CN111949542B - Extraction method and device for generated data of regression test or pressure test - Google Patents

Extraction method and device for generated data of regression test or pressure test Download PDF

Info

Publication number
CN111949542B
CN111949542B CN202010821304.XA CN202010821304A CN111949542B CN 111949542 B CN111949542 B CN 111949542B CN 202010821304 A CN202010821304 A CN 202010821304A CN 111949542 B CN111949542 B CN 111949542B
Authority
CN
China
Prior art keywords
packet
application layer
layer data
session
sequence number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010821304.XA
Other languages
Chinese (zh)
Other versions
CN111949542A (en
Inventor
林嘉文
吴洁
胡文涛
张敏娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010821304.XA priority Critical patent/CN111949542B/en
Publication of CN111949542A publication Critical patent/CN111949542A/en
Application granted granted Critical
Publication of CN111949542B publication Critical patent/CN111949542B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The extraction method and the device for the generated data of the regression test or the pressure test can be used in the technical field of information safety, and a plurality of package files are obtained by grabbing the data to be extracted; then analyzing each packet file to obtain analyzed data and parameters on a plurality of flag bits; and finally, extracting application layer data corresponding to each session from the analyzed data by combining the plurality of flag bits. Compared with extracting a single packet file, the method avoids memory overflow caused by once loading a large file by Wireshark, and simultaneously can anchor the start and end points of each session through the flag bit, so that the integrity of the application layer data of each session is ensured, the complete application layer data can be extracted, and the problem of incomplete TCP layer fragmentation is avoided.

Description

Extraction method and device for generated data of regression test or pressure test
Technical Field
The invention relates to the technical field of data extraction, in particular to a method and a device for extracting generated data of a regression test or a pressure test.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
One of the current regression test/pressure test data generation methods is to use Tcpdump to grab a network packet in a production environment and store the network packet as a packet file (single), analyze the packet file through a Wireshark script (tshark, pyshark, etc.), extract application layer data from the single TCP packet, and use the deformed data as test data.
The above method has 3 problems:
first, when application layer data exceeds the MSS (maximum segment length of TCP, typically 1460 bytes), the application layer data may be fragmented at the TCP layer, and the application layer data extracted from a single TCP packet may not necessarily be complete data.
Second, for a scenario with large transaction amount and long grabbing time, the number of captured single packet files may reach G. The Wireshark script reads the whole packet file into the memory and then analyzes the whole packet file, so that the data extraction of the large file is limited by the machine memory; when the file exceeds the memory limit, the Wireshark will automatically exit. This problem has been recorded in the Wireshark-officer network (https:// wiki. Wireshark. Org/knownbus/OutOfMemory), and the solution presented in the aspect of Wireshark is to add physical memory and virtual memory, but these methods are limited by the hardware and software of the device.
Third, for the second problem, the single packet file size captured by Tcpdump may be limited, but there is a similar problem as the first point: if there is a TCP slice, different slices of the same TCP session may exist in different packet files, and the extracted application layer data still is not necessarily complete data.
Disclosure of Invention
In order to solve at least one of the above problems, an embodiment of the present invention provides a method and an apparatus for extracting generated data of a regression test or a pressure test, where the data is wrapped into a plurality of small files, and then the flag bit is used to extract application layer data, so that complete application layer data can be extracted.
In one aspect of the present invention, a method for extracting generated data of a regression test or a pressure test includes:
the data generated by the regression test or the pressure test are subjected to packet capturing to obtain a plurality of packet files; the data generated by the regression test or the pressure test data comprises application layer data generated by at least one session between the terminal and the interactive system;
analyzing each packet file to obtain application layer data packets corresponding to all sessions;
and determining the application layer data packet corresponding to each session based on the interaction information of the session protocol, and further obtaining the application layer data corresponding to each session.
In some embodiments, the interaction information includes: the packet sequence number, the confirmation packet sequence number and the packet type of each application layer data packet, and the address information interacted by the two parties;
the session protocol-based interaction information determines an application layer data packet corresponding to each session, including:
Determining an initial application layer data packet and a final application layer data packet of a single session according to the packet type and the packet sequence number of each application layer data packet and the confirmation packet sequence number, and
combining the packet grabbing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, and determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, wherein the data in all application layer data packets corresponding to each session are sequenced according to the size of the packet grabbing sequence number to form the application layer data.
In some embodiments, the session protocol-based interaction information determines an application layer packet corresponding to each session, and further includes:
determining port states of the corresponding interaction parties according to the packet type of each application layer data packet;
combining the packet capturing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, including:
Combining the packet grabbing sequence number and the port state of each application layer data packet, and the address information, the packet sequence number and the confirmation packet sequence number interacted by the two parties, and determining all application layer data packets corresponding to each session and the corresponding application layer data packet sequence according to each initial application layer data packet and each terminal application layer data packet.
In some embodiments, the session protocol-based interaction information determines an application layer packet corresponding to each session, and further includes:
and determining the packet type of the application layer data packet according to the characteristic value on the session flag bit of each application layer data packet.
In some embodiments, the session flag bit includes: SEQ flag bit, LEN flag bit, ACK flag bit; the eigenvalues include 0 and 1.
In some embodiments, the packet types include: SYN, syn+ ACK, ACK, PSH +ack, rst+ack, fin+ack, and urg+ack;
the determining the port state of the corresponding interaction parties according to the packet type of each application layer data packet comprises the following steps:
if the packet type is an application layer data packet of SYN, determining that the source port state is SYN_SENT; the destination port state is empty;
for an application layer data packet with a packet type of SYN+ACK, determining that a source port state is SYN_SENT and a destination port state is SYN_RECV;
For an application layer data packet with the packet type of ACK, determining that the source port state is ESTABLISHED and the destination port state is SYN_RECV;
for an application layer data packet with a packet type of ACK, distinguishing that the session state of the application layer data packet with the packet type of ACK is one of carrying data, 3 rd TIME of three-way handshake, 2 nd TIME of four-TIME hand waving and 4 th TIME of interaction, if the session state is 3 rd TIME of three-way handshake, determining that the source port state is ESTABLISHED, if the session state is 2 nd TIME of four-TIME hand waving, determining that the source port state is close_wait, if the session state is 4 th TIME of four-TIME hand waving, determining that the source port state is time_wait, and the destination port state is SYN_RECV;
for an application layer data packet with the packet type PSH+ACK, determining that the ports of the two interaction sides are ESTABLISHED;
for the packet type of FIN+ACK, distinguishing the session state of the application layer data packet with the packet type of ACK as the 1 st or 3 rd interaction of the four waving, and if the session state is the 1 st interaction of the four waving, determining the source port state as FIN_WIAT1; if the hand is swung for the 2 nd time four times, the source port state is determined to be LAST_ACK.
In certain embodiments, further comprising: if an application layer data packet with a packet type of RST+ACK exists in a single session, discarding all application layer data of the corresponding session.
Another aspect of the present invention provides an extraction apparatus for generating data of a regression test or a pressure test, including:
the packet capturing module captures the data to be extracted to obtain a plurality of packet files; the data to be extracted comprises application layer data generated by at least one session between the terminal and the interactive system;
the analysis module analyzes each packet file to obtain analyzed data and a plurality of zone bits, wherein the zone bits correspond to each packet type one by one;
and the extraction module is used for extracting application layer data corresponding to each session from the data obtained by analysis by combining the plurality of flag bits.
In a preferred embodiment, the extraction module comprises:
the type determining unit is used for judging the type of each packet according to the zone bit of each session;
and the application layer data extraction unit extracts the application layer data corresponding to each session according to the type of each packet, the address of the two parties corresponding to the session under each packet type, the ports of the two parties and the states of the ports of the two parties.
In a preferred embodiment, the packet grabbing module grabs packets of data to be extracted by a TcpDump packet grabbing tool.
In a preferred embodiment, the parsing module parses each packet file through a Wireshark.
In a further aspect the invention provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of the first aspects described above when executing the computer program.
In a further aspect the invention provides a computer readable storage medium storing a computer program for performing the method of any one of the first aspects above.
The beneficial effects of the invention are as follows:
in summary, according to the extraction method and the device for the generated data of the regression test or the pressure test provided by the invention, the data to be extracted is subjected to packet capturing to obtain a plurality of packet files; then analyzing each packet file to obtain analyzed data and parameters on a plurality of flag bits; and finally, extracting application layer data corresponding to each session from the analyzed data by combining the plurality of flag bits. Compared with extracting a single packet file, the method avoids memory overflow caused by once loading a large file by Wireshark, and simultaneously can anchor the start and end points of each session through the flag bit, so that the integrity of the application layer data of each session is ensured, the complete application layer data can be extracted, and the problem of incomplete TCP layer fragmentation is avoided.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
fig. 1 is a schematic diagram of various packet processing steps provided in an embodiment of the present invention.
Fig. 2 is a schematic diagram of a syn+ack packet processing step according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating an ACK packet processing step according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a psh+ack packet processing procedure according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a fin+ack packet processing procedure according to an embodiment of the present invention.
Fig. 6 is a flow chart of a method for extracting generated data of a regression test or a pressure test according to an embodiment of the present invention.
Fig. 7 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 8 is a second schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 9 is a third schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 10 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 11 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 12 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 13 is a seventh view of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 14 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 15 is a diagram illustrating a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 16 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 17 is an eleventh schematic view of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 18 is a schematic diagram of a session scenario between an a server and a B server according to an embodiment of the present invention.
Fig. 19 is a schematic structural diagram of an extraction device for generating data of a regression test or a pressure test according to an embodiment of the present invention.
Fig. 20 is a schematic diagram of a TCP packet according to an embodiment of the invention.
Fig. 21 is a schematic diagram of a computer device configuration suitable for implementing the extraction method of the generated data of the regression test or the pressure test in the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments thereof.
Although the invention provides a method operation or apparatus structure as shown in the following examples or figures, more or fewer operation steps or module units may be included in the method or apparatus based on routine or non-inventive labor. In the steps or the structures of the apparatuses in which there is no necessary cause and effect logically, the execution order of the steps or the structure of the modules is not limited to the execution order or the structure of the modules shown in the embodiments or the drawings of the present invention. The method or module structure described may be performed sequentially or in parallel according to the embodiment or the method or module structure shown in the drawings when applied to a device or an end product in practice.
It should be noted that the present invention may be used in the technical field of information security, and may be used in other technical fields, which is not limited thereto.
Fig. 6 shows a method for extracting generated data of a regression test or a pressure test according to an embodiment of the present invention, including:
s1: the data generated by the regression test or the pressure test are subjected to packet capturing to obtain a plurality of packet files; the data generated by the regression test or the pressure test data comprises application layer data generated by at least one session between the terminal and the interactive system;
s2: analyzing each packet file to obtain application layer data packets corresponding to all sessions;
s3: and determining the application layer data packet corresponding to each session based on the interaction information of the session protocol, and further obtaining the application layer data corresponding to each session.
According to the extraction method of the generated data of the regression test or the pressure test, the data to be extracted is subjected to packet capturing to obtain a plurality of packet files; then analyzing each packet file to obtain analyzed data and parameters on a plurality of flag bits; and finally, extracting application layer data corresponding to each session from the analyzed data by combining the plurality of flag bits. Compared with extracting a single packet file, the method avoids memory overflow caused by once loading a large file by Wireshark, and simultaneously can anchor the start and end points of each session through the flag bit, so that the integrity of the application layer data of each session is ensured, the complete application layer data can be extracted, and the problem of incomplete TCP layer fragmentation is avoided.
In some embodiments, the interaction information includes: the packet sequence number, the confirmation packet sequence number and the packet type of each application layer data packet, and the address information interacted by the two parties;
the step S3 specifically includes:
s31: determining an initial application layer data packet and a final application layer data packet of a single session according to the packet type and the packet sequence number of each application layer data packet and the confirmation packet sequence number, and
s32: combining the packet grabbing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, and determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, wherein the data in all application layer data packets corresponding to each session are sequenced according to the size of the packet grabbing sequence number to form the application layer data.
Further, step S3 further includes:
s33: determining port states of the corresponding interaction parties according to the packet type of each application layer data packet;
s34: combining the packet capturing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, including:
S35: combining the packet grabbing sequence number and the port state of each application layer data packet, and the address information, the packet sequence number and the confirmation packet sequence number interacted by the two parties, and determining all application layer data packets corresponding to each session and the corresponding application layer data packet sequence according to each initial application layer data packet and each terminal application layer data packet.
Compared with the prior art, the method has the advantages that the single package file formed by capturing the data is directly loaded in the prior art, when the file is too large, the problems recorded in the background technology are caused, the method adopts a mode that a plurality of packages are combined with the flag bit to anchor each dialogue, the application layer data of the complete dialogue is extracted, the plurality of package files avoid the burden of memory processing, and meanwhile, the packages can be processed in a multithreading mode, so that the processing efficiency is improved.
Further, in some embodiments, step S3 of the present invention specifically further includes:
s36: determining the packet type of the application layer data packet according to the characteristic value on the session flag bit of each application layer data packet;
specifically, the packet type may be distinguished by a flag bit in the packet, and the TCP header format is shown in fig. 20, where URG, ACK, PSH, RST, SYN, FIN is a flag bit for distinguishing the packet type. The specific meaning is as follows:
URG: an emergency sign. This flag is rarely used and is set by the sender, and if set, indicates that the 16-bit emergency pointer is valid. The urgent pointer is used to mark the offset of urgent data in the data. The urgent data can be placed in the same TCP message with the normal data, or can be placed separately. Only 1 byte is supported in Java language for urgent data length. The sender-side TCP will preferentially deliver the message with the URG set. On the Java language receiver side, TCP delivers the URG message and the non-URG message to an application layer, and the application layer cannot distinguish the URG message and the non-URG message data. The URG flag is used with the ACK.
ACK: confirmation flag: after receiving the message of the sender, the receiver sends a confirmation message to the sender.
PSH: pushing a mark: indicating that the receiver should deliver the message to the application layer as soon as possible after receiving the message, rather than waiting in the buffer.
RST: resetting the flag: for resetting connections that have been erroneous due to host crashes or other reasons, or for rejecting illegal segments and rejecting connection requests.
SYN: synchronization flag: the first two of the three handshakes for establishing a connection.
FIN: end flag: the first and third hand swings for closing the connection.
S32: and extracting application layer data corresponding to each session according to the type of each packet, the address of the two parties corresponding to the session under each packet type, the ports of the two parties and the states of the ports of the two parties.
In addition, in step S32, the application layer data corresponding to each session may be extracted according to the packets of different types and the addresses, ports and port states of the two parties corresponding to each session.
In some embodiments, packet types are classified as SYN, syn+ ACK, ACK, PSH +ack, rst+ack, urg+ack, fin+ack according to TCP flag bits.
In some embodiments, the session flag bit includes: SEQ flag bit, LEN flag bit, ACK flag bit; the eigenvalues include 0 and 1.
For each packet type, the corresponding processing manner is different, for example, the packet type includes: SYN, syn+ ACK, ACK, PSH +ack, rst+ack, fin+ack, and urg+ack;
the determining the port state of the corresponding interaction parties according to the packet type of each application layer data packet comprises the following steps:
if the packet type is an application layer data packet of SYN, determining that the source port state is SYN_SENT; the destination port state is empty;
for an application layer data packet with a packet type of SYN+ACK, determining that a source port state is SYN_SENT and a destination port state is SYN_RECV;
For an application layer data packet with the packet type of ACK, determining that the source port state is ESTABLISHED and the destination port state is SYN_RECV;
for an application layer data packet with a packet type of ACK, distinguishing that the session state of the application layer data packet with the packet type of ACK is one of carrying data, 3 rd TIME of three-way handshake, 2 nd TIME of four-TIME hand waving and 4 th TIME of interaction, if the session state is 3 rd TIME of three-way handshake, determining that the source port state is ESTABLISHED, if the session state is 2 nd TIME of four-TIME hand waving, determining that the source port state is close_wait, if the session state is 4 th TIME of four-TIME hand waving, determining that the source port state is time_wait, and the destination port state is SYN_RECV;
for an application layer data packet with the packet type PSH+ACK, determining that the ports of the two interaction sides are ESTABLISHED;
for the packet type of FIN+ACK, distinguishing the session state of the application layer data packet with the packet type of ACK as the 1 st or 3 rd interaction of the four waving, and if the session state is the 1 st interaction of the four waving, determining the source port state as FIN_WIAT1; if the hand is swung for the 2 nd time four times, the source port state is determined to be LAST_ACK.
The following describes the processing manner of each packet one by one:
The "SYN" packet processing steps are as follows (corresponding to step 01 of fig. 1):
the packet is the 1 st of the three-way handshake, capturing the packet indicates that the source port state has become SYN_SENT. A record is newly created in the first table, the record source address to the a address, the destination address to the B address, the source port to the a port, the destination port to the B port, the packet sequence number to the a packet sequence number, the record a port state=syn_send, and the a packet sequence number addend=1.
As shown in fig. 7, the current packet is a SYN packet SENT from the a server (address: 192.168.1.1, port 10000) to the B server (address: 192.168.1.2, port 10001), which indicates that 10000 ports of the a server have become syn_send, and a record may be created in the first table (the thickened field is the change field):
TABLE 1 first Table update one of the recording tables
The "syn+ack" packet processing steps are as follows (corresponding to step 02 of fig. 1):
the class packet is the 2 nd of the three-way handshake, capturing the class packet indicates that the source port state has become syn_recv.
Corresponding to step 101 of fig. 2, in the first table, according to the lookup record of a address=destination address, B address=source address, a port=destination port, B port=source port, a port state=syn_send, if so, checking whether the confirmation sequence number in the message is equal to the a packet sequence number+a packet sequence number addend, if so, updating the B port state=syn_recv, B packet sequence number=packet sequence number, B- > a confirmation packet sequence number=confirmation sequence number, and B packet sequence number addend=1.
As shown in fig. 8, the current packet is a syn+ack packet sent from the B server (address: 192.168.1.2, port 10001) to the a server (address: 192.168.1.1, port 10000), indicating that 10001 port status of the B server has changed to syn_recv. At this time, the corresponding recorded a-packet number=0, the a-packet number addend=1, and the ack=1 in the message conforms to the a-packet number+a-packet number addend=ack number. Update the first table record as (bold field as change field):
TABLE 2 first form update record Table two
The "ACK" packet processing steps are as follows (corresponding to step 06 of fig. 1):
the package is captured, and the 3 rd time, the fourth time of waving, the 2 nd time and the fourth time of waving and the 4 th time of interaction of carrying data and three times of handshaking are needed to be distinguished. If the third handshake is the 3 rd one, the source port state is changed to ESTABLISHED; if the hand is swung for the 2 nd time for four times, the source port state is changed into close_wait; if the hand is swung for 4 TIMEs, the source port state is changed to TIME_WAIT. In all three cases, the source port state of the corresponding record of the first table needs to be set.
Step 1[ corresponds to step 301 of fig. 3 ]: if the data length of the upper layer of the packet is not 0, the processing steps are the same as PSH+ACK.
Step 2[ corresponds to step 302 of fig. 3 ]: if step 1 is not met, looking up records of a address=source address, B address=destination address, a port=source port, B port=destination port, a port state=syn_send, B port state=syn_recv in the first table, and if records exist, indicating that the record is the 3 rd time of the three-way handshake. And checking whether the confirmation sequence number is equal to the sum of the B packet sequence number and the B packet sequence number or not, if so, updating the A port state=established, A Bao Xuhao =packet sequence number, and A- > B confirmation packet sequence number=confirmation packet sequence number. The a packet sequence number addend=0.
As shown in fig. 9, the current packet is an ACK packet sent from the a server (address: 192.168.1.1, port 10000) to the B server (address: 192.168.1.2, port 10001), and does not carry data, indicating that 10000 ports of the a server have changed to ESTABLISHED. At this time, the corresponding recorded B packet number=0, the B packet number addend=1, and the ack=1 in the message conform to the B packet number+b packet number addend=ack number. Update the first table record as (bold field as change field):
TABLE 3 first Table update record Table III
Step 3: if there is no record in step 2, record of a address= [ destination address, source address ], B address= [ source address, destination address ], a port= [ destination port, source port ], B port= [ source port, destination port ] is searched in the first table.
Step 4[ corresponds to step 303 of fig. 3]: if the a port status= [ ESTABLISHED, FIN _wait1], the B port status is recorded in [ fin_wait1, ESTABLISHED ], it indicates that the packet is the 2 nd of four hand swings. And setting the corresponding port state in the first table as close_wait according to the source IP and the source port in the message.
As shown IN fig. 10, the current packet is an ACK packet sent from the a-server (address: 192.168.1.1, port 10000) to the B-server (address: 192.168.1.2, port 10001), and no data is carried, and the first table corresponds to record a-port status=established, B-port status=in_wait1, indicating that 10000-port status of the a-server has become close_wait, the packet is the 2 nd time of four hand swipes. Update corresponding first table record as (bold field as change field):
TABLE 4 first Table update records Table IV
Step 5[ corresponds to step 304 of fig. 3]: if the a-port status= [ last_ack, fin_wait2, and the B-port status is [ fin_wait2, last_ack ], it indicates that the packet is the 4 th time of four hand-waving. And setting the corresponding port state in the first table as TIME_WAIT according to the source IP and the source port in the message.
As shown in fig. 11, the current packet is an ACK packet sent from the B-server (address: 192.168.1.2, port 10001) to the a-server (address: 192.168.1.1, port 10000), and does not carry data, and the first table corresponds to record a-port status=last_ack, B-port status=fin_wait 2, indicating that 10001-port status of the B-server has become time_wait, and the packet is the 4 th TIME of four hand-waving. Update the first table record as (bold field as change field):
TABLE 5 first Table update records Table five
Step 6: if the port status is not the status of step 4 and step 5, it is indicated that the packet is a normal reply packet and should be discarded. As shown in fig. 12, the current packet is an ACK packet sent from the B-server (address: 192.168.1.2, port 10001) to the a-server (address: 192.168.1.1, port 10000), and does not carry data, and the first table corresponds to record that both port states are ESTABLISHED, and the packet is a normal response packet and is not recorded in the table.
The "psh+ack" packet processing steps are as follows (corresponding to step 05 of fig. 1):
the packet is a data transmission packet, and is captured, which indicates that both ports have become ESTABLISHED, a passive port state needs to be set, and TCP packets need to be combined, retransmission packets need to be processed, and error packets need to be processed.
Step 1[ corresponds to step 401 of fig. 4 ]: in the first table, records of a address= [ destination address, source address ], B address= [ source address, destination address ], a port= [ destination port, source port ], B port= [ source port, destination port ], a port state= [ ESTABLISHED, SYN _ RECV, ESTABLISHED ], and B port state= [ syn_ RECV, ESTABLISHED, ESTABLISHED ] are recorded. If there is a record and if one of the port states is syn_recv, its state=established is updated.
As shown in fig. 13, the current packet is a psh+ack packet sent from the a-server (address: 192.168.1.1, port 10000) to the B-server (address: 192.168.1.2, port 10001). The three-way handshake between a and B can be considered complete. The 10001 port state of the B-server also becomes ESTABLISHED. Update the first table record as (bold field as change field):
TABLE 6 first Table update records Table six
Step 2[ corresponds to step 402 of fig. 4 ]: the checksum in the message is checked according to the check algorithm defined in RFC 793. If the verification is not finished, the data is error data and should be discarded. If the check is passed, judging whether the check sum exists in the second table, if so, indicating that the check sum is retransmission data, and discarding the retransmission data; if the data is not present, judging the current data transmission direction recorded by the first table, if the value is null, describing that the data is a request message transmitted for the first time, registering the type=request, transmitting the current message transmission direction=A- > B (source address is A) or B- > A (source address is B), and registering the packet sequence number, upper layer data and checksum in the message to the second table; if the current data transmission direction is the same as the current transmission direction recorded by the first table, the TCP fragmented data is indicated, and the packet sequence number, the upper layer data and the checksum in the message are continuously registered to the second table.
For example, for the packet illustrated in step 1, the first table corresponds to the B packet number=0, the B packet number addend=1, and the ack=1 in the packet, which corresponds to the B packet number+b packet number addend=ack. The source address is A, the destination address is B, the current data transmission direction of the corresponding record of the first table is empty, and the record of the first table is updated as (the thickened field is the changed field):
TABLE 7 seven of the record table after the first table update
The new record is (bold field is change field) in the second table:
TABLE 8 second Table update one of the recording tables
ID(FK) Bag serial number (PK) Length of upper layer data Upper layer data Checksum
1 1 7 http:// 16 bitsChecksum
If 2 psh+ack packets are received as follows, the 2 nd packet is sent from the a-server before the 1 st packet, but out of order when arriving at the B-server due to network reasons, as shown in fig. 14:
the first table record remains unchanged and the second table newly-added record (bold field is change field):
TABLE 9 second form update record Table two
ID(FK) Bag serial number (PK) Length of upper layer data Upper layer data Checksum
1 1 7 http:// 16-bit checksum
1 12 10 soopat.com 16-bit checksum
1 8 4 www. 16-bit checksum
Step 3[ corresponds to step 403 of fig. 4 ]: and if the current data transmission direction is different from the current transmission direction recorded by the first table, sequencing the records corresponding to the second table and the current TCP session according to the packet sequence numbers, and checking whether the packet sequence number and the upper layer data length of the last record are equal to the packet sequence number of the next record. If the transmission direction of the record of the first table is a- > B, updating the packet number a of the first table=the packet number of the last record of the ID corresponding to the second table, the packet number a plus number=the length of the upper layer data of the last record of the ID corresponding to the second table, and B- > a confirms the packet number=the packet number a+the packet number plus number a. The upper layer data of the second table is spliced together as request/response data, recorded to the third table, and the data is deleted from the second table. And registering the packet serial number, upper layer data and checksum of the current packet in a second table. Similarly, if the source address is a, setting the a-packet sequence number addend=data byte number of the first table; otherwise, if the source address is B, the B packet sequence number addend=the number of data bytes of the first table is set.
For example: as shown in fig. 15, the current packet is a psh+ack packet sent from the B server (address: 192.168.1.2, port 10001) to the a server (address: 192.168.1.1, port 10000), and the second table corresponding record is ordered by packet number (bold field is change field) because the transmission direction of the second table corresponding record is different from that of the first table corresponding record:
TABLE 10 second Table update record Table III
ID(FK) Bag serial number (PK) Length of upper layer data Upper layer data Checksum
1 1 7 http:// 16-bit checksum
1 8 4 www. 16-bit checksum
1 12 10 soopat.com 16-bit checksum
Checking the packet sequence number of the 1 st record plus the length of the upper layer data=8, which is equal to the packet sequence number of the 2 nd record; packet number of record 2 + upper layer data length=12, equal to packet number of record 3.
The first table record is updated (bolded field is changed field):
TABLE 11 first Table update records Table eight
The second table identical ID record is cleared and a record is added in the second table (the bolded field is the change field):
table 12-fourth of second Table update record Table
ID(FK) Bag serial number (PK) Length of upper layer data Upper layer data Checksum
1 1 11 <p>hello</p> 16-bit checksum
Third table newly added record (bold field is change field):
TABLE 13 third TABLE update one of the recording tables
ID(FK) Operation number (PK) Type(s) Upper layer data
1 1 Request for http://www.soopat.com
The "rst+ack" packet processing steps are as follows (corresponding to step 03 of fig. 1):
the class packet is a reset packet, and is captured to indicate that the TCP session is reset, and all data of the corresponding session should be discarded. And searching records in the first table according to the A address= [ destination address, source address ], B address= [ source address, destination address ], A port= [ destination port, source port ], B port= [ source port, destination port ], deleting the records if the records exist, and deleting the second table and the third table records in a related manner.
For example, as shown in fig. 16, after receiving the response from the B server, the a server returns a rst+ack packet, and considers that the communication has been reset, and deletes the corresponding records of the first table, the second table, and the third table.
The "urg+ack" packet processing steps are as follows (corresponding to step 07 of fig. 1):
the type of packet is an urgent packet, the type of packet at least carries 1 byte of urgent data, and the processing method is the same as that of the step 1 of ACK (namely, the ACK packet carrying the data).
The "fin+ack" packet processing steps are as follows (corresponding to step 04 of fig. 1):
the class packet is a TCP session close packet, and capturing the class packet requires distinguishing between the 1 st or 3 rd interaction of four waving hands. If the source port is changed to FIN_WIAT1, the source port is changed to FIN_WIAT1; if the hand is swung for 2 nd time four times, the source port state is changed into LAST_ACK. Both the above two cases require setting an active square port state.
Step 1: records of a address= [ destination address, source address ], B address= [ source address, destination address ], a port= [ destination port, source port ], B port= [ source port, destination port ] are searched in the first table.
Step 2[ corresponds to step 501 of fig. 5 ]: if a port state=established and B port state=established, this indicates that the packet is the 1 st of four hand swings. If the second table has records with the same ID, the sequence numbers of the data packets of the second table are also required to be sequenced and then combined into the third table, and the corresponding records of the second table are deleted. If the source port is B, checking whether the confirmation sequence number in the message is equal to the a packet sequence number+a packet sequence number, if so, setting B port state=fin_wait 1, B packet sequence number=packet sequence number, B- > a confirmation packet sequence number=confirmation sequence number, B packet sequence number addend=1; if the original port is A, the same way is set.
For example, as shown in FIG. 17, the current packet is a FIN+ACK packet sent from the B-server (address: 192.168.1.2, port 10001) to the A-server (address: 192.168.1.1, port 10000), and both port states of the corresponding record of the first table are ESTABLISHED, which indicates that the port state of the B-server has become FIN_WAIT1.
The corresponding records of the second table are combined according to the sequence number of the data packet (the thickened field is a change field):
TABLE 14 second Table update records Table five
ID(FK) Bag serial number (PK) Length of upper layer data Upper layer data Checksum
1 1 11 <p>hello</p> 16-bit checksum
Third table newly added record (bold field is change field):
TABLE 15 third TABLE update record TABLE two
ID(FK) Operation number (PK) Type(s) Upper layer data
1 1 Request for http://www.soopat.com
1 2 Response to a request <p>hello</p>
And deleting the corresponding record of the second table.
The first table record is updated (bolded field is changed field):
TABLE 16 first TABLE update records TABLE eight
Step 3[ corresponds to step 502 of fig. 5 ]: if the a port state= [ fin_wait1, close_wait ], the B port state= [ close_wait, fin_wait1], if the packet can be found to be 3 rd time of the four hand waving, each field is set in the same manner as 1 st time of the four hand waving, the difference is that the source port state=last_ack and the destination port state=fin_wait 2 are set.
For example, as shown in fig. 18, the current packet is a fin+ack packet sent from the a-server (address: 192.168.1.1, port 10000) to the B-server (address: 192.168.1.2, port 10001), corresponding to the a-port status=close_wait and B-port status=fin_wait 1 of the first table record, the packet is illustrated as the 3 rd time of four waving, the first table record is updated (the thickened field is the changed field):
TABLE 17 first Table update record Table nine
1. And (3) ending treatment:
1.1. because the port states set in the packet analysis are the packet source port states, the fourth interaction ACK is captured four times of waving
After the packet, the destination port state is not set to CLOSED yet, and needs to be set in a complementary way:
and (3) carrying out complementary processing on the states of the port pair states of TIME_WAIT and LAST_ACK in the first table, and setting the states as CLOSED.
1.2. Because packet capture may stop before a TCP session is closed, the captured TCP sessions are incomplete and none of these sessions
The method extracts the complete application layer data from the data, and the method should be discarded:
and for all records in the first table, the port states of the two sides are not CLOSED, and the data of the first table, the second table and the third table are cleared in an associated mode.
For example, after receiving the 4 th ACK packet of four waving, the port status in the first table record should be updated to (the thickened field is the changed field):
TABLE 18 first TABLE update record TABLE ten
2. The application layer data is transformed into test data:
the final third table is the restored production application layer data. The sensitive fields in which user information is involved may be morphed for application to a test environment using a morph program. And will not be described in detail herein.
For example, a record of the third table is finally obtained, which is the application layer data interacted with for each TCP session:
TABLE 19 third TABLE update records Table five
ID(FK) Operation number (PK) Type(s) Upper layer data
1 1 Request for http://www.soopat.com
1 2 Response to a request <p>hello</p>
According to the method for extracting the generated data of the regression test or the pressure test, the packet data is stored in the database, the complete application layer data can be extracted from the TCP fragments according to the TCP protocol, and memory overflow caused by once loading of the large file by the Wireshark is avoided.
Based on the same inventive concept, the embodiment of the present invention further provides an extraction device for generating data of a regression test or a pressure test, as shown in fig. 19, including:
the packet capturing module 1 captures packets of data generated by a regression test or a pressure test to obtain a plurality of packet files; the data generated by the regression test or the pressure test data comprises application layer data generated by at least one session between the terminal and the interactive system;
the analysis module 2 analyzes each packet file to obtain application layer data packets corresponding to all sessions;
the application layer data determining module 3 determines the application layer data packet corresponding to each session based on the interaction information of the session protocol, so as to obtain the application layer data corresponding to each session.
According to the extraction device for the generated data of the regression test or the pressure test, the data to be extracted is subjected to packet capturing to obtain a plurality of packet files; then analyzing each packet file to obtain analyzed data and parameters on a plurality of flag bits; and finally, extracting application layer data corresponding to each session from the analyzed data by combining the plurality of flag bits. Compared with extracting a single packet file, the method avoids memory overflow caused by once loading a large file by Wireshark, and simultaneously can anchor the start and end points of each session through the flag bit, so that the integrity of the application layer data of each session is ensured, the complete application layer data can be extracted, and the problem of incomplete TCP layer fragmentation is avoided.
In a preferred embodiment, the extraction module comprises:
the type determining unit is used for judging the type of each packet according to the zone bit of each session;
and the application layer data extraction unit extracts the application layer data corresponding to each session according to the type of each packet, the address of the two parties corresponding to the session under each packet type, the ports of the two parties and the states of the ports of the two parties.
In a preferred embodiment, the packet grabbing module grabs packets of data to be extracted by a TcpDump packet grabbing tool.
In a preferred embodiment, the parsing module parses each packet file through a Wireshark.
In terms of hardware level, in order to provide an embodiment of an electronic device for implementing all or part of contents in the extraction method of the generated data of the regression test or the pressure test, the electronic device specifically includes the following contents:
a processor (processor), a memory (memory), a communication interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete communication with each other through the bus; the communication interface is used for realizing information transmission among the server, the device, the distributed message middleware cluster device, various databases, user terminals and other related equipment; the electronic device may be a desktop computer, a tablet computer, a mobile terminal, etc., and the embodiment is not limited thereto. In this embodiment, the electronic device may refer to an embodiment of the method for extracting the generated data of the regression test or the pressure test in the embodiment, and an embodiment of the device for extracting the generated data of the regression test or the pressure test is implemented, and the contents thereof are incorporated herein, and are not repeated here.
Fig. 21 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present invention. As shown in fig. 21, the electronic device 9600 may include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 21 is exemplary; other types of structures may also be used in addition to or in place of the structures to implement telecommunications functions or other functions.
In one embodiment, the extraction method functions of the generated data of the regression test or the pressure test may be integrated into the central processor 9100.
In another embodiment, the device for extracting the generated data of the regression test or the pressure test may be configured separately from the central processor 9100, for example, the method for extracting the generated data of the regression test or the pressure test may be configured as a chip connected to the central processor 9100, and the function of the method for extracting the generated data of the regression test or the pressure test is implemented by the control of the central processor.
As shown in fig. 21, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 need not include all of the components shown in fig. 21; in addition, the electronic device 9600 may further include components not shown in fig. 21, and reference may be made to the related art.
As shown in fig. 21, the central processor 9100, sometimes referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, which central processor 9100 receives inputs and controls the operation of the various components of the electronic device 9600.
The memory 9140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information about failure may be stored, and a program for executing the information may be stored. And the central processor 9100 can execute the program stored in the memory 9140 to realize information storage or processing, and the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. The power supply 9170 is used to provide power to the electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, but not limited to, an LCD display.
The memory 9140 may be a solid state memory such as Read Only Memory (ROM), random Access Memory (RAM), SIM card, etc. But also a memory which holds information even when powered down, can be selectively erased and provided with further data, an example of which is sometimes referred to as EPROM or the like. The memory 9140 may also be some other type of device. The memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 storing application programs and function programs or a flow for executing operations of the electronic device 9600 by the central processor 9100.
The memory 9140 may also include a data store 9143, the data store 9143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, address book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. A communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, as in the case of conventional mobile communication terminals.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, etc., may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and to receive audio input from the microphone 9132 to implement usual telecommunications functions. The audio processor 9130 can include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100 so that sound can be recorded locally through the microphone 9132 and sound stored locally can be played through the speaker 9131.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principles and embodiments of the present invention have been described in detail with reference to specific examples, which are provided to facilitate understanding of the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (7)

1. The extraction method of the generated data of the regression test or the pressure test is characterized by comprising the following steps of:
the data generated by the regression test or the pressure test are subjected to packet capturing to obtain a plurality of packet files; the data generated by the regression test or the pressure test data comprises application layer data generated by at least one session between the terminal and the interactive system;
analyzing each packet file to obtain application layer data packets corresponding to all sessions;
determining application layer data packets corresponding to each session based on interaction information of session protocols, and further obtaining application layer data corresponding to each session;
the interaction information comprises: the packet sequence number, the confirmation packet sequence number and the packet type of each application layer data packet, and the address information interacted by the two parties;
the session protocol-based interaction information determines an application layer data packet corresponding to each session, including:
determining an initial application layer data packet and a final application layer data packet of a single session according to the packet type and the packet sequence number of each application layer data packet and the confirmation packet sequence number, and
combining the packet capturing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, and determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, wherein the data in all application layer data packets corresponding to each session are sequenced according to the size of the packet capturing sequence number to form the application layer data;
The session protocol-based interaction information determines an application layer data packet corresponding to each session, and the method further comprises the following steps:
determining port states of the corresponding interaction parties according to the packet type of each application layer data packet;
combining the packet capturing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, including:
combining the packet capturing sequence number and the port state of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by the two parties, and determining all application layer data packets corresponding to each session and the corresponding application layer data packet sequence according to each initial application layer data packet and each terminal application layer data packet;
the session protocol-based interaction information determines an application layer data packet corresponding to each session, and the method further comprises the following steps:
and determining the packet type of the application layer data packet according to the characteristic value on the session flag bit of each application layer data packet.
2. The extraction method of claim 1, wherein the session flag bit comprises: SEQ flag bit, LEN flag bit, ACK flag bit; the eigenvalues include 0 and 1.
3. The extraction method of claim 2, wherein the packet type comprises: SYN, syn+ ACK, ACK, PSH +ack, rst+ack, fin+ack, and urg+ack;
the determining the port state of the corresponding interaction parties according to the packet type of each application layer data packet comprises the following steps:
if the packet type is an application layer data packet of SYN, determining that the source port state is SYN_SENT; the destination port state is empty;
for an application layer data packet with a packet type of SYN+ACK, determining that a source port state is SYN_SENT and a destination port state is SYN_RECV;
for an application layer data packet with the packet type of ACK, determining that the source port state is ESTABLISHED and the destination port state is SYN_RECV;
for an application layer data packet with a packet type of ACK, distinguishing that the session state of the application layer data packet with the packet type of ACK is one of carrying data, 3 rd TIME of three-way handshake, 2 nd TIME of four-TIME hand waving and 4 th TIME of interaction, if the session state is 3 rd TIME of three-way handshake, determining that the source port state is ESTABLISHED, if the session state is 2 nd TIME of four-TIME hand waving, determining that the source port state is close_wait, if the session state is 4 th TIME of four-TIME hand waving, determining that the source port state is time_wait, and the destination port state is SYN_RECV;
For an application layer data packet with the packet type PSH+ACK, determining that the ports of the two interaction sides are ESTABLISHED;
for the packet type of FIN+ACK, distinguishing the session state of the application layer data packet with the packet type of ACK as the 1 st or 3 rd interaction of the four waving, and if the session state is the 1 st interaction of the four waving, determining the source port state as FIN_WIAT1; if the hand is swung for the 2 nd time four times, the source port state is determined to be LAST_ACK.
4. The extraction method according to claim 2, further comprising: if an application layer data packet with a packet type of RST+ACK exists in a single session, discarding all application layer data of the corresponding session.
5. An extraction device for data generated by a regression test or a pressure test, comprising:
the packet capturing module captures packets of data generated by a regression test or a pressure test to obtain a plurality of packet files; the data generated by the regression test or the pressure test data comprises application layer data generated by at least one session between the terminal and the interactive system;
the analysis module analyzes each packet file to obtain application layer data packets corresponding to all sessions;
the application layer data determining module determines the application layer data packet corresponding to each session based on the interaction information of the session protocol, so as to obtain the application layer data corresponding to each session;
The interaction information comprises: the packet sequence number, the confirmation packet sequence number and the packet type of each application layer data packet, and the address information interacted by the two parties;
the session protocol-based interaction information determines an application layer data packet corresponding to each session, including:
determining an initial application layer data packet and a final application layer data packet of a single session according to the packet type and the packet sequence number of each application layer data packet and the confirmation packet sequence number, and
combining the packet capturing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, and determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, wherein the data in all application layer data packets corresponding to each session are sequenced according to the size of the packet capturing sequence number to form the application layer data;
the session protocol-based interaction information determines an application layer data packet corresponding to each session, and the method further comprises the following steps:
determining port states of the corresponding interaction parties according to the packet type of each application layer data packet;
combining the packet capturing sequence number and the packet type of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by both sides, determining all application layer data packets corresponding to each session according to each initial application layer data packet and each final application layer data packet, including:
Combining the packet capturing sequence number and the port state of each application layer data packet, and the address information, the packet sequence number and the acknowledgement packet sequence number interacted by the two parties, and determining all application layer data packets corresponding to each session and the corresponding application layer data packet sequence according to each initial application layer data packet and each terminal application layer data packet;
the session protocol-based interaction information determines an application layer data packet corresponding to each session, and the method further comprises the following steps:
and determining the packet type of the application layer data packet according to the characteristic value on the session flag bit of each application layer data packet.
6. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 4 when executing the computer program.
7. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program for executing the method of any one of claims 1 to 4.
CN202010821304.XA 2020-08-14 2020-08-14 Extraction method and device for generated data of regression test or pressure test Active CN111949542B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010821304.XA CN111949542B (en) 2020-08-14 2020-08-14 Extraction method and device for generated data of regression test or pressure test

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010821304.XA CN111949542B (en) 2020-08-14 2020-08-14 Extraction method and device for generated data of regression test or pressure test

Publications (2)

Publication Number Publication Date
CN111949542A CN111949542A (en) 2020-11-17
CN111949542B true CN111949542B (en) 2023-09-12

Family

ID=73343001

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010821304.XA Active CN111949542B (en) 2020-08-14 2020-08-14 Extraction method and device for generated data of regression test or pressure test

Country Status (1)

Country Link
CN (1) CN111949542B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995740A (en) * 2018-01-02 2019-07-09 国家电网公司 Threat detection method based on depth protocal analysis
CN110505111A (en) * 2019-07-09 2019-11-26 杭州电子科技大学 The industry control agreement fuzz testing method reset based on flow
CN110839060A (en) * 2019-10-16 2020-02-25 武汉绿色网络信息服务有限责任公司 HTTP multi-session file restoration method and device in DPI scene

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995740A (en) * 2018-01-02 2019-07-09 国家电网公司 Threat detection method based on depth protocal analysis
CN110505111A (en) * 2019-07-09 2019-11-26 杭州电子科技大学 The industry control agreement fuzz testing method reset based on flow
CN110839060A (en) * 2019-10-16 2020-02-25 武汉绿色网络信息服务有限责任公司 HTTP multi-session file restoration method and device in DPI scene

Also Published As

Publication number Publication date
CN111949542A (en) 2020-11-17

Similar Documents

Publication Publication Date Title
JP7029471B2 (en) Uplink data decompression, compression method and equipment
US11502948B2 (en) Computational accelerator for storage operations
US20200120075A1 (en) Hardware-accelerated payload filtering in secure communication
EP3211852A1 (en) Ssh protocol-based session parsing method and system
US20070233892A1 (en) System and method for performing information detection
CN111931188B (en) Vulnerability testing method and system in login scene
WO2015070540A1 (en) Terminal pairing method, terminal and system
CN111327636B (en) S7-300PLC private protocol reverse method relating to network security
CN112350850A (en) Log file reporting method and device, storage medium and electronic equipment
WO2021134418A1 (en) Data checking method and apparatus
CN109951425B (en) TCP (Transmission control protocol) flow state integrity detection method based on FPGA (field programmable Gate array)
CN111949542B (en) Extraction method and device for generated data of regression test or pressure test
CN115604052B (en) Vehicle communication interaction method and system and electronic equipment
CN104168261B (en) Dynamic password login method and device
CN115348333B (en) Data transmission method, system and equipment based on UDP double-end communication interaction
CN103825683A (en) Kernel proxy method and device based on TCP (transmission control protocol) retransmission mechanism
US20040001490A1 (en) Method of verifying number of sessions of computer stack
CN111654884B (en) Data processing method and related equipment
AU2014231331B2 (en) System and method for reliable messaging between application sessions across volatile networking conditions
CN108282454A (en) For using inline mode matching to accelerate the devices, systems, and methods of safety inspection
CN117294783B (en) Chip verification method, device and equipment
JP2011249922A (en) Network device, tcp packet receiver and method
WO2021062690A1 (en) Ethernet frame packet header compression processing method and apparatus, user terminal, base station and medium
CN116781690A (en) File transmission method, device, equipment and storage medium
CN115118392A (en) D-SACK determination method, processor and communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant