CN111277602A - Network data packet identification processing method and device, electronic equipment and storage medium - Google Patents
Network data packet identification processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111277602A CN111277602A CN202010076961.6A CN202010076961A CN111277602A CN 111277602 A CN111277602 A CN 111277602A CN 202010076961 A CN202010076961 A CN 202010076961A CN 111277602 A CN111277602 A CN 111277602A
- Authority
- CN
- China
- Prior art keywords
- data packet
- network
- identity
- network equipment
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The embodiment of the invention discloses a method and a device for identifying and processing network data packets, electronic equipment and a storage medium, wherein the method comprises the following steps: before sending a network data packet, adding a network identity of current network equipment to a message header of the network data packet to obtain an identity data packet; and sending the identification data packet to target network equipment so that the target network equipment can obtain the network identification of the current network equipment according to the identification data packet. According to the embodiment of the invention, the network identity is added to the network data packet and then sent to the target network equipment, so that the target network equipment can identify the network identity of the current network equipment, and the network request and the network connection are easily discriminated, thereby facilitating management of the internet access behaviors of all the network equipment.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a network data packet identification processing method and device, electronic equipment and a storage medium.
Background
With the continuous development of communication technology and computer technology, more and more network devices are provided in the network, and the variety of network devices is also increased from the original computer to the current mobile phone, watch, even refrigerator and television. The number and the types of the existing network devices are continuously increased, so that the network environment becomes abnormally complex, and the management of the internet behavior of the network devices becomes abnormally difficult.
Taking a multi-layer NAT (Network Address Translation) device as an example, the Network Address of the NAT device in the local area Network is not transparent to the outside, so that the internet access behavior of the Network devices cannot be controlled.
Due to the existence of the non-transparent network equipment in the prior art, the management of the internet surfing behavior of the network equipment becomes extremely difficult.
Disclosure of Invention
Because the existing method has the above problems, embodiments of the present invention provide a method and an apparatus for identifying and processing a network packet, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present invention provides a method for identifying and processing a network data packet, where the method includes:
before sending a network data packet, adding a network identity of current network equipment to a message header of the network data packet to obtain an identity data packet;
and sending the identification data packet to target network equipment so that the target network equipment can obtain the network identification of the current network equipment according to the identification data packet.
Optionally, before sending the network data packet, adding the network identity of the current network device to a header of the network data packet to obtain an identity data packet, which specifically includes:
before sending a network data packet, acquiring the network data packet through a hook program in current network equipment;
performing protocol analysis and data packet filtering on the network data packet to obtain a Transmission Control Protocol (TCP) data packet;
and adding the network identity of the current network equipment to the message header of the TCP data packet to obtain an identity data packet.
Optionally, the adding the network identity of the current network device to the header of the TCP data packet to obtain an identity data packet specifically includes:
analyzing the message of the TCP data packet to obtain a message header of the TCP data packet;
and checking a preset field in a message header, and if the preset field is judged to be unoccupied, updating the value of the preset field to the network identity of the current network equipment to obtain an identity data packet.
Optionally, the sending the identity data packet to a target network device so that the target network device obtains the network identity of the current network device according to the identity data packet, specifically includes:
calculating a check value of the identity identification data packet according to a preset rule, and updating the identity identification data packet according to the check value;
and sending the updated identification data packet to target network equipment so that the target network equipment confirms the integrity and the accuracy of the updated identification data packet according to the updated identification data packet and identifies to obtain the network identification of the current network equipment.
In a second aspect, an embodiment of the present invention further provides a method for identifying and processing a network data packet, where the method includes:
receiving an identity identification data packet sent by current network equipment; the message header of the identity data packet carries the network identity of the current network equipment;
and identifying and obtaining the network identity of the current network equipment according to the identity data packet.
Optionally, the obtaining the network identity of the current network device according to the identity data packet identification specifically includes:
and analyzing the identity identification data packet, acquiring a preset field in a message header of the identity identification data packet, and identifying a value in the preset field to obtain the network identity of the current network equipment.
Optionally, the analyzing the id packet, obtaining a preset field in a header of the id packet, and identifying a value in the preset field to obtain a network id of the current network device specifically includes:
analyzing the identification data packet to obtain a check field in a message header of the identification data packet;
checking the check value in the check field according to a preset algorithm, if the check is passed, confirming the integrity and the accuracy of the identity identification data packet, and acquiring a preset field in a message header of the identity identification data packet;
and identifying the value in the preset field to obtain the network identity of the current network equipment.
In a third aspect, an embodiment of the present invention further provides an apparatus for identifying and processing a network packet, including:
the identification adding module is used for adding the network identification of the current network equipment to the message header of the network data packet before the network data packet is sent to obtain an identification data packet;
and the data packet sending module is used for sending the identity identification data packet to target network equipment so that the target network equipment can obtain the network identity of the current network equipment according to the identity identification data packet.
Optionally, the identifier adding module is specifically configured to:
before sending a network data packet, acquiring the network data packet through a hook program in current network equipment;
performing protocol analysis and data packet filtering on the network data packet to obtain a Transmission Control Protocol (TCP) data packet;
and adding the network identity of the current network equipment to the message header of the TCP data packet to obtain an identity data packet.
Optionally, the identifier adding module is specifically configured to:
analyzing the message of the TCP data packet to obtain a message header of the TCP data packet;
and checking a preset field in a message header, and if the preset field is judged to be unoccupied, updating the value of the preset field to the network identity of the current network equipment to obtain an identity data packet.
Optionally, the data packet sending module is specifically configured to:
calculating a check value of the identity identification data packet according to a preset rule, and updating the identity identification data packet according to the check value;
and sending the updated identification data packet to target network equipment so that the target network equipment confirms the integrity and the accuracy of the updated identification data packet according to the updated identification data packet and identifies to obtain the network identification of the current network equipment.
In a fourth aspect, an embodiment of the present invention further provides an apparatus for identifying and processing a network packet, including:
the data packet receiving module is used for receiving the identity identification data packet sent by the current network equipment; the message header of the identity data packet carries the network identity of the current network equipment;
and the identification module is used for identifying and obtaining the network identity of the current network equipment according to the identity data packet.
Optionally, the identifier recognition module is specifically configured to:
and analyzing the identity identification data packet, acquiring a preset field in a message header of the identity identification data packet, and identifying a value in the preset field to obtain the network identity of the current network equipment.
Optionally, the identifier recognition module is specifically configured to:
analyzing the identification data packet to obtain a check field in a message header of the identification data packet;
checking the check value in the check field according to a preset algorithm, if the check is passed, confirming the integrity and the accuracy of the identity identification data packet, and acquiring a preset field in a message header of the identity identification data packet;
and identifying the value in the preset field to obtain the network identity of the current network equipment.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the above-described methods.
In a sixth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium storing a computer program, which causes the computer to execute the above method.
According to the technical scheme, the network identity is added to the network data packet and then sent to the target network equipment, so that the target network equipment can identify the network identity of the current network equipment, and the network request and the network connection are easily discriminated, so that the internet access behaviors of all the network equipment are conveniently managed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flowchart illustrating a method for identifying and processing a network data packet according to an embodiment of the present invention;
fig. 2 is a schematic view of an identification scenario of a network packet according to an embodiment of the present invention;
fig. 3 is a schematic view of a scenario in which a hook program performs network packet processing according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a method for identifying and processing a network packet according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for identifying and processing a network packet according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an apparatus for identifying and processing network packets according to another embodiment of the present invention;
fig. 7 is a logic block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following further describes embodiments of the present invention with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
Fig. 1 shows a schematic flow chart of a method for identifying and processing a network data packet according to this embodiment, which includes:
s101, before a network data packet is sent, a network identity of current network equipment is added to a message header of the network data packet to obtain an identity data packet.
The network data packet is a data packet which is to be sent to a target network device by the current network device through a network.
The current network device is the network device which sends the network data packet.
The target network device is a network device that receives the network data packet.
The network identity is an identity unique to the current network device in the network, such as an IP address or a MAC address.
The identity identification data packet is a data packet added with a network identity identification.
S102, the identification data packet is sent to target network equipment, so that the target network equipment can obtain the network identification of the current network equipment according to the identification data packet.
Specifically, network devices communicate with each other through data packets, and the number of data packets transmitted in the network is increasing due to the increasing number and types of network devices in the network. If the source of the data packet cannot be known, effective management on the internet access behavior of the network equipment cannot be realized. Therefore, before each network device sends the network data packet, the network data packet is processed again, the network identity of the current network device is added to the message header of the network data packet, and after the identity data packet capable of identifying the identity is generated, the identity data packet is sent to the target network device. Regardless of the type of the target network device, upon receiving the identification packet, the network device that sent the identification packet can be identified.
For example, as shown in fig. 2, a schematic view of an identification scenario of a Network data packet is shown, in a multi-layer NAT environment, a terminal a, a terminal B, and a terminal C all send the Network data packet to a NAC (Network Admission Control) server through an NAT.
Taking terminal a as an example, in this embodiment, terminal a is the current network device, and the NAC server is the target network device. When the terminal A is before sending the network data packet, the IP address of the terminal A is 192.168.0.2: 1000 to obtain an identity data packet, and then sending the identity data packet to an NAC server; after receiving the identity identification data packet, the NAC server identifies the identity identification data packet, and obtains a network identity of 192.168.0.2: 1000 whereupon it is determined that the identity packet is from terminal a. When the identity identification data packet is analyzed to find that viruses exist, the terminal A can be quickly positioned.
It should be noted that the current network device and the target network device in this embodiment are arbitrary network devices, that is, after the current network device receives a network data packet sent by another network device, the current network device may identify the received network data packet to obtain a source of the network data packet.
In the embodiment, the network identity is added to the network data packet and then sent to the target network device, so that the target network device can identify the network identity of the current network device, and easily discriminate the network request and the network connection, thereby facilitating management of the internet access behaviors of all network devices.
Further, on the basis of the above method embodiment, S101 specifically includes:
before sending a network data packet, acquiring the network data packet through a hook program in current network equipment;
performing protocol analysis and data packet filtering on the network data packet to obtain a TCP (Transmission control protocol) data packet;
and adding the network identity of the current network equipment to the message header of the TCP data packet to obtain an identity data packet.
The HOOK program (HOOK) is a program that is set in a network device and is used to intercept a network packet to be sent and add a network identity to the network packet.
In particular, the hook program is a platform of the Windows message handling mechanism, on which a subroutine may be set to monitor certain messages for a given window, and the monitored window may be created by other processes, which process the message before the target window handling function when it arrives.
The TCP data packet is obtained by analyzing and filtering a TCP protocol layer.
For example, fig. 3 shows a scene diagram of processing a network data packet through a HOOK program according to this embodiment, where a network HOOK driver is the HOOK program, and is located in a system kernel, where before the network data packet is sent out, a TCP network request is intercepted, and after a network identity is added to an urgent pointer field of a TCP packet header, the TCP network request is sent to a browser or a network application corresponding to a target network device.
Specifically, the HOOK program can be implemented by Netfilter, which is a universal and abstract framework next to the linux system, and provides a whole set of management mechanism for the HOOK function, and can filter data packets, convert network addresses, track connections based on protocol types, and the like. After the HOOK program is loaded on the network device, all network request packets from the current network device pass through the NF _ IP _ LOCAL _ OUT HOOK point, so that all network request packets can be acquired for protocol analysis.
Further, on the basis of the above method embodiment, the adding the network identity of the current network device to the header of the TCP data packet to obtain an identity data packet specifically includes:
analyzing the message of the TCP data packet to obtain a message header of the TCP data packet;
and checking a preset field in a message header, and if the preset field is judged to be unoccupied, updating the value of the preset field to the network identity of the current network equipment to obtain an identity data packet.
Specifically, the current network device obtains a TCP data packet by performing protocol screening, inspection and filtering on an obtained network request packet, then analyzes a packet of the TCP data packet, obtains a TCP header packet header, inspects a preset field, such as an urgent pointer field, in the packet header, performs watermark identification assignment on the preset field, and updates the value of the preset field to a network identity of the current network device, so that the watermark identification is added to the entire TCP data packet.
The embodiment aims at the problems existing in the current network equipment environment, a network identity is defined for each network data packet in the network by analyzing the network equipment, the network request protocol and the TCP network data transmission protocol, and the network data packets sent by all the network equipment are added with the predefined network identity in the request message header of the network data packet, so that the network equipment has the identity in the internet access behavior, and the network request and the network connection can be easily discriminated even under the multilayer NAT environment, thereby reasonably managing and controlling the network behavior.
Further, on the basis of the above method embodiment, S102 specifically includes:
calculating a check value of the identity identification data packet according to a preset rule, and updating the identity identification data packet according to the check value;
and sending the updated identification data packet to target network equipment so that the target network equipment confirms the integrity and the accuracy of the updated identification data packet according to the updated identification data packet and identifies to obtain the network identification of the current network equipment.
The preset rule is an existing rule for calculating a check value of a data packet, for example, a parity check of data bits or a data bit sum is used to obtain the check value.
The checksum (checksum) is a sum of a set of data items for checking a destination in the field of data processing and data communication. It is usually expressed in hexadecimal form as a numerical system. If the checksum value exceeds hexadecimal FF, i.e., 255, its complement is required as the checksum. Are commonly used to ensure data integrity and accuracy in communications, particularly over long distances.
Specifically, since the id packet is forcibly modified, the pre-agreed check value is no longer applicable. In order to determine the integrity and accuracy of the identification data packet after the opposite end receives the identification data packet, the check value of the identification data packet needs to be recalculated.
For example, a new TCP checksum is obtained through the function csum _ tcpupp _ magic, a new IP checksum is calculated for the id packet through the function IP _ fast _ csum, and the IP checksum of the TCP checksum is used as a final check value to update the id packet. Correspondingly, after receiving the updated identification data packet, the opposite end can determine that the identification data packet is complete and accurate through the TCP checksum and the IP checksum.
In this embodiment, by updating the check value, the integrity and accuracy of the target network device can be confirmed after the target network device receives the identity data packet.
Fig. 4 is a flowchart illustrating a method for identifying and processing a network data packet according to this embodiment, where the method includes:
s401, receiving an identity identification data packet sent by current network equipment; and the message header of the identity data packet carries the network identity of the current network equipment.
S402, identifying according to the identity identification data packet to obtain the network identity of the current network equipment.
The identity identification data packet is a data packet added with a network identity identification.
The network identity is an identity unique to the current network device in the network, such as an IP address or a MAC address.
The network data packet is a data packet which is to be sent to a target network device by the current network device through a network.
The current network device is the network device which sends the network data packet.
The target network device is a network device that receives the network data packet.
Specifically, network devices communicate with each other through data packets, and the number of data packets transmitted in the network is increasing due to the increasing number and types of network devices in the network. If the source of the data packet cannot be known, effective management on the internet access behavior of the network equipment cannot be realized. Therefore, before each network device sends the network data packet, the network data packet is processed again, the network identity of the current network device is added to the message header of the network data packet, and after the identity data packet capable of identifying the identity is generated, the identity data packet is sent to the target network device. Regardless of the type of the target network device, upon receiving the identification packet, the network device that sent the identification packet can be identified.
For example, as shown in fig. 2, a schematic view of an identification scenario of a Network data packet is shown, in a multi-layer NAT environment, a terminal a, a terminal B, and a terminal C all send the Network data packet to a NAC (Network Admission Control) server through an NAT.
Taking terminal a as an example, in this embodiment, terminal a is the current network device, and the NAC server is the target network device. When the terminal A is before sending the network data packet, the IP address of the terminal A is 192.168.0.2: 1000 to obtain an identity data packet, and then sending the identity data packet to an NAC server; after receiving the identity identification data packet, the NAC server identifies the identity identification data packet, and obtains a network identity of 192.168.0.2: 1000 whereupon it is determined that the identity packet is from terminal a. When the identity identification data packet is analyzed to find that viruses exist, the terminal A can be quickly positioned.
It should be noted that the current network device and the target network device in this embodiment are arbitrary network devices, that is, after the current network device receives a network data packet sent by another network device, the current network device may identify the received network data packet to obtain a source of the network data packet.
In the embodiment, the network identity is added to the network data packet and then sent to the target network device, so that the target network device can identify the network identity of the current network device, and easily discriminate the network request and the network connection, thereby facilitating management of the internet access behaviors of all network devices.
Further, on the basis of the foregoing method embodiment, S402 specifically includes:
and analyzing the identity identification data packet, acquiring a preset field in a message header of the identity identification data packet, and identifying a value in the preset field to obtain the network identity of the current network equipment.
Specifically, the target network device obtains a tcp header by analyzing the received identity data packet, and identifies a preset field, such as an urgent pointer field, in the header to obtain the network identity of the current network device that sends the identity data packet.
The embodiment aims at the problems existing in the current network equipment environment, a network identity is defined for each network data packet in the network by analyzing the network equipment, the network request protocol and the TCP network data transmission protocol, and the network data packets sent by all the network equipment are added with the predefined network identity in the request message header of the network data packet, so that the network equipment has the identity in the internet access behavior, and the network request and the network connection can be easily discriminated even under the multilayer NAT environment, thereby reasonably managing and controlling the network behavior.
Further, on the basis of the above method embodiment, the analyzing the id data packet to obtain a preset field in a header of the id data packet, and identifying a value in the preset field to obtain a network id of the current network device specifically includes:
analyzing the identification data packet to obtain a check field in a message header of the identification data packet;
checking the check value in the check field according to a preset algorithm, if the check is passed, confirming the integrity and the accuracy of the identity identification data packet, and acquiring a preset field in a message header of the identity identification data packet;
and identifying the value in the preset field to obtain the network identity of the current network equipment.
The preset algorithm is an existing algorithm for checking the data packet, for example, a parity check of data bits or a sum of data bits is used to obtain a check value.
The checksum (checksum) is a sum of a set of data items for checking a destination in the field of data processing and data communication. It is usually expressed in hexadecimal form as a numerical system. If the checksum value exceeds hexadecimal FF, i.e., 255, its complement is required as the checksum. Are commonly used to ensure data integrity and accuracy in communications, particularly over long distances.
Specifically, since the id packet is forcibly modified, the pre-agreed check value is no longer applicable. In order to enable the target network device to judge the integrity and accuracy of the identification data packet after receiving the identification data packet, the check value of the identification data packet needs to be recalculated.
For example, a new TCP checksum is obtained through the function csum _ tcpupp _ magic, a new IP checksum is calculated for the id packet through the function IP _ fast _ csum, and the IP checksum of the TCP checksum is used as a final check value to update the id packet. Correspondingly, after receiving the updated identification data packet, the opposite end can determine that the identification data packet is complete and accurate through the TCP checksum and the IP checksum.
In this embodiment, by updating the check value, the integrity and accuracy of the target network device can be confirmed after the target network device receives the identity data packet.
Fig. 5 is a schematic structural diagram illustrating an apparatus for identifying and processing a network data packet according to this embodiment, where the apparatus includes: an identifier adding module 501 and a data packet sending module 502, wherein:
the identifier adding module 501 is configured to add a network identifier of a current network device to a header of a network data packet before sending the network data packet, so as to obtain an identifier data packet;
the data packet sending module 502 is configured to send the identity data packet to a target network device, so that the target network device obtains a network identity of the current network device according to the identity data packet.
Specifically, the identifier adding module 501 adds the network identifier of the current network device to the header of the network data packet before sending the network data packet, so as to obtain an identifier data packet; the data packet sending module 502 sends the identification data packet to a target network device, so that the target network device obtains a network identification of the current network device according to the identification data packet.
In the embodiment, the network identity is added to the network data packet and then sent to the target network device, so that the target network device can identify the network identity of the current network device, and easily discriminate the network request and the network connection, thereby facilitating management of the internet access behaviors of all network devices.
Further, on the basis of the above apparatus embodiment, the identifier adding module 501 is specifically configured to:
before sending a network data packet, acquiring the network data packet through a hook program in current network equipment;
performing protocol analysis and data packet filtering on the network data packet to obtain a Transmission Control Protocol (TCP) data packet;
and adding the network identity of the current network equipment to the message header of the TCP data packet to obtain an identity data packet.
Further, on the basis of the above apparatus embodiment, the identifier adding module 501 is specifically configured to:
analyzing the message of the TCP data packet to obtain a message header of the TCP data packet;
and checking a preset field in a message header, and if the preset field is judged to be unoccupied, updating the value of the preset field to the network identity of the current network equipment to obtain an identity data packet.
Further, on the basis of the above device embodiment, the data packet sending module 502 is specifically configured to:
calculating a check value of the identity identification data packet according to a preset rule, and updating the identity identification data packet according to the check value;
and sending the updated identification data packet to target network equipment so that the target network equipment confirms the integrity and the accuracy of the updated identification data packet according to the updated identification data packet and identifies to obtain the network identification of the current network equipment.
The device for identifying and processing network data packets described in this embodiment may be configured to execute the method embodiments, and the principle and technical effect are similar, which are not described herein again.
Fig. 6 is a schematic structural diagram illustrating an apparatus for identifying and processing a network data packet according to this embodiment, where the apparatus includes: a packet receiving module 601 and an identification identifying module 602, wherein:
the data packet receiving module 601 is configured to receive an identity data packet sent by a current network device; the message header of the identity data packet carries the network identity of the current network equipment;
the identifier recognizing module 602 is configured to recognize and obtain a network identifier of the current network device according to the identifier data packet.
Specifically, the data packet receiving module 601 receives an identity data packet sent by a current network device; the message header of the identity data packet carries the network identity of the current network equipment; the identifier recognizing module 602 recognizes and obtains the network identifier of the current network device according to the identifier data packet.
In the embodiment, the network identity is added to the network data packet and then sent to the target network device, so that the target network device can identify the network identity of the current network device, and easily discriminate the network request and the network connection, thereby facilitating management of the internet access behaviors of all network devices.
Further, on the basis of the above apparatus embodiment, the identifier recognizing module 602 is specifically configured to:
and analyzing the identity identification data packet, acquiring a preset field in a message header of the identity identification data packet, and identifying a value in the preset field to obtain the network identity of the current network equipment.
Further, on the basis of the above apparatus embodiment, the identifier recognizing module 602 is specifically configured to:
analyzing the identification data packet to obtain a check field in a message header of the identification data packet;
checking the check value in the check field according to a preset algorithm, if the check is passed, confirming the integrity and the accuracy of the identity identification data packet, and acquiring a preset field in a message header of the identity identification data packet;
and identifying the value in the preset field to obtain the network identity of the current network equipment.
The device for identifying and processing network data packets described in this embodiment may be configured to execute the method embodiments, and the principle and technical effect are similar, which are not described herein again.
Referring to fig. 7, the electronic device includes: a processor (processor)701, a memory (memory)702, and a bus 703;
wherein the content of the first and second substances,
the processor 701 and the memory 702 complete communication with each other through the bus 703;
the processor 701 is configured to call the program instructions in the memory 702 to execute the methods provided by the above-described method embodiments.
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments.
The present embodiments provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the methods provided by the method embodiments described above.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
It should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (16)
1. A method for identifying and processing network data packets is characterized by comprising the following steps:
before sending a network data packet, adding a network identity of current network equipment to a message header of the network data packet to obtain an identity data packet;
and sending the identification data packet to target network equipment so that the target network equipment can obtain the network identification of the current network equipment according to the identification data packet.
2. The method according to claim 1, wherein before sending the network data packet, the method adds the network identifier of the current network device to a header of the network data packet to obtain an identifier data packet, and specifically includes:
before sending a network data packet, acquiring the network data packet through a hook program in current network equipment;
performing protocol analysis and data packet filtering on the network data packet to obtain a Transmission Control Protocol (TCP) data packet;
and adding the network identity of the current network equipment to the message header of the TCP data packet to obtain an identity data packet.
3. The method according to claim 2, wherein the adding the network identifier of the current network device to the header of the TCP packet to obtain the identifier packet specifically includes:
analyzing the message of the TCP data packet to obtain a message header of the TCP data packet;
and checking a preset field in a message header, and if the preset field is judged to be unoccupied, updating the value of the preset field to the network identity of the current network equipment to obtain an identity data packet.
4. The method for processing network packet identification according to any one of claims 1 to 3, wherein the sending the identity packet to a target network device to enable the target network device to obtain the network identity of the current network device according to the identity packet identification specifically includes:
calculating a check value of the identity identification data packet according to a preset rule, and updating the identity identification data packet according to the check value;
and sending the updated identification data packet to target network equipment so that the target network equipment confirms the integrity and the accuracy of the updated identification data packet according to the updated identification data packet and identifies to obtain the network identification of the current network equipment.
5. A method for identifying and processing network data packets is characterized by comprising the following steps:
receiving an identity identification data packet sent by current network equipment; the message header of the identity data packet carries the network identity of the current network equipment;
and identifying and obtaining the network identity of the current network equipment according to the identity data packet.
6. The method for recognizing and processing the network data packet according to claim 5, wherein the obtaining the network identity of the current network device according to the identity data packet includes:
and analyzing the identity identification data packet, acquiring a preset field in a message header of the identity identification data packet, and identifying a value in the preset field to obtain the network identity of the current network equipment.
7. The method according to claim 6, wherein the analyzing the id packet to obtain a preset field in a header of the id packet and identifying a value in the preset field to obtain a network id of the current network device specifically includes:
analyzing the identification data packet to obtain a check field in a message header of the identification data packet;
checking the check value in the check field according to a preset algorithm, if the check is passed, confirming the integrity and the accuracy of the identity identification data packet, and acquiring a preset field in a message header of the identity identification data packet;
and identifying the value in the preset field to obtain the network identity of the current network equipment.
8. An apparatus for identifying and processing network packets, comprising:
the identification adding module is used for adding the network identification of the current network equipment to the message header of the network data packet before the network data packet is sent to obtain an identification data packet;
and the data packet sending module is used for sending the identity identification data packet to target network equipment so that the target network equipment can obtain the network identity of the current network equipment according to the identity identification data packet.
9. The apparatus for recognizing and processing a network data packet according to claim 8, wherein the identifier adding module is specifically configured to:
before sending a network data packet, acquiring the network data packet through a hook program in current network equipment;
performing protocol analysis and data packet filtering on the network data packet to obtain a Transmission Control Protocol (TCP) data packet;
and adding the network identity of the current network equipment to the message header of the TCP data packet to obtain an identity data packet.
10. The apparatus for recognizing and processing a network data packet according to claim 9, wherein the identifier adding module is specifically configured to:
analyzing the message of the TCP data packet to obtain a message header of the TCP data packet;
and checking a preset field in a message header, and if the preset field is judged to be unoccupied, updating the value of the preset field to the network identity of the current network equipment to obtain an identity data packet.
11. The apparatus for identifying and processing network packets according to any one of claims 8 to 10, wherein the packet sending module is specifically configured to:
calculating a check value of the identity identification data packet according to a preset rule, and updating the identity identification data packet according to the check value;
and sending the updated identification data packet to target network equipment so that the target network equipment confirms the integrity and the accuracy of the updated identification data packet according to the updated identification data packet and identifies to obtain the network identification of the current network equipment.
12. An apparatus for identifying and processing network packets, comprising:
the data packet receiving module is used for receiving the identity identification data packet sent by the current network equipment; the message header of the identity data packet carries the network identity of the current network equipment;
and the identification module is used for identifying and obtaining the network identity of the current network equipment according to the identity data packet.
13. The apparatus for recognizing and processing a network data packet according to claim 12, wherein the identifier recognizing module is specifically configured to:
and analyzing the identity identification data packet, acquiring a preset field in a message header of the identity identification data packet, and identifying a value in the preset field to obtain the network identity of the current network equipment.
14. The apparatus for recognizing and processing a network data packet according to claim 13, wherein the identifier recognizing module is specifically configured to:
analyzing the identification data packet to obtain a check field in a message header of the identification data packet;
checking the check value in the check field according to a preset algorithm, if the check is passed, confirming the integrity and the accuracy of the identity identification data packet, and acquiring a preset field in a message header of the identity identification data packet;
and identifying the value in the preset field to obtain the network identity of the current network equipment.
15. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for identifying and processing the network packet according to any one of claims 1 to 4 and/or the method for identifying and processing the network packet according to any one of claims 5 to 7 when executing the program.
16. A non-transitory computer readable storage medium, on which a computer program is stored, wherein the computer program, when executed by a processor, implements the method for identification processing of the network data packet according to any one of claims 1 to 4 and/or the method for identification processing of the network data packet according to any one of claims 5 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010076961.6A CN111277602B (en) | 2020-01-23 | 2020-01-23 | Network data packet identification processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010076961.6A CN111277602B (en) | 2020-01-23 | 2020-01-23 | Network data packet identification processing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111277602A true CN111277602A (en) | 2020-06-12 |
| CN111277602B CN111277602B (en) | 2023-07-11 |
Family
ID=71001227
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010076961.6A Active CN111277602B (en) | 2020-01-23 | 2020-01-23 | Network data packet identification processing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111277602B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113905364A (en) * | 2021-10-25 | 2022-01-07 | 广州通则康威智能科技有限公司 | Router uplink data tracing method and device, computer equipment and storage medium |
| CN114422167A (en) * | 2021-12-02 | 2022-04-29 | 深信服科技股份有限公司 | Network access control method, device, electronic equipment and storage medium |
| CN115412616A (en) * | 2022-08-26 | 2022-11-29 | 南京中孚信息技术有限公司 | Transmission control protocol data processing method and device and electronic equipment |
| CN115865759A (en) * | 2023-02-27 | 2023-03-28 | 科来网络技术股份有限公司 | Network equipment time delay obtaining method and system based on flow mirror protocol |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1679282A (en) * | 2002-08-30 | 2005-10-05 | 美国博通公司 | System and method for TCP offload |
| CN1716912A (en) * | 2004-06-30 | 2006-01-04 | 卓联半导体股份有限公司 | Method and apparatus providing rapid end-to-end failover in a packet switched communications network |
| CN102025604A (en) * | 2009-09-18 | 2011-04-20 | 中兴通讯股份有限公司 | Carrying network and data transmission method |
| CN103095702A (en) * | 2013-01-11 | 2013-05-08 | 大唐移动通信设备有限公司 | Request message reporting and processing method and device thereof |
| CN103139315A (en) * | 2013-03-26 | 2013-06-05 | 烽火通信科技股份有限公司 | Application layer protocol analysis method suitable for home gateway |
| CN103338112A (en) * | 2013-07-15 | 2013-10-02 | 中国科学院信息工程研究所 | Data unidirectional lead-in method and system |
| CN104539739A (en) * | 2015-01-26 | 2015-04-22 | 浙江大学 | System, method and device for uploading files |
| CN104753928A (en) * | 2015-03-16 | 2015-07-01 | 苏州科达科技股份有限公司 | Code stream forwarding method and system |
| CN105959308A (en) * | 2016-06-30 | 2016-09-21 | 中电长城网际系统应用有限公司 | Internal network IP data packet management method and system, and devices |
| CN107070866A (en) * | 2016-12-30 | 2017-08-18 | 北京奇虎科技有限公司 | The transmission method and device of a kind of flow data |
| CN107547508A (en) * | 2017-06-29 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of message sending, receiving method, device and the network equipment |
| CN107864129A (en) * | 2017-10-31 | 2018-03-30 | 江苏神州信源系统工程有限公司 | A kind of method and apparatus for ensureing network data security |
| CN109145588A (en) * | 2018-07-27 | 2019-01-04 | 平安科技(深圳)有限公司 | Data processing method and device |
| CN110299971A (en) * | 2018-03-23 | 2019-10-01 | 天地融科技股份有限公司 | A kind of data message method of reseptance and device |
| CN110401669A (en) * | 2019-07-31 | 2019-11-01 | 广州华多网络科技有限公司 | A kind of proof of identity method and relevant device |
| CN110417787A (en) * | 2019-07-31 | 2019-11-05 | 广州华多网络科技有限公司 | A kind of data processing method, device, client and storage medium |
-
2020
- 2020-01-23 CN CN202010076961.6A patent/CN111277602B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1679282A (en) * | 2002-08-30 | 2005-10-05 | 美国博通公司 | System and method for TCP offload |
| CN1716912A (en) * | 2004-06-30 | 2006-01-04 | 卓联半导体股份有限公司 | Method and apparatus providing rapid end-to-end failover in a packet switched communications network |
| CN102025604A (en) * | 2009-09-18 | 2011-04-20 | 中兴通讯股份有限公司 | Carrying network and data transmission method |
| CN103095702A (en) * | 2013-01-11 | 2013-05-08 | 大唐移动通信设备有限公司 | Request message reporting and processing method and device thereof |
| CN103139315A (en) * | 2013-03-26 | 2013-06-05 | 烽火通信科技股份有限公司 | Application layer protocol analysis method suitable for home gateway |
| CN103338112A (en) * | 2013-07-15 | 2013-10-02 | 中国科学院信息工程研究所 | Data unidirectional lead-in method and system |
| CN104539739A (en) * | 2015-01-26 | 2015-04-22 | 浙江大学 | System, method and device for uploading files |
| CN104753928A (en) * | 2015-03-16 | 2015-07-01 | 苏州科达科技股份有限公司 | Code stream forwarding method and system |
| CN105959308A (en) * | 2016-06-30 | 2016-09-21 | 中电长城网际系统应用有限公司 | Internal network IP data packet management method and system, and devices |
| CN107070866A (en) * | 2016-12-30 | 2017-08-18 | 北京奇虎科技有限公司 | The transmission method and device of a kind of flow data |
| CN107547508A (en) * | 2017-06-29 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of message sending, receiving method, device and the network equipment |
| CN107864129A (en) * | 2017-10-31 | 2018-03-30 | 江苏神州信源系统工程有限公司 | A kind of method and apparatus for ensureing network data security |
| CN110299971A (en) * | 2018-03-23 | 2019-10-01 | 天地融科技股份有限公司 | A kind of data message method of reseptance and device |
| CN109145588A (en) * | 2018-07-27 | 2019-01-04 | 平安科技(深圳)有限公司 | Data processing method and device |
| CN110401669A (en) * | 2019-07-31 | 2019-11-01 | 广州华多网络科技有限公司 | A kind of proof of identity method and relevant device |
| CN110417787A (en) * | 2019-07-31 | 2019-11-05 | 广州华多网络科技有限公司 | A kind of data processing method, device, client and storage medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113905364A (en) * | 2021-10-25 | 2022-01-07 | 广州通则康威智能科技有限公司 | Router uplink data tracing method and device, computer equipment and storage medium |
| CN113905364B (en) * | 2021-10-25 | 2023-07-04 | 广州通则康威智能科技有限公司 | Router uplink data tracing method, device, computer equipment and storage medium |
| CN114422167A (en) * | 2021-12-02 | 2022-04-29 | 深信服科技股份有限公司 | Network access control method, device, electronic equipment and storage medium |
| CN114422167B (en) * | 2021-12-02 | 2024-04-09 | 深信服科技股份有限公司 | Network access control method and device, electronic equipment and storage medium |
| CN115412616A (en) * | 2022-08-26 | 2022-11-29 | 南京中孚信息技术有限公司 | Transmission control protocol data processing method and device and electronic equipment |
| CN115865759A (en) * | 2023-02-27 | 2023-03-28 | 科来网络技术股份有限公司 | Network equipment time delay obtaining method and system based on flow mirror protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111277602B (en) | 2023-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111277602A (en) | Network data packet identification processing method and device, electronic equipment and storage medium | |
| CN109257326B (en) | Method and device for defending against data stream attack, storage medium and electronic equipment | |
| US11108738B2 (en) | Communication apparatus and communication system | |
| CN106936791B (en) | Method and device for intercepting malicious website access | |
| CN110740144B (en) | Method, device, equipment and storage medium for determining attack target | |
| CN110636151B (en) | Message processing method and device, firewall and storage medium | |
| CN110708215A (en) | Deep packet inspection rule base generation method and device, network equipment and storage medium | |
| US20160112537A1 (en) | Remote access of peripheral device connected to serial bus | |
| US11005813B2 (en) | Systems and methods for modification of p0f signatures in network packets | |
| CN103974380A (en) | Terminal access position keep-alive method and device | |
| CN111431871B (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
| CN115348092A (en) | Industrial control network abnormal flow detection method and device and electronic equipment | |
| CN113923008B (en) | Malicious website interception method, device, equipment and storage medium | |
| WO2016008212A1 (en) | Terminal as well as method for detecting security of terminal data interaction, and storage medium | |
| CN113206879A (en) | Terminal IP address automatic synchronization method, electronic equipment and storage medium | |
| CN114390118B (en) | Industrial control asset identification method and device, electronic equipment and storage medium | |
| CN114095235B (en) | System identification method, device, computer equipment and medium | |
| CN113259490B (en) | Multi-level node network data transmission method based on UDP transmission protocol | |
| CN115314319A (en) | Network asset identification method and device, electronic equipment and storage medium | |
| US10986115B2 (en) | Data analysis device, method, and storage medium | |
| CN113347239A (en) | Communication request processing method, device, system, electronic equipment and storage medium | |
| CN111147473A (en) | Network message forwarding method, device and system | |
| CN109756454B (en) | Data interaction method, device and system | |
| CN110708317A (en) | Data packet matching method, device, network equipment and storage medium | |
| CN102857515B (en) | Network access control method and network access control device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: Qianxin Technology Group Co.,Ltd. Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee before: Qianxin Technology Group Co.,Ltd. Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |