CN112995352A - IPv6 network space mapping system and mapping method based on traffic analysis - Google Patents
IPv6 network space mapping system and mapping method based on traffic analysis Download PDFInfo
- Publication number
- CN112995352A CN112995352A CN201911304209.6A CN201911304209A CN112995352A CN 112995352 A CN112995352 A CN 112995352A CN 201911304209 A CN201911304209 A CN 201911304209A CN 112995352 A CN112995352 A CN 112995352A
- Authority
- CN
- China
- Prior art keywords
- packet
- message
- ipv6
- network
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5046—Resolving address allocation conflicts; Testing of addresses
Abstract
The invention discloses an IPv6 network space mapping system and method based on flow analysis, wherein the system comprises: the network flow capturing module is used for capturing and storing the network flow packet; the system comprises a flow reduction module and a target IP identification module, wherein the flow reduction module is used for carrying out flow reduction on the network flow packet to obtain quintuple information corresponding to the network flow packet, and the target IP identification module is used for identifying and obtaining a target IP according to the extracted quintuple information; the IP address survivability judging module is used for determining an IP address survivability identifying range according to the target IP, judging the survivability of each IP address in the identifying range and storing the IP addresses judged to be alive.
Description
Technical Field
The invention relates to the technical field of IP address identification, in particular to an IPv6 network space mapping system and method based on flow analysis.
Background
With the rapid increase of the number of network users, the situation of insufficient addresses of IPv4 has occurred at present. To solve the problem of insufficient IPv4 addresses, IPv6 addresses are beginning to be widely used. In recent years, with the rapid development of the technology of the internet of things, many devices hidden behind the NAT device exist in the IPv6 network in the form of independent IP. Sometimes, enterprises and public institutions such as schools, government departments and the like need to identify and judge the survivability of the IPv6 so as to allocate unused IPv6 addresses to needed equipment, but because the IPv6 addresses have a very large range, the IPv6 assets cannot be detected in a traditional traversal scanning mode. Therefore, a simple and fast method for detecting the IPv6 assets is needed to realize fast detection of the IPv6 assets.
Disclosure of Invention
The present invention provides an IPv6 network space mapping system and mapping method based on traffic analysis, so as to solve the above technical problems.
In order to achieve the purpose, the invention adopts the following technical scheme:
an IPv6 cyberspace mapping system based on traffic analysis is provided for extracting and identifying IPv6 addresses in network traffic, the system including:
the network flow capturing module is used for capturing and storing the network flow packet;
a traffic reduction module, connected to the network traffic capture module, configured to perform traffic reduction on the network traffic packet to obtain quintuple information corresponding to the network traffic packet, where the traffic reduction module specifically includes:
the flow packet restoration unit is used for restoring the network flow packet into a plurality of flow files;
a network connection recovery unit, connected to the traffic packet restoration unit, configured to extract packets from each traffic file, obtain and store a packet corresponding to each traffic file, and recombine each packet according to a packet category corresponding to each packet, so as to recover network connection of the network traffic packet;
a quintuple information analyzing unit connected with the network connection recovery unit and used for analyzing the quintuple information from each message after the network connection is successfully recovered;
the target IP identification module is connected with the network restoration module and used for identifying and obtaining a target IP according to the extracted quintuple information;
and the IP address survivability judging module is connected with the target IP identification module and used for determining an IP address survivability identification range according to the target IP, judging the survivability of each IP address in the identification range and storing the IP addresses judged to be alive.
As a preferred embodiment of the present invention, the network connection recovery unit in the traffic reduction module specifically includes:
a packet extraction subunit, configured to perform packet extraction on each traffic file to obtain the packet corresponding to each traffic file;
the message classification subunit is connected with the message extraction subunit and is used for classifying each message;
and the message recombining subunit is connected with the message classifying subunit and is used for recombining each message according to the message category corresponding to each message so as to recover the network connection of the network flow packet.
As a preferred scheme of the present invention, if a source IP address corresponding to one packet is the same as a source IP address corresponding to another packet, and a source port corresponding to the packet is the same as a source port corresponding to another packet, the two packets are classified into the same packet category.
As a preferred scheme of the present invention, if a source IP address corresponding to one packet is the same as a destination IP corresponding to another packet, and a source port corresponding to the packet is the same as a destination port corresponding to another packet, the two packets are classified into the same packet category.
As a preferred embodiment of the present invention, the quintuple information parsing unit in the flow rate reduction module specifically includes:
a header information extraction subunit, configured to extract header information corresponding to each of the messages;
a message content information extraction subunit, configured to extract message content information corresponding to each of the messages;
and a quintuple information analyzing subunit, connected to the header information extracting subunit and the packet content information extracting subunit, respectively, and configured to further analyze the quintuple information corresponding to the packet from the header information and the packet content information.
As a preferred solution of the present invention, the IPv6 cyberspace mapping system further includes:
and the protocol identification module is respectively connected with the IP address viability judgment module and the flow reduction module and used for carrying out service protocol identification on each IP address judged to be alive according to the quintuple information to obtain a service protocol identification result and store the service protocol identification result.
As a preferable aspect of the present invention, the target IP includes an IPv6 address.
The invention also provides an IPv6 network space mapping method based on traffic analysis, which is realized by applying the IPv6 network space mapping system, and the method comprises the following steps:
step S1, the IPv6 network space mapping system captures and stores the network traffic packet;
step S2, the IPv6 network space mapping system performs flow reduction on the network traffic packet to obtain the quintuple information corresponding to the network traffic packet;
step S3, the IPv6 network space mapping system identifies and obtains the target IP according to the quintuple information extracted in the step S2;
step S4, the IPv6 network space mapping system determines the IP address survivability identification range according to the target IP, judges the survivability of each IP address in the identification range, and stores the IP addresses judged to be alive.
As a preferred embodiment of the present invention, in step S2, the process of extracting the quintuple information by the IPv6 cyberspace mapping system specifically includes the following steps:
step S21, the IPv6 network space mapping system restores the network traffic package into a plurality of traffic files;
step S22, the IPv6 network space mapping system performs message extraction on each flow file to obtain and store the message corresponding to each flow file;
step S23, the IPv6 network space mapping system identifies the message type corresponding to each message;
step S24, the IPv6 network space mapping system recombines each message according to the message category corresponding to each message so as to recover the network connection of the network traffic packet;
step S25, after the IPv6 network space mapping system successfully recovers the network connection, the quintuple information is parsed from each message.
As a preferable scheme of the present invention, in step S23, the method for the IPv6 network space mapping system to identify the packet type corresponding to each packet includes:
when the source IP address corresponding to one message is the same as the source IP address corresponding to the other message, and the source port corresponding to the message is the same as the source port corresponding to the other message, classifying the two messages into the same message category;
or when the source IP address corresponding to one packet is the same as the destination IP corresponding to another packet, and the source port corresponding to the packet is the same as the destination port corresponding to another packet, classifying the two packets into the same packet category.
The invention obtains the IPv6 address through a traffic analysis mode, solves the technical problem that the IPv6 asset cannot be detected through a traversal scanning mode at present, and improves the authenticity and the survival rate of the obtained target IP through verifying the network connection state of the network traffic packet.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic structural diagram of an IPv6 cyberspace mapping system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a traffic reduction module in an IPv6 cyberspace mapping system according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a network connection recovery unit in the traffic restoration module;
fig. 4 is a schematic structural diagram of a quintuple information parsing unit in the traffic reduction module;
FIG. 5 is a diagram illustrating steps of an IPv6 cyberspace mapping method according to an embodiment of the invention;
fig. 6 is a flowchart of the method steps for extracting quintuple information in the IPv6 cyberspace mapping system according to an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
Wherein the showings are for the purpose of illustration only and are shown by way of illustration only and not in actual form, and are not to be construed as limiting the present patent; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if the terms "upper", "lower", "left", "right", "inner", "outer", etc. are used for indicating the orientation or positional relationship based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not indicated or implied that the referred device or element must have a specific orientation, be constructed in a specific orientation and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes and are not to be construed as limitations of the present patent, and the specific meanings of the terms may be understood by those skilled in the art according to specific situations.
In the description of the present invention, unless otherwise explicitly specified or limited, the term "connected" or the like, if appearing to indicate a connection relationship between the components, is to be understood broadly, for example, as being fixed or detachable or integral; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or may be connected through one or more other components or may be in an interactive relationship with one another. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The IPv6 network space mapping system based on traffic analysis provided in the embodiment of the present invention is used to extract and identify an IPv6 address in network traffic, referring to fig. 1, and the system includes:
the network flow capturing module 1 is used for capturing and storing a network flow packet; the method for capturing the network traffic packet is the prior art, so the specific capturing process of the network traffic packet is not described herein;
the traffic reduction module 2 is connected to the network traffic capture module 1, and is configured to perform traffic reduction on the network traffic packet to obtain quintuple information corresponding to the network traffic packet, please refer to fig. 2 specifically, where the traffic reduction module 2 specifically includes:
the traffic packet restoring unit 21 is configured to restore the network traffic packet into a plurality of traffic files, where a traffic restoring tool such as tcpxract existing in the prior art may be used to restore the network traffic packet into the plurality of traffic files, and an existing traffic restoring method is adopted to restore the network traffic packet into the traffic files, so a specific restoring process is not described herein;
in order to verify the network connection status of the network traffic packet to ensure the authenticity of the finally obtained target IP address, please refer to fig. 2, the traffic restoration module 2 further includes:
a network connection recovery unit 22, connected to the traffic packet recovery unit 21, and configured to extract packets from each traffic file, obtain and store a packet corresponding to each traffic file, and recombine each packet according to a packet type corresponding to each packet, so as to recover network connection of a network traffic packet;
a quintuple information analyzing unit 23 connected to the network connection recovering unit 22, configured to analyze quintuple information from each packet after network connection is successfully recovered;
the target IP identification module 3 is connected with the network restoration module 2 and used for identifying and obtaining a target IP according to the extracted quintuple information;
and the target address survivability judging module 4 is connected with the target IP identifying module 3 and is used for determining an IP address survivability identifying range according to the target IP, judging the survivability of each IP address in the identifying range and storing the IP address judged to be alive.
Referring to fig. 3, the network connection recovery unit 22 in the traffic restoration module 2 specifically includes:
a message extraction subunit 221, configured to perform message extraction on each traffic file to obtain a message corresponding to each traffic file; the method for extracting the message is the existing message extraction method, and the specific process of the message extraction is not described herein since the message extraction method is not within the scope of the claims of the present invention;
a packet classification subunit 222, connected to the packet extraction subunit 221, for classifying each packet;
the message reassembly sub-unit 223 is connected to the message classification sub-unit 222, and configured to reassemble each message according to the message class corresponding to each message, so as to recover the network connection of the network traffic packet.
In the above technical solution, the method for classifying the packet by the system is as follows:
the method comprises the steps that messages comprise quintuple information, wherein the quintuple information comprises a source IP address, a source port, a destination IP address, a destination port and a transmission layer protocol, when the source IP address corresponding to one message is the same as the source IP address of the other message, and the source port corresponding to the message is the same as the source port corresponding to the other message, the system considers that the two messages belong to the same connected session, and then the two messages are classified into the same message category;
or, the source IP address corresponding to one packet is the same as the destination IP corresponding to another packet, and the source port corresponding to the packet is the same as the destination port corresponding to another packet, and the system considers that the two packets belong to the same connected session, and then classifies the two packets into the same packet category.
And finally, restoring and establishing the network connection relation by the system according to the message types corresponding to the messages, so as to realize the restoration connection of the network.
Referring to fig. 4, the quintuple information parsing unit 23 in the traffic reduction module 2 specifically includes:
a header information extraction subunit 231, configured to extract header information corresponding to each packet;
a message content information extraction subunit 232, configured to extract message content information corresponding to each message;
the quintuple information parsing subunit 233 is connected to the header information extracting subunit 231 and the packet content information extracting subunit 232, respectively, and is configured to further parse the quintuple information corresponding to the packet from the header information and the packet content information.
In the above technical solution, the method for the system to extract the header information and the message content information corresponding to the message is the prior art, and the method for the system to obtain the quintuple information by parsing according to the header information and the message content information is also the prior art, so the extraction and parsing processes of the header information, the message content information, and the quintuple information are not described herein.
The quintuple information comprises a destination IP address, and the destination IP address is a target IP to be identified by the system. The invention is mainly used for identifying and judging the survivability of the IPv6 address, so after the target IP is obtained, the system also judges whether the target IP is the IPv6 address by using the regular expression, if so, the subsequent IP address survivability judgment process is carried out, and if not, the survivability judgment of the target IP is terminated.
The survivability judgment process of the system for the IPv6 address is briefly described as follows:
because the IPv6 address space is large and cannot be scanned through traversal, after the system acquires the IPv6 address, it will determine an IPv6 address survivability identification range according to the IPv6 address, and the system only performs survivability judgment on each IPv6 address within the identification range, and stores the IPv6 address judged to be alive. The range is identified as traversing up and/or down n IPv6 addresses for the acquired IPv6 addresses. n is determined by the user according to actual needs.
In order to identify the service agreement of the surviving IP, preferably, referring to fig. 1, the IPv6 network space mapping system provided in this embodiment further includes:
and the protocol identification module 5 is respectively connected with the IP address viability judging module 4 and the flow restoring module 2 and is used for carrying out service protocol identification on each IP address judged to be alive according to the quintuple information to obtain a service protocol identification result and store the service protocol identification result. The IP service protocol identification relies on the existing IP service protocol identification method, and the IP service protocol identification method is not within the scope of the claimed invention, so the specific process of the IP service protocol identification is not described herein.
Referring to fig. 5, the present invention further provides an IPv6 cyberspace mapping method based on traffic analysis, which is implemented by applying the above IPv6 cyberspace mapping system, and the method includes the following steps:
step S1, the IPv6 network space mapping system captures and stores the network traffic packet;
s2, the IPv6 network space mapping system carries out flow reduction on the network flow packet to obtain quintuple information corresponding to the network flow packet;
s3, identifying and obtaining a target IP by the IPv6 network space mapping system according to the quintuple information extracted in the S2;
and step S4, the IPv6 network space mapping system determines an IP address survivability identification range according to the target IP, judges the survivability of each IP address in the identification range and stores the IP addresses judged to be alive.
Referring to fig. 6, in step S2, the process of extracting quintuple information by the IPv6 cyberspace mapping system specifically includes the following steps:
step S21, the IPv6 network space mapping system restores the network traffic package into a plurality of traffic files;
s22, the IPv6 network space mapping system extracts messages of all the traffic files to obtain and store messages corresponding to all the traffic files;
s23, the IPv6 network space mapping system identifies the message type corresponding to each message;
step S24, the IPv6 network space mapping system recombines each message according to the message category corresponding to each message so as to recover the network connection of the network traffic packet;
and step S25, after the IPv6 network space mapping system successfully recovers the network connection, analyzing quintuple information from each message.
In the above technical solution, in step S23, the method for identifying the message type corresponding to each message by the IPv6 network space mapping system is as follows:
when the source IP address corresponding to one message is the same as the source IP address corresponding to the other message, and the source port corresponding to the message is the same as the source port corresponding to the other message, the system considers that the two messages have the same connected session, and then classifies the two messages into the same message category;
or when the source IP address corresponding to one message is the same as the destination IP corresponding to another message, and the source port corresponding to the message is the same as the destination port corresponding to another message, the system considers that the two messages have the same connected session, and then classifies the two messages into the same message category.
The identification process of the target IP by the system and the method for judging the survivability of each IP address of the identified identification range based on the target IP are as described above, and are not described herein again.
It should be understood that the above-described embodiments are merely preferred embodiments of the invention and the technical principles applied thereto. It will be understood by those skilled in the art that various modifications, equivalents, changes, and the like can be made to the present invention. However, such variations are within the scope of the invention as long as they do not depart from the spirit of the invention. In addition, certain terms used in the specification and claims of the present application are not limiting, but are used merely for convenience of description.
Claims (10)
1. An IPv6 cyberspace mapping system based on traffic analysis for extracting and identifying IPv6 addresses in network traffic, comprising:
the network flow capturing module is used for capturing and storing the network flow packet;
a traffic reduction module, connected to the network traffic capture module, configured to perform traffic reduction on the network traffic packet to obtain quintuple information corresponding to the network traffic packet, where the traffic reduction module specifically includes:
the flow packet restoration unit is used for restoring the network flow packet into a plurality of flow files;
a network connection recovery unit, connected to the traffic packet restoration unit, configured to extract packets from each traffic file, obtain and store a packet corresponding to each traffic file, and recombine each packet according to a packet category corresponding to each packet, so as to recover network connection of the network traffic packet;
a quintuple information analyzing unit connected with the network connection recovery unit and used for analyzing the quintuple information from each message after the network connection is successfully recovered;
the target IP identification module is connected with the network restoration module and used for identifying and obtaining a target IP according to the extracted quintuple information;
and the IP address survivability judging module is connected with the target IP identification module and used for determining an IP address survivability identification range according to the target IP, judging the survivability of each IP address in the identification range and storing the IP addresses judged to be alive.
2. The IPv6 cyberspace mapping system of claim 1, wherein the network connection restoration unit in the traffic restoration module specifically includes:
a packet extraction subunit, configured to perform packet extraction on each traffic file to obtain the packet corresponding to each traffic file;
the message classification subunit is connected with the message extraction subunit and is used for classifying each message;
and the message recombining subunit is connected with the message classifying subunit and is used for recombining each message according to the message category corresponding to each message so as to recover the network connection of the network flow packet.
3. The IPv6 cyber-spatial mapping system of claim 2, wherein a source IP address corresponding to one of the packets is the same as a source IP address corresponding to another of the packets, and a source port corresponding to the one of the packets is the same as a source port corresponding to another of the packets, the two of the packets are classified into the same packet category.
4. The IPv6 cyber-spatial mapping system of claim 2, wherein a source IP address corresponding to one of the packets is the same as a destination IP corresponding to another of the packets, and a source port corresponding to the one of the packets is the same as a destination port corresponding to another of the packets, and the two of the packets are classified into the same packet category.
5. The IPv6 cyberspace mapping system of claim 1, wherein the quintuple information parsing unit in the traffic reduction module specifically includes:
a header information extraction subunit, configured to extract header information corresponding to each of the messages;
a message content information extraction subunit, configured to extract message content information corresponding to each of the messages;
and a quintuple information analyzing subunit, connected to the header information extracting subunit and the packet content information extracting subunit, respectively, and configured to further analyze the quintuple information corresponding to the packet from the header information and the packet content information.
6. The IPv6 cyberspace mapping system according to claim 1, further comprising:
and the protocol identification module is respectively connected with the IP address viability judgment module and the flow reduction module and used for carrying out service protocol identification on each IP address judged to be alive according to the quintuple information to obtain a service protocol identification result and store the service protocol identification result.
7. The IPv6 cyberspace mapping system of claim 1, wherein the target IP includes an IPv6 address.
8. An IPv6 cyberspace mapping method based on traffic analysis, which is implemented by applying the IPv6 cyberspace mapping system as claimed in any one of claims 1 to 7, the method comprising the steps of:
step S1, the IPv6 network space mapping system captures and stores the network traffic packet;
step S2, the IPv6 network space mapping system performs flow reduction on the network traffic packet to obtain the quintuple information corresponding to the network traffic packet;
step S3, the IPv6 network space mapping system identifies and obtains the target IP according to the quintuple information extracted in the step S2;
step S4, the IPv6 network space mapping system determines the IP address survivability identification range according to the target IP, judges the survivability of each IP address in the identification range, and stores the IP addresses judged to be alive.
9. The IPv6 cyberspace mapping method according to claim 8, wherein in the step S2, the process of the IPv6 cyberspace mapping system extracting the quintuple information specifically includes the steps of:
step S21, the IPv6 network space mapping system restores the network traffic package into a plurality of traffic files;
step S22, the IPv6 network space mapping system performs message extraction on each flow file to obtain and store the message corresponding to each flow file;
step S23, the IPv6 network space mapping system identifies the message type corresponding to each message;
step S24, the IPv6 network space mapping system recombines each message according to the message category corresponding to each message so as to recover the network connection of the network traffic packet;
step S25, after the IPv6 network space mapping system successfully recovers the network connection, the quintuple information is parsed from each message.
10. The IPv6 cyberspace mapping system according to claim 9, wherein in the step S23, the method for the IPv6 cyberspace mapping system to identify the packet class corresponding to each of the packets includes:
when the source IP address corresponding to one message is the same as the source IP address corresponding to the other message, and the source port corresponding to the message is the same as the source port corresponding to the other message, classifying the two messages into the same message category;
or when the source IP address corresponding to one packet is the same as the destination IP corresponding to another packet, and the source port corresponding to the packet is the same as the destination port corresponding to another packet, classifying the two packets into the same packet category.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911304209.6A CN112995352B (en) | 2019-12-17 | 2019-12-17 | IPv6 network space mapping system and mapping method based on flow analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911304209.6A CN112995352B (en) | 2019-12-17 | 2019-12-17 | IPv6 network space mapping system and mapping method based on flow analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112995352A true CN112995352A (en) | 2021-06-18 |
| CN112995352B CN112995352B (en) | 2022-06-28 |
Family
ID=76342507
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911304209.6A Active CN112995352B (en) | 2019-12-17 | 2019-12-17 | IPv6 network space mapping system and mapping method based on flow analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112995352B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114745315A (en) * | 2022-03-24 | 2022-07-12 | 广西电网有限责任公司 | IPv6 address survivability detection method |
| CN114978571A (en) * | 2022-03-15 | 2022-08-30 | 浙江大学 | Method and system for detecting survival state of EoL embedded equipment in network |
| CN115297036A (en) * | 2022-08-12 | 2022-11-04 | 北京华顺信安科技有限公司 | IPv6 address intelligent analysis-based network space map drawing method and system |
| CN116599780A (en) * | 2023-07-19 | 2023-08-15 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
| CN113973014B (en) * | 2021-10-25 | 2024-04-26 | 杭州安恒信息技术股份有限公司 | Method, device and equipment for monitoring weak password loopholes of network equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1953453A (en) * | 2006-10-25 | 2007-04-25 | 北京交通大学 | A system and realization method for high speed capture and quick storage of IPv6 data |
| US20130275574A1 (en) * | 2012-04-11 | 2013-10-17 | Mcafee, Inc. | Asset detection system |
| CN103685598A (en) * | 2013-12-06 | 2014-03-26 | 国家计算机网络与信息安全管理中心 | Method and device for discovering active IP address in IPv6 network |
| US20140258491A1 (en) * | 2013-03-11 | 2014-09-11 | Bluebox Security Inc. | Methods and apparatus for hostname selective routing in dual-stack hosts |
-
2019
- 2019-12-17 CN CN201911304209.6A patent/CN112995352B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1953453A (en) * | 2006-10-25 | 2007-04-25 | 北京交通大学 | A system and realization method for high speed capture and quick storage of IPv6 data |
| US20130275574A1 (en) * | 2012-04-11 | 2013-10-17 | Mcafee, Inc. | Asset detection system |
| US20140258491A1 (en) * | 2013-03-11 | 2014-09-11 | Bluebox Security Inc. | Methods and apparatus for hostname selective routing in dual-stack hosts |
| CN103685598A (en) * | 2013-12-06 | 2014-03-26 | 国家计算机网络与信息安全管理中心 | Method and device for discovering active IP address in IPv6 network |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113973014B (en) * | 2021-10-25 | 2024-04-26 | 杭州安恒信息技术股份有限公司 | Method, device and equipment for monitoring weak password loopholes of network equipment |
| CN114978571A (en) * | 2022-03-15 | 2022-08-30 | 浙江大学 | Method and system for detecting survival state of EoL embedded equipment in network |
| CN114978571B (en) * | 2022-03-15 | 2023-02-28 | 浙江大学 | Method and system for detecting survival state of EoL embedded equipment in network |
| CN114745315A (en) * | 2022-03-24 | 2022-07-12 | 广西电网有限责任公司 | IPv6 address survivability detection method |
| CN114745315B (en) * | 2022-03-24 | 2023-09-15 | 广西电网有限责任公司 | IPv6 address survivability detection method |
| CN115297036A (en) * | 2022-08-12 | 2022-11-04 | 北京华顺信安科技有限公司 | IPv6 address intelligent analysis-based network space map drawing method and system |
| CN115297036B (en) * | 2022-08-12 | 2023-09-05 | 北京华顺信安科技有限公司 | IPv6 address intelligent analysis-based network space map drawing method and system |
| CN116599780A (en) * | 2023-07-19 | 2023-08-15 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
| CN116599780B (en) * | 2023-07-19 | 2023-10-27 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112995352B (en) | 2022-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112995352B (en) | IPv6 network space mapping system and mapping method based on flow analysis | |
| CN110113345B (en) | Automatic asset discovery method based on flow of Internet of things | |
| CN106330584B (en) | A kind of recognition methods of Business Stream and identification device | |
| CN103795709A (en) | Network security detection method and system | |
| CN103139315A (en) | Application layer protocol analysis method suitable for home gateway | |
| CN102148854B (en) | Method and device for identifying peer-to-peer (P2P) shared flows | |
| CN103607399A (en) | Special IP network safety monitor system and method based on hidden network | |
| CN103780610A (en) | Network data recovery method based on protocol characteristics | |
| US20080291912A1 (en) | System and method for detecting file | |
| KR101414231B1 (en) | Apparatus and method for detecting abnormal call | |
| CN108092976A (en) | Device-fingerprint building method and device | |
| CN102624878B (en) | Method and system for identifying P2P (peer-to-peer) protocol on basis of DNS (domain name server) protocol | |
| CN109474485A (en) | Method, system and storage medium based on network traffic information detection Botnet | |
| CN111818049B (en) | Botnet flow detection method and system based on Markov model | |
| CN106789728A (en) | A kind of voip traffic real-time identification method based on NetFPGA | |
| CN109271217A (en) | Network flow detection method and system under cloud environment | |
| CN111757327A (en) | Method and device for identifying counterfeit DHCP server or gateway in wireless network | |
| CN112995358B (en) | Large-scale network address translation traffic identification method and device and computer equipment | |
| KR101536178B1 (en) | Apparatus and method for detecting abnormal sdp message in 4g mobile networks | |
| KR20190061258A (en) | System for analyzing and recognizing network security state using network traffic flow | |
| CN104104675A (en) | Internet control message protocol camouflage capture and analysis technology | |
| CN103152340A (en) | Resource access-crossing protocol identification method | |
| CN113596065B (en) | SSH protocol login state detection method based on machine learning | |
| CN103051501B (en) | Detection method for identifying network data according to network data recovery manner | |
| CN110381038B (en) | Information verification method and system based on video network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |