CN109889428A - A method of information exchange is realized by means of line mode - Google Patents
A method of information exchange is realized by means of line mode Download PDFInfo
- Publication number
- CN109889428A CN109889428A CN201811649177.9A CN201811649177A CN109889428A CN 109889428 A CN109889428 A CN 109889428A CN 201811649177 A CN201811649177 A CN 201811649177A CN 109889428 A CN109889428 A CN 109889428A
- Authority
- CN
- China
- Prior art keywords
- packet
- encapsulation
- server
- data
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of method for realizing information exchange by means of line mode of the invention, comprising the following steps: the INC mouth data monitored simultaneously packet capturing, parse network interface card, to obtain MAC, IP and port information write-in caching in upstream data packet;Encapsulation to MAC, IP and port information progress UDP message protocol format in upstream data packet, obtains the UDP message for being directed toward Service-Port;Based on UDP message, the encapsulation of IP packet protocol format is carried out, to obtain being directed toward the IP packet of server ip address;The encapsulation of Ether frame protocol format is carried out to the IP packet of the direction server ip address of acquisition, to obtain being directed toward the Ether frame of server physical address;The Ether frame for the direction server physical address that encapsulation is formed is sent to server.A kind of method for realizing information exchange by means of line mode of the invention realizes that front end security audit equipment and back-end server go on smoothly the function of information exchange, and then can carry out remote management and control to front end audit device by using existing public communication network.
Description
Technical field
The present invention relates to security audit interaction fields, more particularly, to a kind of side for realizing information exchange by means of line mode
Method.
Background technique
Security audit equipment is by privately owned management net with the interaction of business, control information between back-end server at present
What network was realized.If the data such as parsing, log of front end security audit equipment can not be transmitted in time without privately owned management network
Back-end server is shown, inquires;Back-end server also can not carry out remote management and control to front end security audit equipment.It is former
Because either parsing, log or management control data, are all load datas, load data will be on publicly-owned communication network
Transmission, it is necessary to carry out layer-by-layer encapsulation according to the protocol model of publicly-owned communication network, global network parameter, form global network number
It according to packet, and is that private network data packet (believe by the parameter for carrying privately owned management network by the data packet of privately owned management network transmission
Breath), apparatus for network node cannot achieve data packet by the privately owned management net-work parameter information carried in private network data packet
Correct forwarding, therefore can not effectively be delivered to target device and (if it is the data of front end to rear end, then can not effectively be delivered to
Back-end server;If it is the equipment of rear end to front end, then front end security audit equipment can not be effectively delivered to).Practical application
In, there are security audit equipment there was only the case where public communication network is without privately owned management network.So current information is handed over
Mutual method is unable to satisfy the requirement that information exchange is only carried out by public communication network and back-end server.
Summary of the invention
The present invention provides a kind of method for realizing information exchange by means of line mode, specifically used existing public communication network,
It realizes that security audit equipment and server go on smoothly the function of information exchange, and then front end audit device can be carried out long-range
Management control, to solve to only have under public communication network environment in the prior art, security audit equipment can not same back-end server
The problem of carry out business, control information exchange.
According to an aspect of the present invention, a kind of method for realizing information exchange by means of line mode is provided, comprising the following steps:
Step S1, the INC mouth data monitored simultaneously packet capturing, parse network interface card, to obtain MAC, IP and the end in upstream data packet
Message breath write-in caching;
Step S2, to the envelope of MAC, IP and port information progress UDP message protocol format in the upstream data packet
Dress obtains the UDP message for being directed toward Service-Port;
Step S3 is based on UDP message, carries out the encapsulation of IP packet protocol format, to obtain being directed toward the IP packet of server ip address;
Step S4 carries out the encapsulation of Ether frame protocol format to the IP packet of the direction server ip address of the acquisition, with
To the Ether frame for being directed toward server physical address;
The Ether frame for the direction server physical address that encapsulation is formed is sent to by step S5 by common communication link
Server.
On the basis of above scheme preferably, the step S1 further comprises,
Based on protocol data and daily record data, the real time data of database is obtained.
On the basis of above scheme preferably, the step S2 further comprises,
To in the network data of the real time data of the database, networking configuration, the upstream data packet MAC, IP and
Port information carries out the encapsulation of UDP message protocol format, obtains the UDP message for being directed toward Service-Port.
Compared with prior art, the present invention has the advantages that
It is of the invention by using monitoring and packet capturing, the INC mouth data for parsing network interface card, MAC in acquisition upstream data packet,
IP, port information write-in caching, in case construction uplink interaction data packet uses below, structurally, downlink data packet, in addition to load
Part need to be changed according to the data to be transmitted it is outer, UDP message, IP datagram, mac frame head relevant field require
It is adjusted according to practical public communication network situation and back-end server network configuration, ultimately forming one can be public logical
The data packet of normal transmission in communication network, then by common communication link, using socket data transmission interface construction
Upstream or downstream message is sent.Useful information is extracted, associated response processing is done after receiving data packet in opposite end.
A kind of method for realizing information exchange by means of line mode of the invention, it is real by using existing public communication network
Existing front end security audit equipment and back-end server go on smoothly the function of information exchange, and then can set to front end security audit
It is standby to carry out remote management and control.
Detailed description of the invention
Fig. 1 is the flow chart of the method that information exchange is realized by means of line mode of the invention;
Fig. 2 is the upstream data processing flow schematic diagram of the method that information exchange is realized by means of line mode of the invention;
Fig. 3 is the downlink data processing flow schematic diagram of the method that information exchange is realized by means of line mode of the invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below
Example is not intended to limit the scope of the invention for illustrating the present invention.
Refering to Figure 1, the present invention provides a kind of method for realizing information exchange by means of line mode, including following step
It is rapid:
Step S1, the INC mouth data monitored simultaneously packet capturing, parse network interface card, to obtain MAC, IP and the end in upstream data packet
Message breath write-in caching;
Step S2, to the envelope of MAC, IP and port information progress UDP message protocol format in the upstream data packet
Dress obtains the UDP message for being directed toward Service-Port;
Step S3 is based on UDP message, carries out the encapsulation of IP packet protocol format, to obtain being directed toward the IP packet of server ip address;
Step S4 carries out the encapsulation of Ether frame protocol format to the IP packet of the direction server ip address of the acquisition, with
To the Ether frame for being directed toward server physical address;
The Ether frame for the direction server physical address that encapsulation is formed is sent to by step S5 by common communication link
Server.
It is of the invention by using monitoring and packet capturing, the INC mouth data for parsing network interface card, MAC in acquisition upstream data packet,
IP, port information write-in caching, in case construction uplink interaction data packet uses below, structurally, downlink data packet, in addition to load
Part need to be changed according to the data to be transmitted it is outer, UDP message, IP datagram, mac frame head relevant field require
It is adjusted according to practical public communication network situation and back-end server network configuration, ultimately forming one can be public logical
The data packet of normal transmission in communication network, then by common communication link, using socket data transmission interface construction
Upstream or downstream message is sent.Useful information is extracted, associated response processing is done after receiving data packet in opposite end.
A kind of method for realizing information exchange by means of line mode of the invention, it is real by using existing public communication network
Existing front end security audit equipment and back-end server go on smoothly the function of information exchange, so can to front end audit device into
Row remote management and control.
For the technical solution that present invention be described in more detail, it is of the invention define audit device to server side to
Data are upstream data, including parsing data and daily record data;The data in server to audit device direction are downlink data, packet
Include management, control data.Uplink and downlink data pass through common communication link and are transmitted.
Wherein, upstream data transmits, and needs to rely on source MAC, source IP and the source port in upstream data packet, purpose MAC,
Destination IP and destination port, and need to match with the setting of the network parameter of server, while parsing or daily record data conduct
The payload portions of the data packet of neotectonics.
As shown in Fig. 2, being upstream data processing flow schematic diagram of the invention, obtained based on object data parsing data information
Source MAC, IP and port information, and the database constituted based on protocol data, daily record data are taken, the dependency number of database is obtained
According to, by the relevant information of database, source MAC, IP and port information, connection Configuration network parametric configuration upstream data packet, pass through
Socket is sent.
Wherein, step S1 further comprises protocol data and daily record data being based on, to obtain the real time data of database;
Step S2 further comprises, in the real time data of the database, the network data of connection configuration, the upstream data packet
MAC, IP and port information carry out the encapsulation of UDP message protocol format, obtain the UDP message for being directed toward Service-Port.
As shown in figure 3, being downlink data process flow diagram of the invention, downlink data transmitting is control tubulation reason data
As the payload portions of downlink data packet, source MAC, source IP and source port use the network of relation parameter of server setting,
Purpose MAC, destination IP and destination port use source MAC, source IP and the source port of the upstream data packet received.
Finally, the present processes are only preferable embodiment, it is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention
Within the scope of.
Claims (3)
1. a kind of method for realizing information exchange by means of line mode, which comprises the following steps:
Step S1, the INC mouth data monitored simultaneously packet capturing, parse network interface card, to obtain MAC, IP and port letter in upstream data packet
Breath write-in caching;
Step S2, the encapsulation to MAC, IP and port information progress UDP message protocol format in the upstream data packet, obtains
It is directed toward the UDP message of Service-Port;
Step S3 is based on UDP message, carries out the encapsulation of IP packet protocol format, to obtain being directed toward the IP packet of server ip address;
Step S4 carries out the encapsulation of Ether frame protocol format to the IP packet of the direction server ip address of acquisition, to obtain being directed toward clothes
The Ether frame of business device physical address;
The Ether frame for the direction server physical address that encapsulation is formed is sent to service by common communication link by step S5
Device.
2. a kind of method for realizing information exchange by means of line mode as described in claim 1, which is characterized in that the step S1 into
One step includes:
Based on protocol data and daily record data, the real time data of database is obtained.
3. a kind of method for realizing information exchange by means of line mode as claimed in claim 2, which is characterized in that the step S2 into
One step includes,
Network data, MAC, IP in the upstream data packet and the port that the real time data of the database, connection are configured
Information carries out the encapsulation of UDP message protocol format, obtains the UDP message for being directed toward Service-Port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811649177.9A CN109889428A (en) | 2018-12-30 | 2018-12-30 | A method of information exchange is realized by means of line mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811649177.9A CN109889428A (en) | 2018-12-30 | 2018-12-30 | A method of information exchange is realized by means of line mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109889428A true CN109889428A (en) | 2019-06-14 |
Family
ID=66925516
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811649177.9A Pending CN109889428A (en) | 2018-12-30 | 2018-12-30 | A method of information exchange is realized by means of line mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109889428A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581865A (en) * | 2003-07-31 | 2005-02-16 | 烽火通信科技股份有限公司 | Client network interface method using ethernet line as IP control channel |
| CN1581866A (en) * | 2003-07-31 | 2005-02-16 | 烽火通信科技股份有限公司 | Client network interface realizing method using public nework as IP control channel |
| CN1777142A (en) * | 2005-11-21 | 2006-05-24 | 西安电子科技大学 | Method for realizing data communication utilizing virtual network adapting card in network environment simulating |
| CN101312412A (en) * | 2007-05-25 | 2008-11-26 | 北京中电华大电子设计有限责任公司 | Ethernet transmission system based on embedded technique |
| US20100235622A1 (en) * | 2009-03-13 | 2010-09-16 | Assa Abloy Ab | Transfer device for sensitive material such as a cryptographic key |
| CN101909043A (en) * | 2009-06-03 | 2010-12-08 | 中兴通讯股份有限公司 | Data transmission method based on simple network management protocol and system thereof |
| CN104539477A (en) * | 2014-12-15 | 2015-04-22 | 国家计算机网络与信息安全管理中心 | Method for collecting message information of multiple Ether lines |
-
2018
- 2018-12-30 CN CN201811649177.9A patent/CN109889428A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581865A (en) * | 2003-07-31 | 2005-02-16 | 烽火通信科技股份有限公司 | Client network interface method using ethernet line as IP control channel |
| CN1581866A (en) * | 2003-07-31 | 2005-02-16 | 烽火通信科技股份有限公司 | Client network interface realizing method using public nework as IP control channel |
| CN1777142A (en) * | 2005-11-21 | 2006-05-24 | 西安电子科技大学 | Method for realizing data communication utilizing virtual network adapting card in network environment simulating |
| CN101312412A (en) * | 2007-05-25 | 2008-11-26 | 北京中电华大电子设计有限责任公司 | Ethernet transmission system based on embedded technique |
| US20100235622A1 (en) * | 2009-03-13 | 2010-09-16 | Assa Abloy Ab | Transfer device for sensitive material such as a cryptographic key |
| CN101909043A (en) * | 2009-06-03 | 2010-12-08 | 中兴通讯股份有限公司 | Data transmission method based on simple network management protocol and system thereof |
| CN104539477A (en) * | 2014-12-15 | 2015-04-22 | 国家计算机网络与信息安全管理中心 | Method for collecting message information of multiple Ether lines |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105634956B (en) | A kind of message forwarding method, device and system | |
| US10334419B2 (en) | Methods, systems, and computer readable media for optimizing machine type communication (MTC) device signaling | |
| US20150261650A1 (en) | Method and system for implementing remote debugging | |
| WO2019033920A1 (en) | Method and device enabling network side to identify and control remote user equipment | |
| CN113812126A (en) | Message transmission method, device and system | |
| CN104883736B (en) | The localization method and device of terminal | |
| US20150381563A1 (en) | Relay system for transmitting ip address of client to server and method therefor | |
| WO2016034029A1 (en) | Method and device for processing service traffic | |
| CN109195116A (en) | A kind of application layer group broadcasting method of LPWAN Internet of Things | |
| CN113766019B (en) | Internet of things system based on cloud and edge computing combination | |
| CN106713084A (en) | multi-gateway system of Internet of Things | |
| CN106789606A (en) | A kind of network communicating system, its management method and communication means | |
| CN104658226A (en) | Wireless meter reading system and method | |
| CN104995882B (en) | Message processing method and device | |
| CN106413127B (en) | Method, system and the Relay equipment of Relay equipment connection remote network management server | |
| CN109428949A (en) | A kind of method and apparatus that ARP proxy is realized based on SDN | |
| CN107820262A (en) | Method for parameter configuration, apparatus and system | |
| CN104125599B (en) | Access point is obtained with user terminal information, associated and statistical analysis technique in WLAN | |
| CN105743868B (en) | A kind of data collection system and method for supporting encryption and non-encrypted agreement | |
| CN105812079A (en) | Emergency broadcast state reporting method, device, emergency broadcast state receiving method and device | |
| WO2016095379A1 (en) | Assistant positioning method and device for packet loss position and computer storage medium | |
| CN106850319A (en) | The collecting method and system of power network EMS system | |
| CN110099138A (en) | A kind of method and system handling the DHCP data with VLAN TAG | |
| CN105991353A (en) | Fault location method and device | |
| CN109889428A (en) | A method of information exchange is realized by means of line mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190614 |
|
| RJ01 | Rejection of invention patent application after publication |