CN111698124B - Network monitoring method, network equipment and machine-readable storage medium - Google Patents
Network monitoring method, network equipment and machine-readable storage medium Download PDFInfo
- Publication number
- CN111698124B CN111698124B CN202010287896.1A CN202010287896A CN111698124B CN 111698124 B CN111698124 B CN 111698124B CN 202010287896 A CN202010287896 A CN 202010287896A CN 111698124 B CN111698124 B CN 111698124B
- Authority
- CN
- China
- Prior art keywords
- port
- dimensional
- network
- interaction model
- port number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Abstract
The present disclosure provides a method of network monitoring, a network device and a machine readable storage medium, wherein the method comprises: and distributing a first port number to each port in the network according to a preset rule, establishing a two-dimensional port interaction model by utilizing the distributed first port number, and monitoring the operation condition of each port by utilizing the two-dimensional port interaction model. By the method, the technical problem that the monitoring method of the network traffic can only be used for monitoring point-to-point network data and is complicated when the network data of the whole network system is monitored can be solved.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method for network monitoring, a network device, and a machine-readable storage medium.
Background
Web space is a digital world in which various representations are expressed by data generation, data streaming, and data presentation. Network space data monitoring is the most basic approach of network space security detection, data analysis and information alarm, and meanwhile, the flow of network data is a source for generating and spreading network attacks. Therefore, monitoring streaming network data is a key to network security detection and data analysis.
The existing network flow monitoring method is characterized by carrying out characterization description based on five-tuple or seven-tuple session data composed of contents such as addresses, ports, protocols and the like, or further expanding more data characteristics to carry out characterization description on the basis of the five-tuple or seven-tuple, and monitoring is realized through the characterization description. However, such a method for monitoring network traffic can only be used for monitoring peer-to-peer network data, and it becomes extremely complex to monitor network data of the entire network system.
Disclosure of Invention
The embodiment of the disclosure provides a network monitoring method, network equipment and machine-readable storage medium, by which the technical problem that a network traffic monitoring method can only be used for monitoring point-to-point network data and becomes extremely complex when the network data of the whole network system is monitored can be solved.
The embodiment of the disclosure provides a method for monitoring a network, which comprises the following steps:
distributing a first port number to each port in the network according to a preset rule;
establishing a two-dimensional port interaction model by using the allocated first port number;
and monitoring the operation condition of each port by using the two-dimensional port interaction model.
According to the embodiment, the operation condition of each port in the network can be monitored in real time through the two-dimensional port interaction model, and the overall monitoring of network data in the network is realized.
In another embodiment, the allocating a first port number to each port in the network according to a preset rule specifically includes:
acquiring the original port numbers of all ports in a network, wherein each original port number is the real port number of each port;
distributing a first port number to each original port number according to a preset rule, and establishing a corresponding relation between the original port number and the first port number, wherein the preset rule comprises: rules in natural number order.
According to the embodiment, in order to realize the technical scheme of the disclosure, the port with the original port number in the network is required to be allocated with the first port number again according to the preset rule, so that the requirement of establishing the two-dimensional port interaction model is met, and meanwhile, the corresponding relation between the first port number and the original port number is established, so that the port information displayed in the two-dimensional port interaction model corresponds to the actual port number in the network, and the management of the port by an operator is facilitated.
In another embodiment, the method for establishing the two-dimensional port interaction model by using the allocated first port number specifically includes:
selecting any port from the ports as a first port, and taking a first port number of the first port as an i value for establishing a two-dimensional port interaction model;
selecting any port from the ports as a second port, and taking a first port number of the second port as a j value for establishing a two-dimensional port interaction model;
and establishing a two-dimensional port interaction model according to the i value and the j value.
According to the embodiment, the method for establishing the two-dimensional port interaction model according to the first port number is provided, each point in the two-dimensional port interaction model established by the i value and the j value can embody the data processing condition of the port corresponding to the i value and the port corresponding to the j value, and therefore the two-dimensional port interaction model formed by a plurality of points can simultaneously realize the condition of processing data of each port in a network so as to realize the monitoring of the network.
In another embodiment, the monitoring the operation condition of each port by using the two-dimensional port interaction model specifically includes:
displaying a data interaction attribute value between a first port corresponding to the i value and a second port corresponding to the j value in the two-dimensional port interaction model;
and monitoring the operation conditions of the first port and the second port according to the data interaction attribute value.
In another embodiment, a multidimensional port interaction model is established according to the data interaction attribute and the established two-dimensional port interaction model;
monitoring the operation condition of each port by using the multi-dimensional port interaction model;
wherein the data interaction attribute comprises: protocol properties, byte properties, application type properties.
According to the embodiment, the method for establishing the two-dimensional port model is combined with the diversity of the interaction attributes, so that the multi-dimensional (three-dimensional or more than three-dimensional) port model can be established, and the network data can be integrally monitored through different interaction attributes.
The embodiment of the disclosure also provides a network device, which comprises:
the distribution module is used for distributing a first port number to each port in the network according to a preset rule;
the modeling module is used for establishing a two-dimensional port interaction model by utilizing the first port number distributed by the distribution module;
and the monitoring module is used for monitoring the operation condition of each port by using the two-dimensional port interaction model.
In another embodiment, the allocation module is specifically configured to obtain an original port number of each port in the network, where each original port number is a real port number of each port;
distributing a first port number to each original port number according to a preset rule, and establishing a corresponding relation between the original port number and the first port number, wherein the preset rule comprises: rules in natural number order.
In another embodiment, the modeling module is specifically configured to select any one port from the ports as a first port, and use a first port number of the first port as an i value for establishing a two-dimensional port interaction model;
selecting any port from the ports as a second port, and taking a first port number of the second port as a j value for establishing a two-dimensional port interaction model;
and establishing a two-dimensional port interaction model according to the i value and the j value.
In another embodiment, a network device has a master control unit and a slave control unit, the network device comprising: a processor and a machine-readable storage medium,
the machine-readable storage medium stores machine-executable instructions executable by the processor to cause the processor to: method steps for implementing the above embodiments
In another embodiment, a machine-readable storage medium stores machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the method steps of the above embodiments are implemented.
Drawings
Fig. 1 is a schematic flow chart of a method for monitoring a network according to an embodiment of the disclosure;
FIG. 2 is a schematic diagram of a two-dimensional port interaction model according to an embodiment of the disclosure;
fig. 3 is a schematic diagram of a three-dimensional port interaction model according to an embodiment of the disclosure.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in this disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
As shown in fig. 1, the present disclosure provides an embodiment of a method for network monitoring, including:
s1, distributing a first port number for each port in a network according to a preset rule;
s2, establishing a two-dimensional port interaction model by using the allocated first port number;
s3, monitoring the operation condition of each port by using the two-dimensional port interaction model.
When step S1 is performed, the original port numbers (i.e. real port numbers) of the ports in the network may be obtained, and since the configuration of the original port numbers is defined according to the user requirements, there may be tens or hundreds of ports in a network (for example, a network under a BRAS of an operator, or a network under a certain core router), and the structure rule of the original port numbers of each port may not be consistent, in order to build a two-dimensional port interaction model for each port in the network, the first port numbers need to be allocated again to each port in the network according to a preset rule, where the preset rule may be a rule of a natural number sequence, for example, 1, 2, 3, 4, n, etc., and in order to enable the first port numbers to establish an association relationship with the original port numbers, in this embodiment, the manager may directly find the corresponding original port numbers through the first port numbers, and in order to facilitate management.
When executing step S2, because the two-dimensional port interaction model is built, each point in the two-dimensional port interaction model is composed of an i value and a j value, where the i value and the j value are both a certain value in the first port number allocated in step S1, and each point in the two-dimensional port interaction model can display a data monitoring result between the first port corresponding to the i value and the second port corresponding to the j value, and the method for specifically obtaining the i value and the j value is as follows:
selecting any port from all ports as a first port, and taking a first port number of the first port as an i value for establishing a two-dimensional port interaction model;
selecting any port from the ports as a second port, and taking a first port number of the second port as a j value for establishing a two-dimensional port interaction model;
therefore, the first port and the second port corresponding to the i value and the j value can be obtained randomly, and the first port and the second port can be overlapped under certain conditions, namely, the first port and the second port are both pointed to the same port.
When step S3 is executed, as shown in fig. 2, an example of establishing a two-dimensional port interaction model according to the above method is shown in fig. 2, it can be seen from fig. 2 that each point can reflect the situation between two ports, and when step S3 is executed, different data interaction attributes of each port can be monitored by combining the data interaction attribute values, for example, the data interaction attribute values represented in fig. 2 are two-dimensional port interaction models of data transceiving attributes, and then S56 is green (may be set differently and may be in other colors), and then it can be considered that there is data transceiving between the first port corresponding to the first port number 5 and the second port corresponding to the first port number 6; while S57 is gray, it can be considered that there is no data transmission/reception between the first port corresponding to the first port number 5 and the second port corresponding to the first port number 7; for another example, if S55 is dark blue, the first port numbers corresponding to the first port and the second port may be both 5, and if the dark blue indicates that there is data transmission and reception, it may be indicated that the port corresponding to the first port number 5 has data loopback, and a possible fault may exist.
It can be seen from the above embodiment that, when the two-dimensional port interaction model is used to monitor the operation condition of each port, the monitoring of various network data can be implemented by combining the data interaction attribute and the established two-dimensional port interaction model, where the above embodiment is exemplified by the data interaction attribute (byte attribute) of data transceiving, and in other embodiments, the data interaction attribute may further include a protocol attribute, an application type attribute, and the like.
When the network is monitored by using the established two-dimensional port interaction model and the plurality of data interaction attributes, a multi-dimensional port interaction model is formed and used for monitoring all ports in the network through different data interaction attributes, as shown in fig. 3, D1 in fig. 3 can represent all port monitoring conditions of the data interaction attributes, D2 can represent all port monitoring conditions of protocol attributes, and D3 can represent all port monitoring conditions of application type attributes, so that the three-dimensional port interaction model is formed and used for monitoring the network.
According to the embodiment, the first port number is allocated to each port in the network, the two-dimensional port interaction model is built according to the allocated first port number, the running condition of each port in the network can be monitored in real time through the two-dimensional port interaction model, the overall monitoring of network data in the network is achieved, meanwhile, a multi-dimensional (three-dimensional or more) port model can be built based on the method of building the two-dimensional port model and combining the diversity of interaction attributes, and therefore the overall monitoring of the network data can be achieved through different interaction attributes.
The present disclosure also provides a network device based on the same idea as the above method claims, the network device comprising: the system comprises a distribution module, a modeling module and a monitoring module.
The distribution module is used for distributing a first port number to each port in the network according to a preset rule;
the modeling module is used for establishing a two-dimensional port interaction model by utilizing the first port number distributed by the distribution module;
and the monitoring module is used for monitoring the operation condition of each port by using the two-dimensional port interaction model.
The allocation module is specifically configured to obtain an original port number of each port in the network, where each original port number is a real port number of each port;
distributing a first port number to each original port number according to a preset rule, and establishing a corresponding relation between the original port number and the first port number, wherein the preset rule comprises: rules in natural number order.
The modeling module is specifically configured to select any one port from the ports as a first port, and use a first port number of the first port as an i value for establishing a two-dimensional port interaction model;
selecting any port from the ports as a second port, and taking a first port number of the second port as a j value for establishing a two-dimensional port interaction model;
and establishing a two-dimensional port interaction model according to the i value and the j value.
The embodiment of the disclosure also provides a network device, which has a main control unit and a standby control unit, and the network device includes: a processor and a machine-readable storage medium.
A machine-readable storage medium stores machine-executable instructions executable by the processor to cause the processor to: the method steps of the foregoing embodiments are implemented.
The disclosed embodiments also provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the method steps of the foregoing embodiments are implemented.
In the several embodiments provided in the present application, it should be understood that the disclosed method and electronic device may also be implemented in other manners. The above-described embodiments are merely illustrative, for example, of the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Finally, it should be noted that: the above embodiments are merely specific embodiments of the present disclosure for illustrating the technical solution of the present disclosure, not for limiting the scope of the present disclosure, and although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that the present disclosure is not limited thereto: any person skilled in the art may modify or easily conceive of changes to the technical solutions described in the foregoing embodiments or make equivalent substitutions for some of the technical features within the technical scope of the disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present disclosure, and are intended to be included in the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (7)
1. A method of network monitoring, the method comprising:
distributing a first port number to each port in the network according to a preset rule;
establishing a two-dimensional port interaction model by using the allocated first port number;
monitoring the operation condition of each port by using the two-dimensional port interaction model;
any port is selected from the ports to be used as a first port, and a first port number of the first port is used as an i value for establishing a two-dimensional port interaction model;
selecting any port from the ports as a second port, and taking a first port number of the second port as a j value for establishing a two-dimensional port interaction model;
establishing a two-dimensional port interaction model according to the i value and the j value;
displaying a data interaction attribute value between a first port corresponding to the i value and a second port corresponding to the j value in the two-dimensional port interaction model;
and monitoring the operation conditions of the first port and the second port according to the data interaction attribute value.
2. The method of claim 1, wherein the allocating a first port number to each port in the network according to a preset rule specifically includes:
acquiring the original port numbers of all ports in a network, wherein each original port number is the real port number of each port;
distributing a first port number to each original port number according to a preset rule, and establishing a corresponding relation between the original port number and the first port number, wherein the preset rule comprises: rules in natural number order.
3. The method of claim 1, wherein a multidimensional port interaction model is built based on the data interaction attributes and the built two-dimensional port interaction model;
monitoring the operation condition of each port by using the multi-dimensional port interaction model;
wherein the data interaction attribute comprises: protocol properties, byte properties, application type properties.
4. A network device, the network device comprising:
the distribution module is used for distributing a first port number to each port in the network according to a preset rule;
the modeling module is used for establishing a two-dimensional port interaction model by utilizing the first port number distributed by the distribution module;
the monitoring module is used for monitoring the operation condition of each port by using the two-dimensional port interaction model;
the modeling module is specifically configured to select any one port from the ports as a first port, and use a first port number of the first port as an i value for establishing a two-dimensional port interaction model;
selecting any port from the ports as a second port, and taking a first port number of the second port as a j value for establishing a two-dimensional port interaction model;
and establishing a two-dimensional port interaction model according to the i value and the j value.
5. The network device of claim 4, wherein the network device,
the allocation module is specifically configured to obtain an original port number of each port in the network, where each original port number is a real port number of each port;
distributing a first port number to each original port number according to a preset rule, and establishing a corresponding relation between the original port number and the first port number, wherein the preset rule comprises: rules in natural number order.
6. A network device, the network device having a master control unit and a slave control unit, the network device comprising: a processor and a machine-readable storage medium,
the machine-readable storage medium stores machine-executable instructions executable by the processor to cause the processor to: a method step of any one of claims 1-3 is achieved.
7. A machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: a method step of any one of claims 1-3 is achieved.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010287896.1A CN111698124B (en) | 2020-04-14 | 2020-04-14 | Network monitoring method, network equipment and machine-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010287896.1A CN111698124B (en) | 2020-04-14 | 2020-04-14 | Network monitoring method, network equipment and machine-readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111698124A CN111698124A (en) | 2020-09-22 |
CN111698124B true CN111698124B (en) | 2023-06-16 |
Family
ID=72476334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010287896.1A Active CN111698124B (en) | 2020-04-14 | 2020-04-14 | Network monitoring method, network equipment and machine-readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111698124B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124760B (en) * | 2021-11-23 | 2024-04-05 | 江苏信而泰智能装备有限公司 | Network test stream number distribution method and device, network tester and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0832609A (en) * | 1994-07-13 | 1996-02-02 | Hitachi Cable Ltd | Recognition method for network constitution |
CN103618630A (en) * | 2013-12-06 | 2014-03-05 | 北京东土科技股份有限公司 | Data safe transmission method and device based on double up links |
CN105049262A (en) * | 2015-08-24 | 2015-11-11 | 中国联合网络通信集团有限公司 | Method and device for adjusting flow loads of ports |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100826884B1 (en) * | 2006-11-27 | 2008-05-06 | 한국전자통신연구원 | Apparatus and method for visualizing network situation using security cube |
US8775613B2 (en) * | 2010-10-14 | 2014-07-08 | Electronics And Telecommunications Research Institute | Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring |
-
2020
- 2020-04-14 CN CN202010287896.1A patent/CN111698124B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0832609A (en) * | 1994-07-13 | 1996-02-02 | Hitachi Cable Ltd | Recognition method for network constitution |
CN103618630A (en) * | 2013-12-06 | 2014-03-05 | 北京东土科技股份有限公司 | Data safe transmission method and device based on double up links |
CN105049262A (en) * | 2015-08-24 | 2015-11-11 | 中国联合网络通信集团有限公司 | Method and device for adjusting flow loads of ports |
Also Published As
Publication number | Publication date |
---|---|
CN111698124A (en) | 2020-09-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230344731A1 (en) | Network security monitoring and correlation system and method of using same | |
US9258195B1 (en) | Logical topology visualization | |
CN108234168B (en) | Data display method and system based on service topology | |
CN110611651B (en) | Network monitoring method, network monitoring device and electronic equipment | |
US10853731B2 (en) | Rule based consistency management for complex systems | |
EP3644557B1 (en) | Scalable visualization of health data for network devices | |
AU2013270199B2 (en) | Service-based communication network evaluation method and device | |
US11146460B2 (en) | System and method for generating a network diagram | |
US20170005880A1 (en) | Dynamic highlight | |
CN114244676A (en) | Intelligent IT integrated gateway system | |
CN105867864A (en) | Method and device for displaying of K virtual machines (KVMs) | |
CN111698124B (en) | Network monitoring method, network equipment and machine-readable storage medium | |
US10129342B2 (en) | Mapping network service dependencies | |
US9565079B1 (en) | Holographic statistics reporting | |
Goodall et al. | A user-centered approach to visualizing network traffic for intrusion detection | |
CN117176802B (en) | Full-link monitoring method and device for service request, electronic equipment and medium | |
CN109660508A (en) | Data visualization method, electronic device, computer equipment and storage medium | |
CN102647306A (en) | Network index presenting method and device | |
US20050204290A1 (en) | System and method for generating distributed application and distributed system topologies with management information in a networked environment | |
WO2017044926A1 (en) | Network visualization for access controls | |
CN107872441A (en) | The method and apparatus for generating device attribute configuration file | |
KR101632366B1 (en) | Cloud Monitoring System for Parallel Processing Holographic Content | |
CN113242254A (en) | Communication message processing method, device, terminal equipment and storage medium | |
WO2016065907A1 (en) | Hierarchical multidimensional topology presenting method and apparatus, and storage medium | |
Zhong et al. | A User‐Centered Multi‐space Collaborative Visual Analysis for Cyber Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |