CN111565125A - Method for acquiring message passing through network traffic path - Google Patents
Method for acquiring message passing through network traffic path Download PDFInfo
- Publication number
- CN111565125A CN111565125A CN202010677635.0A CN202010677635A CN111565125A CN 111565125 A CN111565125 A CN 111565125A CN 202010677635 A CN202010677635 A CN 202010677635A CN 111565125 A CN111565125 A CN 111565125A
- Authority
- CN
- China
- Prior art keywords
- message
- network
- acquiring
- acquisition point
- quintuple
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
- H04L43/0829—Packet loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The invention discloses a method for acquiring a message passing through a network flow path, which comprises the following steps: s1, acquiring a network topological graph; s2, marking collection points; s3, marking the message of the acquisition point; s4, capturing messages from the network interface connected with the network shunt; s5, acquiring message quintuple, and generating a unique corresponding identification value for each message quintuple; s6, associating and grouping the message quintuple according to the identification value; s7, acquiring a message quintuple of the target session and a corresponding identification value thereof, and acquiring a corresponding acquisition point according to the identification value; and S8, sequentially taking the network element equipment or the line attached to the acquisition point obtained in the step S7 as a starting point and the network element equipment or the line attached to the next acquisition point as a terminal to obtain a network traffic path through which the message passes. The method solves the problem that the existing message analysis display method based on the message content and the flow summary statistical data cannot rapidly analyze the network quality and the fault diagnosis.
Description
Technical Field
The invention relates to the field of computer communication, in particular to a method for acquiring a message passing through a network flow path.
Background
Network data security monitoring and data analysis usually adopt switch router mirror image and optical fiber light splitting technology to capture the flow message of a specific network node, and then further analysis and display are carried out. The existing network data message display methods have two kinds, one is the content of the basic message, such as a message packet capturing tool wireshark, and the method usually displays the decoding result of the message protocol, the message length, the message receiving and sending time, and the content is more detailed. The method has the disadvantages that the analysis of the network message association relationship is not visual enough, and professional personnel are needed to correctly analyze the message relationship and diagnose faults; the other method is to perform summary analysis on the messages based on the session flow, output and display on the overall statistics of the network messages, but the messages cannot be checked specifically, or the path relationship between the messages cannot be displayed, but the path relationship of the messages can help to analyze the network quality and diagnose faults quickly.
Disclosure of Invention
Aiming at the defects in the prior art, the method for acquiring the message passing through the network traffic path solves the problem that the existing message analysis display method based on the message content and the traffic summary statistical data cannot rapidly analyze the network quality and diagnose the fault.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that:
the method for acquiring the message passing through the network flow path comprises the following steps:
s1, acquiring a network topological graph, and recording network element equipment in the network and the connection relation thereof;
s2, marking each data message acquisition point in the network topological graph, and recording the attribute information of the acquisition point;
s3, logically connecting the network interface with the acquisition point through the network shunt, marking the message of the acquisition point, and simultaneously recording the corresponding relation between the acquisition point and the marked message;
s4, capturing messages from a network interface connected with the network shunt in real time or at regular time through the packet capturing unit, and storing the captured messages;
s5, decoding the captured message to obtain a message quintuple, and generating a unique corresponding identification value for each message quintuple;
s6, associating and grouping the message quintuple according to the identification value;
s7, acquiring a message quintuple of the target session and a corresponding identification value thereof, and acquiring a mark value at a corresponding position in the system by taking the identification value as an index so as to obtain an acquisition point corresponding to the acquired mark value;
and S8, sequentially taking the network element equipment or the line attached to the acquisition point obtained in the step S7 as a starting point and the network element equipment or the line attached to the next acquisition point as a terminal to obtain a network traffic path through which the message passes.
Further, step S8 is followed by step S9:
the flow direction is indicated by an arrow, and the message is sequentially displayed by passing through network element equipment or a route in a network flow path in an animation mode.
Further, the specific method of step S2 is:
marking each data message acquisition point in the network topological graph, and simultaneously recording the vector coordinate, the attachment type and the network element equipment name of the acquisition point.
Further, the specific method of step S3 is:
the method comprises the steps of gathering messages of a plurality of acquisition points to the same outlet through a network splitter, carrying out physical network connection on the outlet and a network interface through optical fibers or cables, marking different VLANs or MACs on the messages of different acquisition points, and recording the corresponding relation between the acquisition points and the marked messages.
Further, the specific method for storing the captured message in step S4 is as follows:
and storing the captured message by adopting a PCAP file format.
Further, the specific method of step S5 is:
performing message decoding on the captured message to obtain a message quintuple, generating a corresponding hash value for the message quintuple through a hash algorithm, and taking the hash value as a unique corresponding identification value of the message quintuple; the message five-tuple includes source IP address, destination IP address, IP protocol number, TCP/UDP source port and TCP/UDP destination port.
Further, the specific method of step S6 is:
and traversing all messages, judging whether data exists in the system or not by taking the identification value of the message five-tuple as an index, if so, adding the mark value of the message in the data storage position, otherwise, adding the message five-tuple to the index position, and finishing the association and grouping of the message five-tuple.
Further, the specific method of step S8 is:
and (4) sequentially using the network element device or line attached to the acquisition point obtained in the step (S7) as a starting point and the network element device or line attached to the next acquisition point as a terminal, and drawing a message in a network topology graph to traverse a network traffic path.
The invention has the beneficial effects that: the method can acquire the online network flow message through the switch router mirror image or the optical fiber light splitting technology, vividly and visually display the path relation of the message passing through the network through the data message marking characteristic analysis and the graphic animation technology, and solves the problem that the existing message analysis display method based on the message content and the flow summarizing statistical data cannot rapidly analyze the network quality and diagnose faults.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
As shown in fig. 1, the method for acquiring a packet traversing a network traffic path includes the following steps:
s1, acquiring a network topological graph, and recording network element equipment in the network and the connection relation thereof;
s2, marking each data message acquisition point in the network topological graph, and recording the attribute information of the acquisition point;
s3, logically connecting the network interface with the acquisition point through the network shunt, marking the message of the acquisition point, and simultaneously recording the corresponding relation between the acquisition point and the marked message;
s4, capturing messages from a network interface connected with the network shunt in real time or at regular time through the packet capturing unit, and storing the captured messages;
s5, decoding the captured message to obtain a message quintuple, and generating a unique corresponding identification value for each message quintuple;
s6, associating and grouping the message quintuple according to the identification value;
s7, acquiring a message quintuple of the target session and a corresponding identification value thereof, and acquiring a mark value at a corresponding position in the system by taking the identification value as an index so as to obtain an acquisition point corresponding to the acquired mark value;
and S8, sequentially taking the network element equipment or the line attached to the acquisition point obtained in the step S7 as a starting point and the network element equipment or the line attached to the next acquisition point as a terminal to obtain a network traffic path through which the message passes.
Step S9 is also included after step S8: the flow direction is indicated by an arrow, and the message is sequentially displayed by passing through network element equipment or a route in a network flow path in an animation mode.
The specific method of step S2 is: marking each data message acquisition point in the network topological graph, and simultaneously recording the vector coordinate, the attachment type and the network element equipment name of the acquisition point.
The specific method of step S3 is: the method comprises the steps of gathering messages of a plurality of acquisition points to the same outlet through a network splitter, carrying out physical network connection on the outlet and a network interface through optical fibers or cables, marking different VLANs or MACs on the messages of different acquisition points, and recording the corresponding relation between the acquisition points and the marked messages.
The specific method for storing the captured message in step S4 is as follows: and storing the captured message by adopting a PCAP file format.
The specific method of step S5 is: performing message decoding on the captured message to obtain a message quintuple, generating a corresponding hash value for the message quintuple through a hash algorithm, and taking the hash value as a unique corresponding identification value of the message quintuple; the message five-tuple includes source IP address, destination IP address, IP protocol number, TCP/UDP source port and TCP/UDP destination port.
The specific method of step S6 is: and traversing all messages, judging whether data exists in the system or not by taking the identification value of the message five-tuple as an index, if so, adding the mark value of the message in the data storage position, otherwise, adding the message five-tuple to the index position, and finishing the association and grouping of the message five-tuple.
The specific method of step S8 is: and (4) sequentially using the network element device or line attached to the acquisition point obtained in the step (S7) as a starting point and the network element device or line attached to the next acquisition point as a terminal, and drawing a message in a network topology graph to traverse a network traffic path.
In an embodiment of the present invention, regarding the network element device or the route to which the acquisition point obtained in step S7 is attached as a node, the path of two adjacent nodes is a line segment path, and the line segment path may be dynamically represented in the form of "a → B, B → C, C → D … …" when being represented, where A, B, C and D are sequentially adjacent nodes. If the message has a loop phenomenon in the shape of 'A → B → C → A', the message can be quickly and intuitively observed and fault location can be carried out by the display method. If the message has a broken circuit phenomenon, namely the message initiator is A and the message initiator is C, but only A → B is shown, the message is indicated to have lost packet and broken circuit, namely the broken circuit exists between B and C, and related personnel can carry out rapid maintenance and troubleshooting according to the network element equipment or the circuit or the intermediate circuit corresponding to B and C.
In summary, the method of the present invention can obtain the online network traffic message through the switch router mirror image or the optical fiber splitting technology, and visually display the path relationship of the message traversing the network through the data message label feature analysis and the graphic animation technology, so as to solve the problem that the existing message analysis display method based on the message content and the traffic summary statistical data cannot rapidly analyze the network quality and diagnose the fault.
Claims (8)
1. A method for acquiring a message passing through a network flow path is characterized by comprising the following steps:
s1, acquiring a network topological graph, and recording network element equipment in the network and the connection relation thereof;
s2, marking each data message acquisition point in the network topological graph, and recording the attribute information of the acquisition point;
s3, logically connecting the network interface with the acquisition point through the network shunt, marking the message of the acquisition point, and simultaneously recording the corresponding relation between the acquisition point and the marked message;
s4, capturing messages from a network interface connected with the network shunt in real time or at regular time through the packet capturing unit, and storing the captured messages;
s5, decoding the captured message to obtain a message quintuple, and generating a unique corresponding identification value for each message quintuple;
s6, associating and grouping the message quintuple according to the identification value;
s7, acquiring a message quintuple of the target session and a corresponding identification value thereof, and acquiring a mark value at a corresponding position in the system by taking the identification value as an index so as to obtain an acquisition point corresponding to the acquired mark value;
and S8, sequentially taking the network element equipment or the line attached to the acquisition point obtained in the step S7 as a starting point and the network element equipment or the line attached to the next acquisition point as a terminal to obtain a network traffic path through which the message passes.
2. The method for acquiring packet-traversing network traffic paths according to claim 1, wherein the step S8 is followed by the step S9:
the flow direction is indicated by an arrow, and the message is sequentially displayed by passing through network element equipment or a route in a network flow path in an animation mode.
3. The method for acquiring a packet traversing network traffic path according to claim 1, wherein the specific method in step S2 is as follows:
marking each data message acquisition point in the network topological graph, and simultaneously recording the vector coordinate, the attachment type and the network element equipment name of the acquisition point.
4. The method for acquiring a packet traversing network traffic path according to claim 1, wherein the specific method in step S3 is as follows:
the method comprises the steps of gathering messages of a plurality of acquisition points to the same outlet through a network splitter, carrying out physical network connection on the outlet and a network interface through optical fibers or cables, marking different VLANs or MACs on the messages of different acquisition points, and recording the corresponding relation between the acquisition points and the marked messages.
5. The method for acquiring a packet traversing network traffic path according to claim 1, wherein the specific method for storing the packet captured in step S4 is as follows:
and storing the captured message by adopting a PCAP file format.
6. The method for acquiring a packet traversing network traffic path according to claim 1, wherein the specific method in step S5 is as follows:
performing message decoding on the captured message to obtain a message quintuple, generating a corresponding hash value for the message quintuple through a hash algorithm, and taking the hash value as a unique corresponding identification value of the message quintuple; the message five-tuple includes source IP address, destination IP address, IP protocol number, TCP/UDP source port and TCP/UDP destination port.
7. The method for acquiring a packet traversing network traffic path according to claim 1, wherein the specific method in step S6 is as follows:
and traversing all messages, judging whether data exists in the system or not by taking the identification value of the message five-tuple as an index, if so, adding the mark value of the message in the data storage position, otherwise, adding the message five-tuple to the index position, and finishing the association and grouping of the message five-tuple.
8. The method for acquiring a packet traversing network traffic path according to claim 1, wherein the specific method in step S8 is as follows:
and (4) sequentially using the network element device or line attached to the acquisition point obtained in the step (S7) as a starting point and the network element device or line attached to the next acquisition point as a terminal, and drawing a message in a network topology graph to traverse a network traffic path.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010677635.0A CN111565125B (en) | 2020-07-15 | 2020-07-15 | Method for acquiring message passing through network traffic path |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010677635.0A CN111565125B (en) | 2020-07-15 | 2020-07-15 | Method for acquiring message passing through network traffic path |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111565125A true CN111565125A (en) | 2020-08-21 |
CN111565125B CN111565125B (en) | 2020-10-09 |
Family
ID=72072765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010677635.0A Active CN111565125B (en) | 2020-07-15 | 2020-07-15 | Method for acquiring message passing through network traffic path |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111565125B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112905852A (en) * | 2021-03-04 | 2021-06-04 | 睿石网云(杭州)科技有限公司 | Application performance message storage device based on session index |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626323A (en) * | 2009-07-23 | 2010-01-13 | 中兴通讯股份有限公司 | Method and device for monitoring network data flow |
US20120213094A1 (en) * | 2011-02-17 | 2012-08-23 | Tiebing Zhang | Plug-and-play network filter |
CN103095595A (en) * | 2012-12-30 | 2013-05-08 | 大连环宇移动科技有限公司 | Network data management method based on one-way parallel multiple chain lists and system thereof |
WO2016033729A1 (en) * | 2014-09-01 | 2016-03-10 | 华为技术有限公司 | Method and device for determining service function path |
CN106470213A (en) * | 2016-10-17 | 2017-03-01 | 杭州迪普科技股份有限公司 | A kind of source tracing method of attack message and device |
CN107070895A (en) * | 2017-03-17 | 2017-08-18 | 中国科学院信息工程研究所 | A kind of data flow source tracing method based on SDN |
CN107683597A (en) * | 2015-06-04 | 2018-02-09 | 思科技术公司 | Network behavior data collection and analysis for abnormality detection |
US9973515B1 (en) * | 2014-02-05 | 2018-05-15 | Rockwell Collins, Inc. | Network security for avionics with ethernet connections system and related method |
CN108540383A (en) * | 2018-03-20 | 2018-09-14 | 大连理工大学 | A kind of data packet transmission locus detection method based on software defined network |
CN108965288A (en) * | 2018-07-09 | 2018-12-07 | 中国人民解放军战略支援部队信息工程大学 | A method of it is traced to the source based on stream the cross-domain of fingerprint |
CN109309644A (en) * | 2017-07-26 | 2019-02-05 | 中国科学院信息工程研究所 | A kind of network watermark labeling method and system based on biorthogonal carrier |
CN110838930A (en) * | 2018-08-16 | 2020-02-25 | 中国移动通信集团浙江有限公司 | Method and device for generating service logic topology |
-
2020
- 2020-07-15 CN CN202010677635.0A patent/CN111565125B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626323A (en) * | 2009-07-23 | 2010-01-13 | 中兴通讯股份有限公司 | Method and device for monitoring network data flow |
US20120213094A1 (en) * | 2011-02-17 | 2012-08-23 | Tiebing Zhang | Plug-and-play network filter |
CN103095595A (en) * | 2012-12-30 | 2013-05-08 | 大连环宇移动科技有限公司 | Network data management method based on one-way parallel multiple chain lists and system thereof |
US9973515B1 (en) * | 2014-02-05 | 2018-05-15 | Rockwell Collins, Inc. | Network security for avionics with ethernet connections system and related method |
WO2016033729A1 (en) * | 2014-09-01 | 2016-03-10 | 华为技术有限公司 | Method and device for determining service function path |
CN107683597A (en) * | 2015-06-04 | 2018-02-09 | 思科技术公司 | Network behavior data collection and analysis for abnormality detection |
CN106470213A (en) * | 2016-10-17 | 2017-03-01 | 杭州迪普科技股份有限公司 | A kind of source tracing method of attack message and device |
CN107070895A (en) * | 2017-03-17 | 2017-08-18 | 中国科学院信息工程研究所 | A kind of data flow source tracing method based on SDN |
CN109309644A (en) * | 2017-07-26 | 2019-02-05 | 中国科学院信息工程研究所 | A kind of network watermark labeling method and system based on biorthogonal carrier |
CN108540383A (en) * | 2018-03-20 | 2018-09-14 | 大连理工大学 | A kind of data packet transmission locus detection method based on software defined network |
CN108965288A (en) * | 2018-07-09 | 2018-12-07 | 中国人民解放军战略支援部队信息工程大学 | A method of it is traced to the source based on stream the cross-domain of fingerprint |
CN110838930A (en) * | 2018-08-16 | 2020-02-25 | 中国移动通信集团浙江有限公司 | Method and device for generating service logic topology |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112905852A (en) * | 2021-03-04 | 2021-06-04 | 睿石网云(杭州)科技有限公司 | Application performance message storage device based on session index |
Also Published As
Publication number | Publication date |
---|---|
CN111565125B (en) | 2020-10-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112866075B (en) | In-band network telemetering method, system and related device for Overlay network | |
US7693092B2 (en) | Multicast tree monitoring method and system in IP network | |
EP2081321A2 (en) | Sampling apparatus distinguishing a failure in a network even by using a single sampling and a method therefor | |
CN107453884A (en) | The service quality detection method and device of a kind of network equipment | |
CN105991338B (en) | Network O&M management method and device | |
CN106789331B (en) | Topology structure generation method and system | |
CN111934936B (en) | Network state detection method and device, electronic equipment and storage medium | |
CN108600049A (en) | A kind of performance measurement method and device of data center network TCP connection | |
WO2018001326A1 (en) | Method and device for acquiring fault information | |
CN106713074A (en) | Data network quality piecewise detection method and system based on service content | |
CN106789625A (en) | A kind of loop detecting method and device | |
CN103518354A (en) | Network device, communication system, method for detecting abnormal traffic, and program | |
CN107113191A (en) | Inline data bag in data center's structural network is followed the trail of | |
EP3575925A1 (en) | Network device modifications via augmented reality user interfaces | |
CN110661716A (en) | Network packet loss notification method, monitoring device, switch and storage medium | |
CN111565125B (en) | Method for acquiring message passing through network traffic path | |
US20130042020A1 (en) | Quick Network Path Discovery | |
CN109510777A (en) | Flow table method of combination, device and SDN controller | |
CN113055238B (en) | Network detection method, platform and computer readable storage medium | |
CN115913355A (en) | Routing information display method and device, electronic equipment and storage medium | |
CN110177031B (en) | SDN network-based data monitoring control system and monitoring control method thereof | |
CN115277510A (en) | Method for automatically identifying equipment, equipment interface and equipment path in network session | |
CN109462283A (en) | Intelligent substation individual equipment flux monitoring method and system | |
CN115514683A (en) | Method and device for determining packet loss reason, exchange chip and storage medium | |
CN114553678A (en) | Diagnosis method for soft SLB traffic problem of cloud network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |