CN112615787B - Method and system for automatically generating network topology - Google Patents
Method and system for automatically generating network topology Download PDFInfo
- Publication number
- CN112615787B CN112615787B CN202110012369.4A CN202110012369A CN112615787B CN 112615787 B CN112615787 B CN 112615787B CN 202110012369 A CN202110012369 A CN 202110012369A CN 112615787 B CN112615787 B CN 112615787B
- Authority
- CN
- China
- Prior art keywords
- network
- information
- equipment
- topology
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
Abstract
The invention discloses a method and a system for automatically generating a network topology, belongs to the technical field of network security, and can solve the problem that the construction effect of a shooting range attack scene is influenced due to the fact that the existing network topology structure obtaining mode is low in efficiency and poor in accuracy. The method comprises the following steps: receiving a network address range input by a user side; acquiring network equipment and fingerprint information thereof in a network address range; according to the network equipment and the fingerprint information thereof and the network equipment information in the system asset library, carrying out secondary detection on the network equipment to obtain the adjacent equipment information of the network equipment; and generating a network topology according to the network equipment and the adjacent equipment information. The invention is used for generating the network topology.
Description
Technical Field
The invention relates to a method and a system for automatically generating network topology, belonging to the technical field of network security.
Background
With the rapid development of network technology, great convenience is brought to the society and human life, and a great deal of wealth is created. Meanwhile, network attacks are more and more frequent, a large number of lawless persons and hostile forces grab insubstantial money by using the network, and destroy and unlawful activities are performed on the large number of lawless persons and hostile forces, so that great troubles are caused to the lives of the people. In order to cope with such a severe situation, the network field has been raised to the strategic height of network operations at present. More and more organizations and companies build network shooting ranges, and network security talents are cultivated through the shooting ranges in a form close to actual combat.
In the prior art, when a shooting range attack scene is constructed, the network topology of network equipment is generally required to be obtained first, and the existing network topology structure is low in obtaining efficiency and poor in accuracy, so that the construction effect of the shooting range attack scene is influenced.
Disclosure of Invention
The invention provides a method and a system for automatically generating a network topology, which can solve the problem that the construction effect of a target range attack scene is influenced due to the fact that the existing network topology structure obtaining mode is low in efficiency and poor in accuracy.
In one aspect, the present invention provides a method for automatically generating a network topology, where the method includes: receiving a network address range input by a user side; acquiring network equipment and fingerprint information thereof in the network address range; according to the network equipment and the fingerprint information thereof and the network equipment information in the system asset library, carrying out secondary detection on the network equipment to obtain the adjacent equipment information of the network equipment; and generating a network topology according to the network equipment and the adjacent equipment information.
The secondary detection of the network device according to the network device and its fingerprint information and the network device information in the system asset library to obtain the adjacent device information of the network device specifically includes: generating an initial topology according to the network equipment and the fingerprint information thereof; the device types contained in the initial topology comprise a logic router and a logic switch; searching user name information and password information corresponding to the network equipment in the system asset library according to the equipment type and the fingerprint information of the network equipment; logging in the network equipment by utilizing the user name information and the password information, and performing ping processing on the network equipment; acquiring a mac table from the network equipment subjected to ping processing according to a network channel protocol; acquiring the adjacent equipment information of the network equipment according to the mac table, wherein the adjacent equipment information comprises: and judging the direct connection switch or the direct connection terminal equipment of the network equipment according to the mac table.
Optionally, the modifying the initial topology according to the information of the network device and the neighboring device to generate a network topology specifically includes: and according to the direct connection switch or the direct connection terminal device of the network equipment, secondarily correcting the initial topology, judging the connection between the logic switch and the logic router of the initial topology, deleting unnecessary connections, and generating the corrected network topology.
Optionally, the fingerprint information of the network device includes an IP address, a MAC address, a device type, and an operating system.
In another aspect, the present invention provides an automatic network topology generation system, including: the input unit is used for receiving a network address range input by a user side; the first acquisition unit is used for acquiring the network equipment and the fingerprint information thereof in the network address range; the second acquisition unit is used for carrying out secondary detection on the network equipment according to the network equipment and the fingerprint information thereof and the network equipment information in the system asset library to acquire adjacent equipment information of the network equipment; the second obtaining unit is specifically configured to: generating an initial topology according to the network equipment and the fingerprint information thereof; the device types contained in the initial topology comprise a logic router and a logic switch; searching user name information and password information corresponding to the network equipment in the system asset library according to the equipment type and the fingerprint information of the network equipment; logging in the network equipment by utilizing the user name information and the password information, and performing ping processing on the network equipment; acquiring a mac table from the network equipment subjected to ping processing according to a network channel protocol; acquiring the adjacent equipment information of the network equipment according to the mac table, wherein the adjacent equipment information comprises: according to the mac table, judging a direct connection switch or a direct connection terminal device of the network device; the topology generation unit is specifically configured to: correcting the initial topology according to the adjacent device information to generate a network topology, specifically comprising: and according to the direct connection switch or the direct connection terminal device of the network equipment, secondarily correcting the initial topology, judging the connection between the logic switch and the logic router of the initial topology, deleting unnecessary connections, and generating the corrected network topology.
Optionally, the fingerprint information of the network device includes an IP address, a MAC address, a device type, and an operating system.
The invention can produce the beneficial effects that:
the invention provides a network topology automatic generation method, which comprises the steps of obtaining network equipment and fingerprint information thereof in a network address range; secondly, performing secondary detection on the network equipment according to the network equipment and the fingerprint information thereof and the network equipment information in the system asset library to acquire adjacent equipment information of the network equipment; and finally, generating a network topology according to the information of the network equipment and the adjacent equipment. The network topology obtaining method is high in efficiency and accuracy, and therefore the construction effect of the target range attack scene is guaranteed.
Drawings
Fig. 1 is a flowchart of an automatic network topology generation method according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for automatically generating a network topology according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of an initial topology provided by an embodiment of the present invention;
fig. 4 is a schematic topology diagram after secondary detection according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a modified network topology according to an embodiment of the present invention;
fig. 6 is a block diagram of a structure of an automatic network topology generation system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in detail with reference to examples, but the present invention is not limited to these examples.
An embodiment of the present invention provides an automatic network topology generation method, as shown in fig. 1, the method includes:
and step 11, receiving the network address range input by the user terminal.
And step 12, acquiring the network equipment and the fingerprint information thereof in the network address range.
The step belongs to the process of asset discovery, and specifically, all network devices and fingerprint information thereof belonging to the range of the network address are acquired through an asset scanning technology according to a network address field input by a user, and the fingerprint information includes an IP address, an MAC address, a device type and an operating system, but is not limited to these information.
And step 13, carrying out secondary detection on the network equipment according to the network equipment and the fingerprint information thereof and the network equipment information in the system asset library, and acquiring the adjacent equipment information of the network equipment.
The secondary detection is mainly to log in the network device according to the network device information provided by the system asset library, and discover the neighboring device information of the network device discovered by the asset through the secondary detection, and the protocol used by the secondary detection may be a Link Layer Discovery Protocol (LLDP), but is not limited to this protocol.
And 14, generating a network topology according to the network equipment and the adjacent equipment information.
And generating a network topology by combining the adjacent equipment information obtained by secondary detection according to the network equipment obtained by asset discovery.
The invention obtains the network equipment and the fingerprint information thereof in the network address range; secondly, performing secondary detection on the network equipment according to the network equipment and the fingerprint information thereof and the network equipment information in the system asset library to acquire adjacent equipment information of the network equipment; and finally, generating a network topology according to the information of the network equipment and the adjacent equipment. The network topology obtaining method is high in efficiency and accuracy, and therefore the construction effect of the target range attack scene is guaranteed.
In the embodiment of the present invention, according to the network device and its fingerprint information and the network device information in the system asset library, performing secondary detection on the network device to obtain the adjacent device information of the network device, specifically including:
step 21, generating an initial topology according to the network equipment and the fingerprint information thereof; the types of devices included in the initial topology are logical routers and logical switches.
And step 22, searching user name information and password information corresponding to the network equipment in the system asset library according to the equipment type and the fingerprint information of the network equipment.
And step 23, logging in the network equipment by using the user name information and the password information, and performing ping processing on the network equipment.
And 24, acquiring a mac table from the network equipment subjected to ping processing according to a network channel protocol.
And 25, acquiring adjacent equipment information of the network equipment according to the mac table.
Further, according to the information of the network device and the adjacent device, a network topology is generated, which specifically comprises: and correcting the initial topology according to the adjacent equipment information to generate a network topology.
An initial topology map is generated based on the discovered network assets, the initial topology map including logical routers and logical switch devices. Performing secondary detection discovery according to the equipment type, if the equipment type is a router, finding out the user name and password information corresponding to the IP from the asset library through the IP address, logging in the corresponding router through the user name and the password, and performing ping processing on each router discovered by the asset; if the equipment type is the switch, the user name and the password information corresponding to the IP of the switch are searched in the asset library through the IP address by the same processing method as the router, and the switch is logged in through the user name and the password to perform ping processing on each terminal equipment discovered by the asset. After the ping processing is finished, the mac table is fished and learned from the router and the switch through a network channel protocol. According to the mac table, judging a directly connected switch of the router, judging a directly connected terminal device of the switch, then performing secondary correction on the initial topology, connecting a directly connected real router and the real switch, and connecting the directly connected real switch and the terminal device; and judging the connection between the logic switch and the logic router, and if the connection is not necessary, deleting the connection. And storing the generated network topology into a scene information table.
Another embodiment of the present invention provides a method for automatically generating a network topology, a flowchart of which is shown in fig. 2, and the method includes:
and step 32, initiating asset scanning on the input IP section, and scanning information such as an IP address, an MAC address, a device type, an operating system and the like of the device.
And step 34, performing secondary detection, logging in the discovered real switch or router, and discovering the directly connected lower-layer equipment by the neighbor discovery method. For example, the user name and password information provided by the asset library can be used for logging in each real switch, using ping commands to ping each terminal device, and then obtaining the mac table of the terminal device through a network channel protocol, thereby judging the directly connected host device. The router may also discover its directly connected switch devices by the same method as the switch, or discover its directly connected switch devices by a Link Layer Discovery Protocol (LLDP). Assume that direct-connected devices PC1 and PC2 are discovered by SW1, direct-connected devices PLC are discovered by SW2, and direct-connected switches SW1 and SW2 are discovered by R1, and the topology diagram formed at this time is as shown in fig. 4.
And step 35, topology correction, wherein the main purpose is to remove useless logic devices. For example, in fig. 4, under SWv1, only PC1 and PC2 are provided, and PC1 and PC2 are connected to real switches, respectively, so that SWv1 does not need to exist, and after the same logic processing is used, the topology after final modification is as shown in fig. 5.
And step 36, topology storage, namely storing the generated final topology into a scene information base, wherein the topology exists in a form of a real scene type.
Still another embodiment of the present invention provides an automatic network topology generation system, as shown in fig. 6, the system includes:
the input unit 61 is configured to receive a network address range input by the user end.
And a first obtaining unit 62, configured to obtain network devices and fingerprint information thereof in the network address range.
And a second obtaining unit 63, configured to perform secondary detection on the network device according to the network device and the fingerprint information thereof and the network device information in the system asset library, so as to obtain adjacent device information of the network device.
And a topology generating unit 64, configured to generate a network topology according to the network device and the neighboring device information.
The fingerprint information of the network device comprises an IP address, an MAC address, a device type and an operating system.
Further, the second obtaining unit 63 is specifically configured to:
generating an initial topology according to the network equipment and the fingerprint information thereof; the device types contained in the initial topology comprise a logic router and a logic switch;
searching user name information and password information corresponding to the network equipment in a system asset library according to the equipment type and the fingerprint information of the network equipment;
logging in network equipment by using the user name information and the password information, and performing ping processing on the network equipment;
acquiring a mac table from the network equipment subjected to ping processing according to a network channel protocol;
and acquiring adjacent equipment information of the network equipment according to the mac table.
Further, the topology generating unit 64 is specifically configured to:
and correcting the initial topology according to the adjacent equipment information to generate a network topology.
The detailed description of each unit in the generation system may refer to the description of each step in the generation method, which is not described herein again, and the generation system may implement the same function as the generation method.
Although the present application has been described with reference to a few embodiments, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the application as defined by the appended claims.
Claims (4)
1. A method for automatically generating a network topology, the method comprising:
receiving a network address range input by a user side;
acquiring network equipment and fingerprint information thereof in the network address range;
according to the network device and the fingerprint information thereof and the network device information in the system asset library, performing secondary detection on the network device to acquire adjacent device information of the network device, which specifically comprises the following steps:
generating an initial topology according to the network equipment and the fingerprint information thereof; the device types contained in the initial topology comprise a logic router and a logic switch;
searching user name information and password information corresponding to the network equipment in the system asset library according to the equipment type and the fingerprint information of the network equipment;
logging in the network equipment by utilizing the user name information and the password information, and performing ping processing on the network equipment;
acquiring a mac table from the network equipment subjected to ping processing according to a network channel protocol;
acquiring the adjacent equipment information of the network equipment according to the mac table, wherein the adjacent equipment information comprises: according to the mac table, judging a direct connection switch or a direct connection terminal device of the network device;
correcting the initial topology according to the adjacent device information to generate a network topology, specifically comprising: and according to the direct connection switch or the direct connection terminal device of the network equipment, secondarily correcting the initial topology, judging the connection between the logic switch and the logic router of the initial topology, deleting unnecessary connections, and generating the corrected network topology.
2. The method of claim 1, wherein the fingerprint information of the network device comprises an IP address, a MAC address, a device type, and an operating system.
3. An automatic network topology generation system, comprising:
the input unit is used for receiving a network address range input by a user side;
the first acquisition unit is used for acquiring the network equipment and the fingerprint information thereof in the network address range;
a second obtaining unit, configured to perform secondary detection on the network device according to the network device and its fingerprint information and network device information in a system asset library, and obtain adjacent device information of the network device, where the second obtaining unit specifically includes: generating an initial topology according to the network equipment and the fingerprint information thereof; the device types contained in the initial topology comprise a logic router and a logic switch; searching user name information and password information corresponding to the network equipment in the system asset library according to the equipment type and the fingerprint information of the network equipment; logging in the network equipment by utilizing the user name information and the password information, and performing ping processing on the network equipment; acquiring a mac table from the network equipment subjected to ping processing according to a network channel protocol; acquiring the adjacent equipment information of the network equipment according to the mac table, wherein the adjacent equipment information comprises: according to the mac table, judging a direct connection switch or a direct connection terminal device of the network device;
a topology generating unit, configured to modify the initial topology according to the neighboring device information, and generate a network topology, which specifically includes: and according to the direct connection switch or the direct connection terminal device of the network equipment, secondarily correcting the initial topology, judging the connection between the logic switch and the logic router of the initial topology, deleting unnecessary connections, and generating the corrected network topology.
4. The system of claim 3, wherein the fingerprint information of the network device comprises an IP address, a MAC address, a device type, and an operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110012369.4A CN112615787B (en) | 2021-01-06 | 2021-01-06 | Method and system for automatically generating network topology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110012369.4A CN112615787B (en) | 2021-01-06 | 2021-01-06 | Method and system for automatically generating network topology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112615787A CN112615787A (en) | 2021-04-06 |
| CN112615787B true CN112615787B (en) | 2021-12-14 |
Family
ID=75254053
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110012369.4A Active CN112615787B (en) | 2021-01-06 | 2021-01-06 | Method and system for automatically generating network topology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112615787B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612646B (en) * | 2021-08-30 | 2022-08-02 | 复旦大学 | Neighborhood network topology visualization method based on neighbor discovery |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036725A (en) * | 2012-12-17 | 2013-04-10 | 华为技术有限公司 | Network administration device and method for discovery of network topology |
| CN111865701A (en) * | 2020-08-03 | 2020-10-30 | 北京知道创宇信息技术股份有限公司 | Asset determination method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9178952B2 (en) * | 2010-06-02 | 2015-11-03 | International Business Machines Corporation | Systems and methods for service assurance using virtualized federated presence infrastructure |
-
2021
- 2021-01-06 CN CN202110012369.4A patent/CN112615787B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036725A (en) * | 2012-12-17 | 2013-04-10 | 华为技术有限公司 | Network administration device and method for discovery of network topology |
| CN111865701A (en) * | 2020-08-03 | 2020-10-30 | 北京知道创宇信息技术股份有限公司 | Asset determination method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112615787A (en) | 2021-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113345B (en) | Automatic asset discovery method based on flow of Internet of things | |
| CN103929429B (en) | Network Vulnerability Scanning System and method based on RESTful Web services | |
| CN108011746B (en) | IP-level global Internet topology mapping method based on Traceroute and SNMP protocol | |
| CN101170483B (en) | A method for stacking route switching device | |
| CN103441932B (en) | A kind of Host routes list item generates method and apparatus | |
| CN100388725C (en) | Method of refreshing hardware table item | |
| CN101621414A (en) | Method and apparatus for discovering network resource and topology | |
| CN112953774B (en) | Network topology generation method, system, equipment and computer storage medium | |
| CN109412955B (en) | Method and device for determining link relation between IPRAN network devices | |
| CN112615787B (en) | Method and system for automatically generating network topology | |
| CN111885106A (en) | Internet of things safety management and control method and system based on terminal equipment characteristic information | |
| CN102946385B (en) | A kind of preventing forges the method and apparatus discharging message and carry out attacking | |
| CN112910863A (en) | Network tracing method and system | |
| CN110366172B (en) | Security rating method and device for wireless access point | |
| CN101478419B (en) | Network equipment management method and system thereof | |
| Dickey et al. | Bootstrapping of peer-to-peer networks | |
| CN112350874B (en) | Automatic target range method and system based on dynamic discovery equipment | |
| CN106060006A (en) | Access method and device | |
| CN116719868A (en) | Network asset identification method, device and equipment | |
| CN106254424B (en) | Web camera configuration method and device | |
| CN109995649B (en) | Method and device for acquiring cross-domain link | |
| CN102075364B (en) | Method and equipment for determining direct link | |
| CN115334044A (en) | Internet of things-oriented large-scale IPv6 address survivability detection method | |
| CN114710388A (en) | Campus network security architecture and network monitoring system | |
| JP2003258910A (en) | System and method for analyzing illegal access route |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |