, the step of mirror image in mirror port carries out packet capturing, obtains the message of mirror port include:
After receiving packet capturing instruction, packet capturing is carried out to mirror port by default packet catcher based on physical host.
Optionally, it is wrapped after described the step of carrying out packet capturing to mirror port by default packet catcher based on physical host
It includes:
Packet capturing duration is recorded, and is compared with default packet capturing duration, according to the ratio of packet capturing duration and default packet capturing duration
Result is controlled whether to stop packet capturing.
Optionally, the comparison result according to packet capturing duration and default packet capturing duration controls whether the step of stopping packet capturing
Include: later
When packet capturing duration is less than default packet capturing duration, then persistently packet capturing;
When packet capturing duration is greater than or equal to default packet capturing duration, then stop packet capturing.
Optionally, described when packet capturing duration is greater than or equal to default packet capturing duration, then it is wrapped after the step of stopping packet capturing
It includes:
The message that the packet capturing obtains is stored in default local path after stopping packet capturing.
Optionally, described when packet capturing duration is greater than or equal to default packet capturing duration, then after the step of stopping packet capturing also
Include:
Preset far-end address is sent by network by the message that the packet capturing obtains after stopping packet capturing.
In addition, to achieve the above object, the present invention also provides a kind of mobile terminal, the mobile terminal include: memory,
Processor and the network interface card mirror image packet capturing program that is stored on the memory and can run on the processor, the network interface card mirror
The step of network interface card mirror image packet snapping method as described above is realized when being executed as packet capturing program by the processor.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
Network interface card mirror image packet capturing program is stored on storage medium, the network interface card mirror image packet capturing program realizes institute as above when being executed by processor
The step of network interface card mirror image packet snapping method stated.
Network interface card mirror image packet snapping method proposed by the present invention passes through the mapping being arranged in trawl performance in a virtual machine environment
Module realizes that the network interface card that can not directly carry out packet capturing to physical host carries out port mapping, then by port mapping at mirror image end
The mirror image of network interface card is generated in mouthful, last physical host by carrying out packet capturing to mirror port, obtains the message of mirror port, reach again
It has arrived in a virtual machine environment to the purpose of the packet capturing of network interface card.The present invention in trawl performance by adding mapping block, then sets
Setting physical host and can directly carrying out the network interface card of packet capturing is mirror port, and it is sightless to physical host wait grab then to cross mapping block
Packet network interface card carry out Port Mirroring, into mirror port, will then make to the message mirror of packet capturing network interface card physical host by pair
Mirror port packet capturing obtains the message to packet capturing network interface card.Therefore by mapping block, by script physical host it is sightless to
Packet capturing network interface card and physical host have carried out indirect connection, and solving physical host in virtual machine environment can not be to invisible network interface card
The problem of direct packet capturing, and without increasing additional external equipment, and integrated operation difficulty is low, strong operability.
Detailed description of the invention
Fig. 1 be the hardware running environment that the embodiment of the present invention is related to terminal apparatus structure schematic diagram;
Fig. 2 is the flow diagram of one embodiment of network interface card mirror image packet snapping method of the present invention;
Fig. 3 is the refinement flow diagram of step S30 in another embodiment of network interface card mirror image packet snapping method of the present invention;
Fig. 4 is the usage scenario schematic diagram of the network interface card mirror image packet capturing method prior art of the present invention;
Fig. 5 is the usage scenario schematic diagram of network interface card mirror image packet snapping method of the present invention;
Fig. 6 is that a typical scene of network interface card mirror image packet snapping method of the present invention is illustrated;
Fig. 7 is the flow chart that a typical scene of network interface card mirror image packet snapping method of the present invention is illustrated;
Fig. 8 is that the another typical scene of network interface card mirror image packet snapping method of the present invention is illustrated;
Fig. 9 is the flow chart that the another typical scene of network interface card mirror image packet snapping method of the present invention is illustrated;
Figure 10 is that another typical scene of network interface card mirror image packet snapping method of the present invention is illustrated;
Figure 11 is the flow chart that another typical scene of network interface card mirror image packet snapping method of the present invention is illustrated.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
As shown in Figure 1, Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be PC, be also possible to smart phone, tablet computer, E-book reader, MP3
(Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio level 3)
Player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard sound
Frequency level 3) the packaged type terminal device having a display function such as player, portable computer.
As shown in Figure 1, the terminal may include: processor 1001, such as CPU, network interface 1004, user interface
1003, memory 1005, communication bus 1002.Wherein, communication bus 1002 is for realizing the connection communication between these components.
User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user interface
1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include that the wired of standard connects
Mouth, wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, be also possible to stable memory
(non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processor
1001 storage device.
Optionally, terminal can also include camera, RF (Radio Frequency, radio frequency) circuit, sensor, audio
Circuit, WiFi module etc..Wherein, sensor such as optical sensor, motion sensor and other sensors.Specifically, light
Sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can according to the light and shade of ambient light come
The brightness of display screen is adjusted, proximity sensor can close display screen and/or backlight when mobile terminal is moved in one's ear.As
One kind of motion sensor, gravity accelerometer can detect the size of (generally three axis) acceleration in all directions, quiet
Size and the direction that can detect that gravity when only, the application that can be used to identify mobile terminal posture are (such as horizontal/vertical screen switching, related
Game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;Certainly, mobile terminal can also match
The other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor are set, details are not described herein.
It will be understood by those skilled in the art that the restriction of the not structure paired terminal of terminal structure shown in Fig. 1, can wrap
It includes than illustrating more or fewer components, perhaps combines certain components or different component layouts.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium
Believe module, Subscriber Interface Module SIM and network interface card mirror image packet capturing program.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server
Data communication;User interface 1003 is mainly used for connecting client (user terminal), carries out data communication with client;And processor
1001 can be used for calling the network interface card mirror image packet capturing program stored in memory 1005, and execute following operation:
Mapping block is set with physical host order transmitting terminal in trawl performance;
Be arranged packet capturing switch and default packet capturing duration;
The mirror port of the network interface card of packet capturing is needed by mapping block configuration, and the network interface card is grabbed according to packet capturing duration
Mirror image message.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
Selected mirror port, the mirror port are the port that physical host can directly carry out packet capturing.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
The message to packet capturing network interface card is obtained, message is mapped to by mirror port by mapping block.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
After receiving packet capturing instruction, packet capturing is carried out to mirror port by default packet catcher based on physical host.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
Packet capturing duration is recorded, and is compared with default packet capturing duration, according to the ratio of packet capturing duration and default packet capturing duration
Result is controlled whether to stop packet capturing.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
When packet capturing duration is less than default packet capturing duration, then persistently packet capturing;
When packet capturing duration is greater than or equal to default packet capturing duration, then stop packet capturing.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
The message that the packet capturing obtains is stored in default local path after stopping packet capturing.
Further, processor 1001 can call the network interface card mirror image packet capturing program stored in memory 1005, also execute
It operates below:
Preset far-end address is sent by network by the message that the packet capturing obtains after stopping packet capturing.
The present invention provides a kind of Network Mirror packet snapping method.
In network interface card mirror image packet capturing section method first embodiment of the present invention, referring to Fig. 3, network interface card mirror image packet snapping method includes:
Step S10, configures mapping block, and by being associated with to the progress of packet capturing network interface card and mirror port and the mapping block
Configuration;
Specifically, (meaning of addition is addition mapping block, through software in trawl performance first in trawl performance
Increase mapping block, make it have corresponding function), mapping block will be associated to packet capturing network interface card with mirror port,
By mapping block, mirror port can treat packet capturing network interface card and carry out mirror image.
Step S20 generates the mirror image to packet capturing network interface card by mapping block in mirror port;
Specifically, trawl performance can get the message to packet capturing network interface card first, then will be to packet capturing by mapping block
The message of network interface card maps in mirror port, and then mirror port regenerates the mirror image to packet capturing network interface card.
Step S30 carries out packet capturing to the mirror image in mirror port, obtains the message of mirror port.
Specifically, mirror port is different to packet capturing network interface card, and mirror port is that physical host can be checked directly (i.e. excessively
The port data can be directly acquired) a PCI (Peripheral Component Interconnect, external components are mutual
Even standard) equipment, therefore physical host can carry out packet capturing to mirror port, and the message of mirror port is to pass through mapping
The mirror image message to packet capturing network interface card that module generates, therefore the message for obtaining mirror port can be considered acquisition to packet capturing network interface card
Message.
Mapping block is configured in trawl performance first, and mapping block can reflect the message to packet capturing network interface card
It penetrates, is mapped in mirror port, to generate the mirror image to packet capturing network interface card in mirror port.And to packet capturing network interface card due to not straight
It connects and is connect with physical host, therefore physical host can not directly treat packet capturing network interface card and carry out packet capturing, but physical host can lead to
It crosses the packet catchers such as TcpDump and packet capturing directly is carried out to mirror port, and the message in mirror port is by reflecting to packet capturing network interface card
It penetrates, therefore is identical with the message to packet capturing network interface card, therefore the message for obtaining mirror port can be considered and obtain
To the message of packet capturing network interface card, that is, complete the packet capturing for treating packet capturing network interface card.
It has found broad application in computer technology in virtualization technology at present, such as network interface card passes through SR-IOV
(Single-root I/O virtualization, single I/O virtualization) realizes multiple Microsoft Loopback Adapter (VF, Virtual
Function), each virtual machine (VM, Virtual Machine) distributes a certain number of Microsoft Loopback Adapters according to demand, then each
Microsoft Loopback Adapter be a PCI true (Peripheral Component Interconnect Express, it is quickly outer
If component interconnects), for the equipment through the direct carry of hardware-switch of network interface card itself in virtual machine, virtual machine can check it certainly
The device PCI of body carry, but this physical host can't load this device PCI, therefore physics for cloud platform
Host then cannot achieve in the port packet capturing (schematic diagram of a scenario such as Fig. 4) to the device PCI.
Desired to solve the problems, such as packet capturing of the physical host for network interface card in a virtual machine environment, how first have to solve makes object
Reason host can check (or being attached, refer to that foundation can make physical host complete the incidence relation to network interface card packet capturing) not
Network interface card connected to it, it is however generally that be by increasing external equipment or modifying the setting of outside network device by operator
To reach the purpose.But current method has and increases additional use cost (increasing additional external equipment), right
The drawbacks such as the technical requirements of operator higher (setting for changing outside network device), increase the packet capturing cost of user.
Thus port message to packet capturing network interface card is mapped to by the present invention then by increasing mapping block in trawl performance
In mirror port (mirror port is the network interface card port that physical host can directly carry out packet capturing), then there is mirror image in mirror port
The message to packet capturing network interface card.Physical host then can obtain the report of mirror port by carrying out packet capturing to mirror port at this time
Text, since the message of mirror port is to wait for packet capturing network interface card by mirror image and obtain, the message of mirror port with to packet capturing network interface card
Message be identical, therefore physical host is by carrying out packet capturing and report of the indirect gain to packet capturing network interface card to mirror port
Text, therefore be equivalent to by adding mapping block in trawl performance, so that physical host and to be established between packet capturing network interface card
Indirect connection relationship, to realize the packet capturing (usage scenario schematic diagram such as Fig. 5 of the present invention) for treating packet capturing network interface card.
Packet capturing is one of most common technology in current network communication technology, and packet capturing is to send and receive network transmission
The operations such as data packet intercepted and captured, retransmitted, edited, unloading are commonly used to check network security or carry out interception prison to data
Control.It is further after acquisition data packet by the data packet mutually transmitted between packet capturing acquisition network especially in network safety filed
The content of data packet is analyzed, judge data packet whether include menace network safety content.In addition to this, in software
In exploitation also software test can be carried out by packet capturing.After finding the problem, data flow, the log etc. of mistake are obtained by packet capturing
Data, tester can be by reappearing mistake, the modes orientation problem such as data intercept.
In practice, the application scenarios of packet capturing also have various different situations, and the following are several typical application scenarios
Be briefly described and process: Fig. 6 is described at the same physical host HOST, virtual machine VM2 pass through Microsoft Loopback Adapter VF2 (mirror
As port) grab the scene of the message of the port Microsoft Loopback Adapter VF1 (to packet capturing network interface card) in virtual machine VM1.Fig. 7 is then in Fig. 6
In connection relationship under scene, in virtual machine VM1 Microsoft Loopback Adapter VF1 (to packet capturing network interface card) with it is virtual under the same physical host
The packet capturing interactive process of machine VM2 (mirror port);Fig. 8 describe physical host HOST by with remove the Microsoft Loopback Adapter VF2 connecting
(mirror port) grabs the scene of Microsoft Loopback Adapter VF1 (to packet capturing network interface card) message in virtual machine VM1 by mirror port.Fig. 9 description
In the connection relationship under Fig. 8 scene, the Microsoft Loopback Adapter VF2 (mirror port) in physical host HOST grabs virtual machine VM1
In Microsoft Loopback Adapter VF1 (to packet capturing network interface card) packet capturing interactive process;Figure 10 describes physical host HOST and virtual machine VM2,
By OVS bridge mirror image and Microsoft Loopback Adapter VF2 (mirror port), mirror image grabs the Microsoft Loopback Adapter VF1 in virtual machine VM1 (to packet capturing net
Card) message scene.Figure 11 is described in the connection relationship under Figure 10 scene, in physical host HOST and virtual machine VM2
Friendship of the Microsoft Loopback Adapter VF2 (mirror port) to Microsoft Loopback Adapter VF1 (to packet capturing network interface card) mirror image packet capturing in another virtual machine VM1
Mutual process.
The present invention will need the Network card setup of packet capturing into trawl performance by the way that mapping block is arranged in trawl performance,
And image feature is completed by trawl performance, and host then can be by dedicated packet catcher (TcpDump etc.) to mirror port
Message is grabbed, and the packet capturing of itself Microsoft Loopback Adapter is asked to solve the virtual machine of SR-IOV network interface card in a virtual machine environment
Topic.By the invention it is possible in the case where not increasing additional external equipment and not changing external setting configuration
Complete the packet capturing for Microsoft Loopback Adapters all in virtual machine port.And it is low using difficulty, it is easy to use, and by network interface card
The fault location of network data exception is realized in mirror image packet capturing, and to important operations such as the traffic monitorings of network.
Further, step S10 will be carried out and the associated configuration of the mapping block to packet capturing network interface card and mirror port
Step includes:
Step S11, selectes mirror port, and the mirror port is the port that physical host can directly carry out packet capturing.
Specifically, in order to be got by mirror port to the message in packet capturing network interface card port, mirror port needs
It can be loaded by physical host, i.e., physical host can carry out packet capturing to mirror port.
After setting mapping block in trawl performance, need to select a network interface card port as mirror port, and
Mirror port is and physical host to be made to obtain the message in the mirror image by packet capturing to store the mirror image to packet capturing network interface card,
Therefore mirror port is that mirror port can be loaded by physical host from the place different to packet capturing network interface card and (is to packet capturing network interface card
What physical host can not load, therefore physical host can not treat packet capturing network interface card and directly carry out packet capturing), so that physical host can
Packet capturing directly is carried out to mirror port, obtains the message in mirror port.Made by selecting the port that physical host can load
For mirror port, physical host is enabled directly to carry out packet capturing to mirror port, to quickly obtain in mirror port
Message.
Further, step S20, the step of generating the mirror image to packet capturing network interface card in mirror port by mapping block, wrap
It includes:
Step S21 obtains the message to packet capturing network interface card, message is mapped to mirror port by mapping block.
Specifically, when treating packet capturing network interface card progress mirror image by mapping block, mapped port can be got to packet capturing first
The data that network interface card sends and receives, the data that then will acquire are sent in mirror port, and are generated in mirror port
Mirror image to packet capturing network interface card.Treat mapping block to packet capturing network interface card carry out mirror image, be substantially exactly treat packet capturing network interface card receive with
The data of transmission are replicated, and the data of duplication are sent to mirror port so that the data in mirror port with to
Packet capturing network interface card it is identical.
By mapping block, can will be received to packet capturing network interface card and be sent to mirror port with the data sent, with generate to
The mirror image of packet capturing network interface card.Mirror port after completing mirror image, physical host can be got by packet capturing in mirror port to
The mirror image of packet capturing network interface card, so that physical host realizes the packet capturing for treating packet capturing network interface card.
Further, such as Fig. 3, step S30, packet capturing is carried out to the mirror image in mirror port, obtains the message of mirror port
The step of include:
Step S31 grabs mirror port by default packet catcher based on physical host after receiving packet capturing instruction
Packet.
Specifically, mirror port is completed after treating the mirror image of packet capturing net A Kui, in the packet capturing for receiving physical host transmission
When instruction, physical host then passes through packet catcher and grabs to the mirror image message in mirror port, to obtain the report of needs
Text.
After setting the mirror image message for needing the network interface card of packet capturing in mirror port, physical host can then need packet capturing
When by trawl performance obtain target network interface card mirror image message.By packet catcher, (such as TcpDump etc. is grabbed physical host
Job contract tool) crawl mirror port message.
There is register inside SR-IOV network interface card itself, the mirror image of source purpose can be set, but since what is do not driven connects
Mouth and realization, therefore physical host can not arbitrarily carry out the packet capturing to network interface card, and the present invention in trawl performance by establishing
Mapping block, and the bridge between physical host and the target network interface card for needing packet capturing is established by mapping block.Therefore it solves
The problem of physical host directly can not be checked to the Microsoft Loopback Adapter of carry on a virtual machine and (carry out the operation such as packet capturing), physics
Host is by checking trawl performance, and trawl performance completes the mirror image packet capturing to network interface card by mapping block, to realize
Mirror image packet capturing to network interface card.
Further, such as Fig. 3, step S31, packet capturing is carried out to mirror port by presetting packet catcher based on physical host
Include: after step
Step S32 records packet capturing duration, and is compared with default packet capturing duration, according to packet capturing duration and default packet capturing
The comparison result of duration controls whether to stop packet capturing.
Specifically, when starting packet capturing, the packet capturing time started is recorded, during packet capturing carries out, current time, which subtracts, is grabbed
Packet the time started packet capturing duration can be obtained, packet capturing duration and default packet capturing duration are compared, come determine whether to continue into
Row packet capturing, so as to accurately control the data volume of this packet capturing.
Packet capturing be exactly the data packet for sending and receiving network transmission intercepted and captured, retransmitted, being edited, the operation such as unloading, because
The target of this packet capturing is data, and with the increase of packet capturing duration, the data volume of packet capturing can also increase therewith.And the increasing of data volume
Add meeting so that the occupied resource of the message of crawl increases, and excessively huge data are also unfavorable for subsequent interpretation.Therefore
The data grabbed are controlled in suitable size, can either disposably get enough data volumes in this way, and will not be because of
The problems such as excessively huge caused occupancy resource of data is excessive, and reading speed is slow.It, then can be with and by the control to packet capturing duration
Achieve the purpose that the amount of control crawl data then shows to have grabbed foot when packet capturing duration reaches preset packet capturing duration
The message of enough evidences needs to stop packet capturing at this time, in order to avoid the message data of crawl is excessively huge, degree storage and reading are caused not
Just.
Further, step S32 controls whether to stop packet capturing according to the comparison result of packet capturing duration and default packet capturing duration
The step of after include:
Step S33, when packet capturing duration is less than default packet capturing duration, then persistently packet capturing;
Step S34 then stops packet capturing when packet capturing duration is greater than or equal to default packet capturing duration.
Specifically, packet capturing duration determines the total amount of data of this packet capturing, preset duration be according to packet capturing demand with it is soft or hard
Part conditional decision, after setting preset duration, controlled whether according to the relationship of the packet capturing duration of record and preset duration
Stop packet capturing.
The data volume that packet capturing obtains increases with the increase of packet capturing duration, and needs to grab the how many data in port then root
It is adjusted according to different situations.If the data volume of crawl is very little, then the purpose of carrying out data monitoring or network security
It is that may lead to not obtain accurate information due to data deficiencies.If the data volume of crawl is too many, then may lead
Storage or transmission inconvenience is caused even to fail, and excessive data can only make efficiency of the user when analyzing become
It is low, and precision of analysis can not be obviously improved.After default packet capturing duration thus is set according to specific demand, grab
Packet capturing duration is compared Bao Shihui with default packet capturing duration, is determined by comparison result and continues packet capturing or stopping packet capturing,
So as to be accurately controlled the data volume of port crawl.
Further, then stop packet capturing when packet capturing duration is greater than or equal to default packet capturing duration such as Fig. 3, step S34
The step of after include:
The message that the packet capturing obtains is stored in default local path by step S341 after stopping packet capturing.
After packet capturing, the port data (i.e. the message of packet capturing acquisition) that will acquire is locally stored, stores path
For preset local path.
After packet capturing, the message of acquisition needs the local path of a specified storage, so that message is locally stored
In.It is locally stored to enable a technician to preferably locally using the message of crawl, specifying a locally-stored road
Diameter be it is necessary, technical staff can then get locally-stored message according to specified path when needed, to realize
The work such as the analysis to local data.
Further, step S34, when packet capturing duration is greater than or equal to default packet capturing duration, then the step of stopping packet capturing
Further include:
Step S342 sends preset far-end address by network for the message that the packet capturing obtains after stopping packet capturing.
Specifically, other than the message of crawl is stored in specified local path, can also be arranged the message of crawl
It is sent to far-end address, to realize the long-range monitoring and analysis to network data of technical staff.
In network monitoring or network safety filed, it is however generally that a small amount of manager device can be set for entire net
Equipment in network is monitored and manages.And technical staff can unify to carry out all devices in network by manager device
Management, but manager device needs to get the packet capturing data of other equipment in network, and in order to obtain administrator
The device port data for needing to be monitored into whole network are then needed through the port progress packet capturing to equipment, and
The port data that will acquire after packet capturing is sent to far-end address (the far-end address i.e. computer address of administrator), to realize
The computer operations such as long-range monitoring.Network interface card mirror image packet snapping method of the present invention in addition to can by packet capturing data storage in local other than,
The address that packet capturing data are sent to distal end by network can also be set, in this way, which technical staff can then pass through management
Member's equipment is unified to be managed the equipment in network.
The present invention also provides the terminals with a kind of network interface card mirror image packet snapping method.
Terminal the present invention is based on network interface card mirror image packet snapping method includes: memory, processor and is stored in the memory
Network interface card mirror image packet capturing program that is upper and can running on the processor, the network interface card mirror image packet capturing program are held by the processor
Network interface card mirror image packet snapping method step as described above is realized when row.
Wherein, the network interface card mirror image packet capturing program run on the processor, which is performed realized method, can refer to this
The each embodiment of invention network interface card mirror image packet snapping method, details are not described herein.
Furthermore the embodiment of the present invention also proposes a kind of computer readable storage medium.
Network interface card mirror image packet capturing program, the network interface card mirror image packet capturing program are stored on computer readable storage medium of the present invention
The step of network interface card mirror image packet snapping method as described above is realized when being executed by processor.
Wherein, the network interface card mirror image packet capturing program run on the processor, which is performed realized method, can refer to this
The each embodiment of invention network interface card mirror image packet snapping method, details are not described herein.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, service
Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of network interface card mirror image packet snapping method, which is characterized in that the mirror image packet snapping method the following steps are included:
Mapping block is configured, and will be to the associated configuration of packet capturing network interface card and mirror port progress and the mapping block;
The mirror image to packet capturing network interface card is generated in mirror port by mapping block;
Packet capturing is carried out to the mirror image in mirror port, obtains the message of mirror port.
2. network interface card mirror image packet snapping method as described in claim 1, which is characterized in that it is described will be to packet capturing network interface card and mirror port
Carry out and the mapping block associated configuration the step of include:
Selected mirror port, the mirror port are the port that physical host can directly carry out packet capturing.
3. network interface card mirror image packet snapping method as described in claim 1, which is characterized in that it is described by mapping block in mirror port
The step of middle mirror image of the generation to packet capturing network interface card includes:
The message to packet capturing network interface card is obtained, message is mapped to by mirror port by mapping block.
4. network interface card mirror image packet snapping method as described in claim 1, which is characterized in that the mirror image in mirror port carries out
Packet capturing, the step of obtaining the message of mirror port include:
After receiving packet capturing instruction, packet capturing is carried out to mirror port by default packet catcher based on physical host.
5. network interface card mirror image packet snapping method as claimed in claim 4, which is characterized in that described to be grabbed based on physical host by default
Include: after the step of job contract tool carries out packet capturing to mirror port
Packet capturing duration is recorded, and is compared with default packet capturing duration, according to the comparison knot of packet capturing duration and default packet capturing duration
Fruit controls whether to stop packet capturing.
6. network interface card mirror image packet snapping method as claimed in claim 5, which is characterized in that described according to packet capturing duration and default packet capturing
The comparison result of duration controls whether
When packet capturing duration is less than default packet capturing duration, then persistently packet capturing;
When packet capturing duration is greater than or equal to default packet capturing duration, then stop packet capturing.
7. network interface card mirror image packet snapping method as claimed in claim 6, which is characterized in that described when packet capturing duration is greater than or equal in advance
If when packet capturing duration, then the step of stopping packet capturing, includes:
The message that the packet capturing obtains is stored in default local path after stopping packet capturing.
8. network interface card mirror image packet snapping method as claimed in claim 7, which is characterized in that described when packet capturing duration is greater than or equal in advance
If when packet capturing duration, then the step of stopping packet capturing further include:
Preset far-end address is sent by network by the message that the packet capturing obtains after stopping packet capturing.
9. a kind of terminal, which is characterized in that the mobile terminal includes: memory, processor and is stored on the memory
And the network interface card mirror image packet capturing program that can be run on the processor, the network interface card mirror image packet capturing program are executed by the processor
The step of Shi Shixian such as network interface card mirror image packet snapping method described in any item of the claim 1 to 8.
10. a kind of computer readable storage medium, which is characterized in that be stored with network interface card mirror on the computer readable storage medium
As packet capturing program, realize when the network interface card mirror image packet capturing program is executed by processor as described in any item of the claim 1 to 8
The step of network interface card mirror image packet snapping method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710850154.3A CN109525509A (en) | 2017-09-19 | 2017-09-19 | Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing |
| PCT/CN2018/106521 WO2019057089A1 (en) | 2017-09-19 | 2018-09-19 | Network card image packet capture method, terminal, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710850154.3A CN109525509A (en) | 2017-09-19 | 2017-09-19 | Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109525509A true CN109525509A (en) | 2019-03-26 |
Family
ID=65768524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710850154.3A Pending CN109525509A (en) | 2017-09-19 | 2017-09-19 | Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109525509A (en) |
| WO (1) | WO2019057089A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110958152A (en) * | 2019-10-13 | 2020-04-03 | 苏州浪潮智能科技有限公司 | Method, system and equipment for monitoring virtual machine service network |
| CN111835663A (en) * | 2020-07-16 | 2020-10-27 | 普强时代(珠海横琴)信息技术有限公司 | Real-time call monitoring method based on network packet capturing analysis |
| CN112003927A (en) * | 2020-08-21 | 2020-11-27 | 福州华纳信息科技有限公司 | Network virtual number shaking method and system |
| CN112311729A (en) * | 2019-07-29 | 2021-02-02 | 南京南瑞继保工程技术有限公司 | Online packet capturing method and system |
| CN113055225A (en) * | 2021-02-08 | 2021-06-29 | 网宿科技股份有限公司 | Method for acquiring network fault analysis data, terminal and server |
| WO2023050816A1 (en) * | 2021-09-29 | 2023-04-06 | 中兴通讯股份有限公司 | Network data packet capturing method, client and server side |
| WO2023093367A1 (en) * | 2021-11-23 | 2023-06-01 | 中兴通讯股份有限公司 | Data packet capturing method and apparatus, electronic device, and storage medium |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395242A (en) * | 2020-03-13 | 2021-09-14 | 北京奇虎科技有限公司 | Packet capturing method and device for application data packet and computing equipment |
| CN115002203B (en) * | 2021-03-02 | 2024-09-20 | 京东科技信息技术有限公司 | Data packet grabbing method, device, equipment and computer readable medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055653A (en) * | 2009-11-10 | 2011-05-11 | 中兴通讯股份有限公司 | Packet sniffing method and device in high-speed interconnection system |
| CN102870377A (en) * | 2012-06-30 | 2013-01-09 | 华为技术有限公司 | Monitoring method and device for virtual port |
| US20150277959A1 (en) * | 2014-03-31 | 2015-10-01 | Fujitsu Limited | Capture point determination method and capture point determination system |
| CN105306388A (en) * | 2015-11-06 | 2016-02-03 | 西安交大捷普网络科技有限公司 | Port data mirroring implementation method based on netfilter framework |
| CN105808167A (en) * | 2016-03-10 | 2016-07-27 | 深圳市杉岩数据技术有限公司 | SR-IOV (Single Root I/O Virtualization)-based linked clone method, storage equipment and system |
| CN106254176A (en) * | 2016-07-29 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | A kind of traffic mirroring method based on openvswitch |
| CN106961363A (en) * | 2017-03-29 | 2017-07-18 | 云络动力(北京)科技有限公司 | A kind of method and system for capturing virtual switch User space data plane data message |
| CN107294869A (en) * | 2017-06-22 | 2017-10-24 | 郑州云海信息技术有限公司 | A kind of method and system of Microsoft Loopback Adapter message crawl |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10230643B2 (en) * | 2015-05-22 | 2019-03-12 | Los Alamos National Security, Llc | Full flow retrieval optimized packet capture |
| CN105357151B (en) * | 2015-11-19 | 2019-03-19 | 成都科来软件有限公司 | A kind of packet capturing and mirror image flow forwarding method based on DPDK |
| US10003660B2 (en) * | 2016-02-29 | 2018-06-19 | Cisco Technology, Inc. | System and method for data plane signaled packet capture in a service function chaining network |
| CN106375384B (en) * | 2016-08-28 | 2019-06-18 | 北京瑞和云图科技有限公司 | The management system and control method of image network flow in a kind of virtual network environment |
| CN106330621B (en) * | 2016-09-30 | 2019-09-17 | 深圳市吉祥腾达科技有限公司 | A kind of test method and test macro of interchanger transmission signal performance |
-
2017
- 2017-09-19 CN CN201710850154.3A patent/CN109525509A/en active Pending
-
2018
- 2018-09-19 WO PCT/CN2018/106521 patent/WO2019057089A1/en active Application Filing
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055653A (en) * | 2009-11-10 | 2011-05-11 | 中兴通讯股份有限公司 | Packet sniffing method and device in high-speed interconnection system |
| CN102870377A (en) * | 2012-06-30 | 2013-01-09 | 华为技术有限公司 | Monitoring method and device for virtual port |
| US20150277959A1 (en) * | 2014-03-31 | 2015-10-01 | Fujitsu Limited | Capture point determination method and capture point determination system |
| CN105306388A (en) * | 2015-11-06 | 2016-02-03 | 西安交大捷普网络科技有限公司 | Port data mirroring implementation method based on netfilter framework |
| CN105808167A (en) * | 2016-03-10 | 2016-07-27 | 深圳市杉岩数据技术有限公司 | SR-IOV (Single Root I/O Virtualization)-based linked clone method, storage equipment and system |
| CN106254176A (en) * | 2016-07-29 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | A kind of traffic mirroring method based on openvswitch |
| CN106961363A (en) * | 2017-03-29 | 2017-07-18 | 云络动力(北京)科技有限公司 | A kind of method and system for capturing virtual switch User space data plane data message |
| CN107294869A (en) * | 2017-06-22 | 2017-10-24 | 郑州云海信息技术有限公司 | A kind of method and system of Microsoft Loopback Adapter message crawl |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112311729A (en) * | 2019-07-29 | 2021-02-02 | 南京南瑞继保工程技术有限公司 | Online packet capturing method and system |
| CN110958152A (en) * | 2019-10-13 | 2020-04-03 | 苏州浪潮智能科技有限公司 | Method, system and equipment for monitoring virtual machine service network |
| CN111835663A (en) * | 2020-07-16 | 2020-10-27 | 普强时代(珠海横琴)信息技术有限公司 | Real-time call monitoring method based on network packet capturing analysis |
| CN112003927A (en) * | 2020-08-21 | 2020-11-27 | 福州华纳信息科技有限公司 | Network virtual number shaking method and system |
| CN113055225A (en) * | 2021-02-08 | 2021-06-29 | 网宿科技股份有限公司 | Method for acquiring network fault analysis data, terminal and server |
| CN113055225B (en) * | 2021-02-08 | 2023-12-05 | 网宿科技股份有限公司 | Network fault analysis data acquisition method, terminal and server |
| WO2023050816A1 (en) * | 2021-09-29 | 2023-04-06 | 中兴通讯股份有限公司 | Network data packet capturing method, client and server side |
| WO2023093367A1 (en) * | 2021-11-23 | 2023-06-01 | 中兴通讯股份有限公司 | Data packet capturing method and apparatus, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019057089A1 (en) | 2019-03-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525509A (en) | Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing | |
| CN104796385B (en) | Terminal binding method, apparatus and system | |
| CN105320598B (en) | Method for testing software and device | |
| CN104598513B (en) | A kind of method of data flow control and system based on web page frame | |
| CN111176961B (en) | Application program testing method and device and storage medium | |
| CN108763086A (en) | Script method for recording, terminal and computer readable storage medium based on remote real machine | |
| CN110149552A (en) | A kind of processing method and terminal of video flowing frame data | |
| CN109739757A (en) | A kind of AB test method and device | |
| CN108632253A (en) | Client data secure access method based on mobile terminal and device | |
| CN110032512A (en) | A kind of adjustment method of small routine, relevant device and terminal | |
| CN108491123A (en) | A kind of adjusting application program image target method and mobile terminal | |
| EP2961197A1 (en) | Apparatus and method for preventing malfunction in an electronic device | |
| CN107807861A (en) | Freeze screen solution method, mobile terminal and computer-readable recording medium | |
| CN106130735A (en) | The processing method of a kind of communication information, device and mobile terminal | |
| CN109753425A (en) | Pop-up processing method and processing device | |
| CN110515676A (en) | Interface integration method, device, equipment and storage medium | |
| CN107066860B (en) | A kind of fingerprint identification method and mobile terminal | |
| CN109544172A (en) | A kind of display methods and terminal device | |
| CN108984231A (en) | A kind of login method and mobile terminal of application program account | |
| CN109921960B (en) | IDC machine room network anomaly testing method and device | |
| CN108200285A (en) | Reduce photographic method, mobile terminal and the computer readable storage medium of interference | |
| CN106708555B (en) | A kind of method and apparatus loading plug-in unit | |
| CN107908478A (en) | Memory method for cleaning, mobile terminal and computer-readable recording medium | |
| CN107066374A (en) | A kind of data processing method and mobile terminal | |
| CN110166461A (en) | User's unifying identifier processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190326 |