CN110661858A - Websocket-based intranet penetration method and system - Google Patents
Websocket-based intranet penetration method and system Download PDFInfo
- Publication number
- CN110661858A CN110661858A CN201910866639.0A CN201910866639A CN110661858A CN 110661858 A CN110661858 A CN 110661858A CN 201910866639 A CN201910866639 A CN 201910866639A CN 110661858 A CN110661858 A CN 110661858A
- Authority
- CN
- China
- Prior art keywords
- agent
- information
- websocket
- agent end
- request information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
- H04L67/63—Routing a service request depending on the request content or context
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Abstract
The invention discloses an intranet penetrating method based on websocket, which comprises the following steps of: sending request information to a first agent so that the first agent can transmit the request information to a second agent, and sending the request information to an application end by the second agent; the websocket connection is established between the first agent end and the second agent end, the first agent end is located in an external network, and the second agent end is located in an internal network; when the long connection is established, the first agent side is in a server mode, the second agent side is in a client side mode, and the client side initiates connection to the server side. The invention also discloses an intranet penetrating system based on the websocket. The invention is easy to deploy and has low deployment cost.
Description
Technical Field
The invention relates to the technical field of intranet access, in particular to an intranet penetration method and system based on websocket.
Background
In the scenario of using a network in an office or a home, due to the limitation of ip resources of the public network, an intranet ip is generally used to establish a network environment (hereinafter referred to as a local area network or an intranet), each computer is connected to the local area network, and a router is additionally configured to connect to an extranet. The computer in the local area network is accessed to the internet by the router.
Referring to fig. 1, when a user actively initiates a request from an intranet, a router can establish an NAT address mapping relationship to implement a networking function; if the other way around is not true, if the router is not additionally configured, a user cannot access the host of the intranet from the external network because the ip of the intranet cannot be routed on the internet, and if the requested message reaches the router by virtue of the external address of the router, the router cannot determine which host is forwarded to the internal host (1-to-many relationship); on the other hand, for security reasons, the firewall also restricts the active initiation and access from the outside to the intranet host.
In order to access a host in a lan from an external network, the following methods are generally used:
1. mapping configuration is carried out on the router, for example, when an external network address and a designated port of the router are accessed, the router is configured to be transferred to a specific ip and a port of the internal local area network;
2. local area network interconnection in different places is realized by establishing a vpn virtual local area network;
3. and establishing a reverse tunnel between the host in the local area network and the server in the public network through ssh to realize connection.
The method can theoretically realize the access of the host in the local area network from the external network, and has the difference of implementation difficulty, maintenance cost and deployment and acquisition cost. The 1 st type needs to have the management authority of the router, generally can only carry out connection management from an intranet, and needs an administrator to have professional operation and maintenance knowledge, and needs to continue maintenance when the host changes in the later period, so that more constraint conditions exist; the deployment cost is too high, including equipment purchase, external server resources, installation and deployment of an internal host, debugging of the whole system, and special maintenance is also needed; in the 3 rd method, a 22 port of the server needs to be opened for any ip, and connected account passwords also need to be distributed to all connecting parties, so that the method is very unsafe, has a certain technical threshold, is not suitable for popularization and use, and can only be locally used by developers.
Disclosure of Invention
In order to overcome the defects of the prior art, one of the purposes of the present invention is to provide an intranet penetration method based on websocket, which is easy to deploy and low in cost.
One of the purposes of the invention is realized by adopting the following technical scheme:
an intranet penetration method based on websocket comprises the following steps:
sending request information to a first agent so that the first agent can transmit the request information to a second agent, and sending the request information to an application end by the second agent;
the request information includes destination information; the second agent end sends the request information to an application end according to the destination information;
the second agent end is connected with the first agent end through the websocket and establishes long connection, the first agent end is located in an external network, and the second agent end is located in an internal network; when the long connection is established, the first agent side is in a server mode, and the second agent side is in a client side mode.
Further, the method further comprises:
sending request information to a third agent, and transmitting the request information to a first agent by the third agent; the third agent end is connected with the first agent end through the websocket and establishes long connection, and the third agent end is located in an intranet; when the long connection is established, the third agent is in a client mode; and the third agent end and the second agent end are positioned in the same intranet or different intranets.
Further, the request information also includes target node information, the first agent transmits the request information to a target second agent according to the target node information, and the target second agent is a second agent corresponding to the target node information.
Further, any load type of http, tcp, udp may be transparently transmitted between the first agent and the second agent, and between the first agent and the third agent; when the type of the transparent transmission load is http, the destination information is target address information; and when the transparent transmission load type is tcp or udp, the destination information is destination port information and destination ip information.
Further, when the second agent is started for the first time, the second agent is connected with the first agent through the websocket and sends an authentication request to the first agent, and after authentication is completed, long connection is established between the second agent and the first agent;
or/and;
when the third agent end is started for the first time, the third agent end is connected with the first agent end through the websocket and sends an authentication request to the first agent end, and after authentication is completed, long connection is established between the third agent end and the first agent end.
Further, after receiving the request message, the application end returns response information in the original way.
The invention also aims to provide an intranet penetrating system based on the websocket, which is easy to deploy and low in cost.
The second purpose of the invention is realized by adopting the following technical scheme:
a websocket-based intranet penetration system, comprising:
the request terminal is used for sending request information to the first agent terminal, and the request information comprises destination information;
the first agent end is used for transmitting the request information to the second agent end;
the second agent end is used for sending the request information to the application end according to the destination information;
the application end is used for receiving the request information;
the second agent end is connected with the first agent end through the websocket and establishes long connection, the first agent end is located in an external network, and the second agent end is located in an internal network; when the long connection is established, the first agent side is in a server mode, and the second agent side is in a client side mode.
Further, the intranet penetration system further comprises a third agent end;
the request end sends request information to a third agent end, and the third agent end transmits the request information to the first agent end; the third agent end is connected with the first agent end through the websocket and establishes long connection, and the third agent end is located in an intranet; when the long connection is established, the third agent is in a client mode; and the third agent end and the second agent end are positioned in the same intranet or different intranets.
Further, the request information also includes target node information, the first agent transmits the request information to a target second agent according to the target node information, and the target second agent is a second agent corresponding to the target node information.
Further, when the second agent is started for the first time, the second agent is connected with the first agent through the websocket and sends an authentication request to the first agent, and after authentication is completed, long connection is established between the second agent and the first agent;
or/and;
when the third agent end is started for the first time, the third agent end is connected with the first agent end through the websocket and sends an authentication request to the first agent end, and after authentication is completed, long connection is established between the third agent end and the first agent end.
Compared with the prior art, the invention has the beneficial effects that: the invention establishes a long connection between the intranet and extranet servers at the application level, thereby providing the function of reverse connection to the internal host. The method has the advantages of easy deployment and application and low cost, does not need a public network server to open a ssh port facing any ip, does not need to provide an account password of the public network server, and does not need the configuration authority of an intranet router.
Drawings
FIG. 1 is a schematic block diagram of a conventional intranet-extranet connection;
FIG. 2 is a schematic block diagram of an intranet penetration method based on a websocket according to a first embodiment of the present invention;
FIG. 3 is a schematic block diagram of an intranet penetration method based on websocket according to a second embodiment of the present invention;
FIG. 4 is a schematic block diagram of an intranet penetration method based on a websocket according to a third embodiment of the present invention;
FIG. 5 is a schematic block diagram of a websocket-based intranet penetration method according to a fourth embodiment of the present invention;
fig. 6 is a second schematic block diagram of the inner network penetration method based on websocket according to the fourth embodiment of the present invention.
Detailed Description
The present invention will now be described in more detail with reference to the accompanying drawings, in which the description of the invention is given by way of illustration and not of limitation. The various embodiments may be combined with each other to form other embodiments not shown in the following description.
Example one
The embodiment provides an intranet penetration method based on websocket, and aims to solve the problem that an extranet sends a connection request to a computer node of an intranet.
Referring to fig. 2, the method includes the following steps:
step 1, a request end 10 sends request information to a first agent end 20, and the sending request comprises destination information, namely corresponding application end information; the first agent extracts all the contents of the received request message and delivers the extracted contents to the second agent 30, that is, the first agent and the second agent realize transparent transmission.
And 2, the second agent sends the request information to the application terminal 40 according to the target address information.
The first agent end and the second agent end are respectively positioned in the outer network and the inner network, so that the inner network penetration of the request end is realized, and the outer network sends a connection request to the inner network. The request side and the application side are opposite, that is, the side for sending information is called the request side, and the side for receiving information is called the application side. For example, the application 40 may also initiate a request actively, pass through the second agent 30 to the first agent 20, and then be forwarded by the latter to the request 10 according to the routing configuration, in this case, the application 40 is actually the request, and the request 10 is actually the application.
The first agent end and the second agent end are realized through an agent program. The agent program can work in a client mode or a server mode according to the configuration, and the agent program is also configured to support which of http, tcp and udp and corresponding parameters.
In the process of establishing the long connection, the first agent side is in a server mode, and the second agent side is in a client side mode. The first agent end is deployed in an external network server, and the second agent end is deployed in an internal network server. The request end and the application end are applications (such as apps) needing to transmit requests, services or data and the like. In the first embodiment, the request end sends the request information to the application end via the first agent end and the second agent end, where the request end may be an application of the first agent end, and the application end may be an application (or a service or data, etc.) of the second agent end.
And for http, a transparent transmission mode is realized:
management command words sent between agents (between the first agent and the second agent, and for the latter embodiment also between the third agent and the first agent): heartbeat sending, heartbeat response, authentication sending and authentication response;
http command words sent between the agents comprise: http request message and http response message;
the http transparent message parameters comprise: command word, globally unique message id, source wsid, target address of http, method, url, heads, body. In this manner, the destination information is the target address information.
The content sent between the agent ends comprises a function command word, a globally unique message id and routing information, and is packaged and sent to the other end of the agent together with the http protocol content.
For tcp, the transparent transmission mode is realized:
the tcp transparent transmission command words sent between the agent terminals comprise: tcp establishing a link, tcp text sending and tcp disconnecting;
the tcp transparent transmission message parameters comprise command words, globally unique message id, source wsid, target ip, target port and tcp text content. In this manner, the destination information is destination port information and destination ip information.
One agent end receives the connection request of the request end and then receives and maintains the connection, and simultaneously sends a command to the configured destination agent program, and the destination agent program performs tcp connection with the application end according to the configuration and the requested destination port. Subsequent tcp requests sent by the "requestor" are passed transparently to the "application".
The mode for realizing transparent transmission for udp is as follows:
the udp transparent transmission command word sent between the agent terminals comprises: transmitting udp text;
the udp transparent transmission message parameters comprise command words, globally unique message id, source wsid, target ip, target port and udp text content. In this manner, the destination information is destination port information and destination ip information.
The situation is similar to tcp, but there is no long connection, and only port monitoring, message receiving and message transmitting are performed.
The invention has no special configuration requirement on the public network server, and does not need to open the ssh management port; the proxy nodes (nodes running the proxy programs) are connected through the websocket, only an https port needs to be opened, corresponding https certificates (the same as a common website) are configured, and if the https certificates do not exist, the https ports can be used for connection. In the process, the request end and the application end cannot sense the existence of the agent program, and the request end directly sends the request content to the application end.
The method depends on common basic configuration, and has low deployment and use thresholds, including direct use of https related firewall setting configured and opened by a common website server and nginx route configuration. There is no need to open the ssh management port. The connection mode does not need to change the original security policy of the server, including ip white list and the like.
When the second agent starts to establish long connection with the first agent for the first time, authentication is needed, and only the client (the second agent) passing the authentication is added into the link pool of the first agent, so that safety guarantee is enhanced. The text between the agents may optionally be encrypted, or certainly not, and if a normal http port is used for connection, encryption is recommended. The first agent configures corresponding authentication parameters for each second agent independently, and configures a target node list (i.e. an intranet agent end that can be connected) and a destination list (i.e. an intranet application end that can be connected) that can be forwarded for each second agent, which is similar to the authentication between the third agent end and the first agent end in the following embodiments.
Example two
The second embodiment is an improvement on any of the above embodiments, where the first agent is in an extranet and the second agent is in an intranet.
Referring to fig. 3, the request terminal 10 may further send request information through the third agent terminal 50, and then the third agent terminal passes the request information through to the first agent terminal 20, and the second agent terminal passes the request information through to the second agent terminal 30, and finally, the second agent terminal sends the request information to the application terminal 40.
The third agent end is similar to the second agent end, and establishes connection with the first agent end through the websocket and completes authentication, and the transparent transmission mode of the third agent end and the first agent end is the same as that of the second agent end.
In the second embodiment, the third agent and the second agent are located in the same intranet (local area network), and this case can be applied to distributed deployment. In a distributed deployed data-sensitive application scenario, data storage may be deployed in a certain node (i.e., a second agent) in an intranet, and then a third agent accessing the second agent is restricted based on a target node that can be forwarded and is set by a first agent during authentication, and part of the third agent is allowed to access data of the second agent, and the part of the third agent accesses data (i.e., data is an application) of the second agent by means of the first agent (e.g., an application server of a public network).
EXAMPLE III
The main difference between the third embodiment and the second embodiment is that the third agent and the second agent are located in different internal networks (local area networks). The rest is basically the same: referring to fig. 4, in a case where the first agent is in an extranet and the second agent is in an intranet, the first agent is in an intranet. The request terminal 10 can also send the request message through the third agent terminal 50, and then the third agent terminal transmits the request message to the first agent terminal 20, and the second agent terminal transmits the request message to the second agent terminal 30, and finally, the second agent terminal sends the request message to the application terminal 40.
The third embodiment can be applied to application scenarios such as remote operation and maintenance or monitoring. The remote service is managed through the tunnels established by the agent program (which are transmitted by the third agent, the first agent and the second agent in turn) in the office and the home network, and the remote service is deployed in the intranet.
Example four
The fourth embodiment is an improvement on any of the above embodiments, in which, since there may be a plurality of second agents, the request information further includes the target node information. Referring to fig. 5, a request end 10 sends request information to a third agent end 50 (for the first embodiment, the third agent end may not be used), the third agent end transparently transmits the request information to a first agent end 20, the first agent end transparently transmits the request information to a target second agent end according to target node information, the target second agent end is a second agent end corresponding to the target node information (in the present embodiment, three second agent ends are provided, which are a second agent end 31, a second agent end 32 and a second third agent end 33, respectively, and the second agent end 32 is a second agent end corresponding to the target node information). And then, the target second agent sends the request information to the application end according to the destination information.
Referring to fig. 6, if the request information does not include the target node information, the first proxy directly sends the request information to an application terminal in the external network corresponding to the destination information, which is referred to as an external application terminal 61.
Similarly, there may be a plurality of application terminals, and therefore, only when the request information includes the target node information and the destination information, the interaction between the request terminal and the specific application terminal can be completed. If the request message does not include the destination information, the first agent sends the request message directly to the default application 62 in the extranet.
The whole process is as follows: the first agent transmits the request information to the target second agent according to the target node information. Then, the target second agent sends the request information to the target application according to the destination information (in fig. 6, three application terminals are shown, which are a first application terminal 41, a second application terminal 42 and a third application terminal 43, respectively, and the second application terminal 42 is an application terminal corresponding to the destination information).
EXAMPLE five
Embodiment five is an improvement on any of the above embodiments, and the second agent, the third agent, or one of them may not be in the intranet, for example, the second agent is not in the intranet. This case is used to pass through a request from a server (referred to as a first server) where a first agent resides to an application side of a server (referred to as a second server) where a second agent resides, by means of a pass-through function. The method solves the problem of complex network basic configuration from a first server to a second server, and can pull an application end to other servers to run.
EXAMPLE six
An embodiment six provides a web penetrating system based on websocket, which includes:
the request terminal is used for sending request information to the first agent terminal, and the request information comprises destination information;
the first agent end is used for transmitting the request information to the second agent end;
the second agent end is used for sending the request information to the application end according to the destination information;
the application end is used for receiving the request information;
the second agent end is connected with the first agent end through the websocket and establishes long connection, the first agent end is located in an external network, and the second agent end is located in an internal network; when the long connection is established, the first agent side is in a server mode, and the second agent side is in a client side mode.
Further, the intranet penetration system further comprises a third agent end;
the request end sends request information to a third agent end, and the third agent end transmits the request information to the first agent end; the third agent end is connected with the first agent end through the websocket and establishes long connection, and the third agent end is located in an intranet; when the long connection is established, the third agent is in a client mode; and the third agent end and the second agent end are positioned in the same intranet or different intranets.
Further, the request information also includes target node information, the first agent transmits the request information to a target second agent according to the target node information, and the target second agent is a second agent corresponding to the target node information.
Further, when the second agent is started for the first time, the second agent is connected with the first agent through the websocket and sends an authentication request to the first agent, and after authentication is completed, long connection is established between the second agent and the first agent;
or/and;
when the third agent end is started for the first time, the third agent end is connected with the first agent end through the websocket and sends an authentication request to the first agent end, and after authentication is completed, long connection is established between the third agent end and the first agent end.
Various other modifications and changes may be made by those skilled in the art based on the above-described technical solutions and concepts, and all such modifications and changes should fall within the scope of the claims of the present invention.
Claims (10)
1. An intranet penetration method based on websocket is characterized by comprising the following steps:
sending request information to a first agent so that the first agent can transmit the request information to a second agent, and sending the request information to an application end by the second agent;
the request information includes destination information; the second agent end sends the request information to an application end according to the destination information;
the second agent end is connected with the first agent end through the websocket and establishes long connection, the first agent end is located in an external network, and the second agent end is located in an internal network; when the long connection is established, the first agent side is in a server mode, and the second agent side is in a client side mode.
2. The web-based intranet penetration method of claim 1, further comprising:
sending request information to a third agent, and transmitting the request information to a first agent by the third agent; the third agent end is connected with the first agent end through the websocket and establishes long connection, and the third agent end is located in an intranet; when the long connection is established, the third agent is in a client mode; and the third agent end and the second agent end are positioned in the same intranet or different intranets.
3. The websocket-based intranet penetration method of claim 2, wherein the request information further comprises target node information, the first agent transmits the request information to a target second agent according to the target node information, and the target second agent is a second agent corresponding to the target node information.
4. The websocket-based intranet penetration method of claim 2, wherein any one of http, tcp and udp load types can be transparently transmitted between the first agent side and the second agent side and between the first agent side and the third agent side; when the type of the transparent transmission load is http, the destination information is target address information; and when the transparent transmission load type is tcp or udp, the destination information is destination port information and destination ip information.
5. The websocket-based intranet penetration method of claim 2, wherein when the second proxy is started for the first time, the second proxy is connected to the first proxy through the websocket and sends an authentication request to the first proxy, and after the authentication is completed, the second proxy establishes a long connection with the first proxy;
or/and;
when the third agent end is started for the first time, the third agent end is connected with the first agent end through the websocket and sends an authentication request to the first agent end, and after authentication is completed, long connection is established between the third agent end and the first agent end.
6. The websocket-based intranet penetration method of any one of claims 1-3, wherein the application end returns response information in a home route after receiving the request information.
7. A web-based intranet penetration system, comprising:
the request terminal is used for sending request information to the first agent terminal, and the request information comprises destination information;
the first agent end is used for transmitting the request information to the second agent end;
the second agent end is used for sending the request information to the application end according to the destination information;
the application end is used for receiving the request information;
the second agent end is connected with the first agent end through the websocket and establishes long connection, the first agent end is located in an external network, and the second agent end is located in an internal network; when the long connection is established, the first agent side is in a server mode, and the second agent side is in a client side mode.
8. The websocket-based intranet penetration system of claim 7, further comprising a third agent end;
the request end sends request information to a third agent end, and the third agent end transmits the request information to the first agent end; the third agent end is connected with the first agent end through the websocket and establishes long connection, and the third agent end is located in an intranet; when the long connection is established, the third agent is in a client mode; and the third agent end and the second agent end are positioned in the same intranet or different intranets.
9. The websocket-based intranet penetration system of claim 8, wherein the request information further comprises target node information, the first agent transmits the request information to a target second agent according to the target node information, and the target second agent is a second agent corresponding to the target node information.
10. The websocket-based intranet penetration system of claim 8,
when the second agent end is started for the first time, the second agent end is connected with the first agent end through the websocket and sends an authentication request to the first agent end, and after authentication is completed, long connection is established between the first agent end and the second agent end;
or/and;
when the third agent end is started for the first time, the third agent end is connected with the first agent end through the websocket and sends an authentication request to the first agent end, and after authentication is completed, long connection is established between the third agent end and the first agent end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910866639.0A CN110661858A (en) | 2019-09-12 | 2019-09-12 | Websocket-based intranet penetration method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910866639.0A CN110661858A (en) | 2019-09-12 | 2019-09-12 | Websocket-based intranet penetration method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110661858A true CN110661858A (en) | 2020-01-07 |
Family
ID=69037209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910866639.0A Pending CN110661858A (en) | 2019-09-12 | 2019-09-12 | Websocket-based intranet penetration method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110661858A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111698334A (en) * | 2020-06-24 | 2020-09-22 | 昆明东电科技有限公司 | Network service method and system of dual reverse proxy between intranet and extranet |
| CN112019625A (en) * | 2020-08-31 | 2020-12-01 | 重庆紫光华山智安科技有限公司 | Websocket-based message pushing method, system, equipment and medium |
| CN112398847A (en) * | 2020-11-12 | 2021-02-23 | 华侨大学 | Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism |
| CN112714194A (en) * | 2021-03-26 | 2021-04-27 | 南京美乐威电子科技有限公司 | Method for accessing intranet equipment by extranet host and network topology structure |
| CN114553414A (en) * | 2022-03-03 | 2022-05-27 | 合肥浩瀚深度信息技术有限公司 | Intranet penetration method and system based on HTTPS service |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262478A (en) * | 2008-04-10 | 2008-09-10 | 杭州华三通信技术有限公司 | Method and device for penetrating NAT |
| CN105208043A (en) * | 2015-10-13 | 2015-12-30 | 网易(杭州)网络有限公司 | Outer network agent module, inner network agent module and data transmitting method and system |
| CN105376299A (en) * | 2015-09-30 | 2016-03-02 | 深圳市先河系统技术有限公司 | A network communication method, an apparatus and a network attached storage apparatus |
| CN105635338A (en) * | 2015-12-31 | 2016-06-01 | 迈普通信技术股份有限公司 | Data transmission method and device |
| US20160241596A1 (en) * | 2015-02-16 | 2016-08-18 | International Business Machines Corporation | Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly |
| US20180159751A1 (en) * | 2016-12-06 | 2018-06-07 | Forescout Technologies, Inc. | Device classification |
-
2019
- 2019-09-12 CN CN201910866639.0A patent/CN110661858A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262478A (en) * | 2008-04-10 | 2008-09-10 | 杭州华三通信技术有限公司 | Method and device for penetrating NAT |
| US20160241596A1 (en) * | 2015-02-16 | 2016-08-18 | International Business Machines Corporation | Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly |
| CN105376299A (en) * | 2015-09-30 | 2016-03-02 | 深圳市先河系统技术有限公司 | A network communication method, an apparatus and a network attached storage apparatus |
| CN105208043A (en) * | 2015-10-13 | 2015-12-30 | 网易(杭州)网络有限公司 | Outer network agent module, inner network agent module and data transmitting method and system |
| CN105635338A (en) * | 2015-12-31 | 2016-06-01 | 迈普通信技术股份有限公司 | Data transmission method and device |
| US20180159751A1 (en) * | 2016-12-06 | 2018-06-07 | Forescout Technologies, Inc. | Device classification |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111698334A (en) * | 2020-06-24 | 2020-09-22 | 昆明东电科技有限公司 | Network service method and system of dual reverse proxy between intranet and extranet |
| CN111698334B (en) * | 2020-06-24 | 2023-04-07 | 昆明东电科技有限公司 | Network service method and system of dual reverse proxy between intranet and extranet |
| CN112019625A (en) * | 2020-08-31 | 2020-12-01 | 重庆紫光华山智安科技有限公司 | Websocket-based message pushing method, system, equipment and medium |
| CN112019625B (en) * | 2020-08-31 | 2023-01-31 | 重庆紫光华山智安科技有限公司 | Websocket-based message pushing method, system, device and medium |
| CN112398847A (en) * | 2020-11-12 | 2021-02-23 | 华侨大学 | Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism |
| CN112398847B (en) * | 2020-11-12 | 2022-11-01 | 华侨大学 | Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism |
| CN112714194A (en) * | 2021-03-26 | 2021-04-27 | 南京美乐威电子科技有限公司 | Method for accessing intranet equipment by extranet host and network topology structure |
| CN112714194B (en) * | 2021-03-26 | 2021-06-18 | 南京美乐威电子科技有限公司 | Method for accessing intranet equipment by extranet host and network topology structure |
| CN114553414A (en) * | 2022-03-03 | 2022-05-27 | 合肥浩瀚深度信息技术有限公司 | Intranet penetration method and system based on HTTPS service |
| CN114553414B (en) * | 2022-03-03 | 2024-04-05 | 合肥浩瀚深度信息技术有限公司 | Intranet penetration method and system based on HTTPS service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8296437B2 (en) | Server-mediated setup and maintenance of peer-to-peer client computer communications | |
| CN110661858A (en) | Websocket-based intranet penetration method and system | |
| US7852861B2 (en) | Dynamic system and method for virtual private network (VPN) application level content routing using dual-proxy method | |
| CA2383247C (en) | External access to protected device on private network | |
| US7716369B2 (en) | Data transmission system with a mechanism enabling any application to run transparently over a network address translation device | |
| US6104716A (en) | Method and apparatus for lightweight secure communication tunneling over the internet | |
| RU2533063C2 (en) | Method to establish connection (versions), method to transfer data packet and system of remote access | |
| US11323288B2 (en) | Systems and methods for server cluster network communication across the public internet | |
| JP4708376B2 (en) | Method and system for securing access to a private network | |
| US20170034174A1 (en) | Method for providing access to a web server | |
| US8443435B1 (en) | VPN resource connectivity in large-scale enterprise networks | |
| US8547874B2 (en) | Method and system for learning network information | |
| US20150150114A1 (en) | Method and System for Providing Secure Remote External Client Access to Device or Service on a Remote Network | |
| CN101175036B (en) | Fire wall/subnet penetration method based on intranet node forwarding technology | |
| EP1328105B1 (en) | Method for sending a packet from a first IPsec client to a second IPsec client through a L2TP tunnel | |
| US20220200891A1 (en) | Cross datacenter communication using a mesh gateway | |
| CN109743316B (en) | Data transmission method, exit router, firewall and double firewall systems | |
| US20200106515A1 (en) | Communication Device, Relay Device, Information Processing System, Communication System and Communication Method | |
| US20200287868A1 (en) | Systems and methods for in-band remote management | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
| CN114553567B (en) | Network transmission method, system, storage medium and computing device in multiparty security computing | |
| CHAKMA | Study of Computer Networking Protocols and an implementation by writing a program to retrieve a data file from a network drive of another Computer. | |
| CA2323221A1 (en) | Method and apparatus for data communication between a plurality of parties | |
| CA2531678A1 (en) | Method and system for facilitating client computer communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200107 |
|
| RJ01 | Rejection of invention patent application after publication |