CN114760231A - Method for quickly identifying large-scale host online - Google Patents
Method for quickly identifying large-scale host online Download PDFInfo
- Publication number
- CN114760231A CN114760231A CN202210393907.3A CN202210393907A CN114760231A CN 114760231 A CN114760231 A CN 114760231A CN 202210393907 A CN202210393907 A CN 202210393907A CN 114760231 A CN114760231 A CN 114760231A
- Authority
- CN
- China
- Prior art keywords
- receiving
- data
- host
- echo
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for quickly identifying a large-scale host online, which comprises the following steps: the method comprises the following steps: preprocessing input parameters, converting the input parameters into an IP address data set, dynamically applying for a memory storage data structure, then creating a receiving thread, and starting a receiving channel to prepare for receiving data at any time; step two: sequentially encapsulating parameters of a target host group into an Echo-request message of ICMP through a sending thread, manually constructing a data packet, sequentially and directly sending the data packet to a network card through an original socket method, and then reaching the target host group through a network; step three: and the receiving thread receives an Echo-reply message of the ICMP returned by the online host, and determines the IP address of the online host by filtering key data. The invention can quickly send, process and analyze the message by quickly constructing the ICMP detection message and combining a dual-channel receiving and transmitting separation mode and a preset special mark mode, thereby detecting the online condition of a large-range host computer in extremely short time and recording the online condition.
Description
Technical Field
The invention relates to the field of host identification, in particular to a method for quickly identifying a large-scale host online.
Background
At present, the most common way to detect the online of the host is through a request and response mode of an ICMP message, that is, a sender sends a request of an ICMP protocol Echo command, and then if a reply message of the detected host can be received, the host is proved to be online, and a host online identification method is used in the host identification process.
The existing host online identification method mostly uses the traditional method in the actual use process, only one host can be detected whether the network can be reached or not in each time in a ping command mode, the waiting time is long, the efficiency is low, the data result is complex, the host can be used only by secondary analysis, and certain influence is brought to the use of the host online identification method, so that the method for rapidly identifying the hosts on line in a large scale is provided.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: how to solve the problems that the existing host online identification method mostly uses the traditional method in the actual use process, only one host can be detected whether the network can be reached at each time in a ping command mode, the waiting time is long, the efficiency is low, the data result is complex, the host can be used only by secondary analysis, and certain influence is brought to the use of the host online identification method, and the method for quickly identifying the hosts on a large scale is provided.
The invention solves the technical problems through the following technical scheme, and comprises the following steps:
the method comprises the following steps: preprocessing input parameters, converting the input parameters into an IP address data set, dynamically applying for a memory storage data structure, then creating a receiving thread, and starting a receiving channel to prepare for receiving data at any time;
step two: sequentially encapsulating parameters of a target host group into an Echo-request message of ICMP through a sending thread, manually constructing a data packet, sequentially and directly sending the data packet to a network card through an original socket method, and then reaching the target host group through a network;
step three: after receiving the Echo-request message, the online host responds and returns an Echo-reply message;
step four: carrying out data receiving processing through a receiving thread, wherein once a host responds, the receiving thread receives a response message, the Type value of the response message is 0, a special mark Identifier is added in a request message, the mark is returned in the response message, the IP address of the host responding is filtered by comparing the special mark, and finally, the result is displayed, namely, the response source;
step five: and analyzing the response sources uniformly, judging whether the host receives the socket online and only binds a detection source IP and whether the socket is an ICMP protocol, analyzing and judging whether the socket is an Echo-reply of the ICMP protocol, and processing to determine.
Further, the specific process of encapsulating the Echo-request message of the ICMP is as follows: the sending thread encapsulates a detection request message corresponding to the IP address according to the previously calculated IP range, wherein the message content comprises a Type, a Code and an Identifier, and when the Type and the Code are preset values, the Type and the Code are combined to be represented as a request to be displayed back, namely, the other party is expected to respond; the Identifier flag is a preset flag 0x0f0 f.
Further, the sending thread is only responsible for Echo-request message sending, and the receiving thread is only responsible for receiving data and analyzing data.
Further, the receiving thread receiving mode adopts a select mode.
Further, the specific process of the select mode is as follows: after the data passes through the kernel, a select response of the socket is triggered, then analysis and judgment are carried out, and the waiting time is flexibly mastered through overtime configuration.
Further, the ICMP message in the Echo-request message is obtained after the parameters of the target host group are manually filled, and the IP header in the Echo-request message is automatically filled.
Compared with the prior art, the invention has the following advantages: the method for rapidly identifying the large-scale host online comprises the steps of rapidly constructing an ICMP detection message, rapidly sending, processing and analyzing the message in a dual-channel transceiving separation mode and in combination with a preset special mark mode, thereby detecting the online condition of the large-scale host within a very short time, recording, rapidly, efficiently and online state scanning and recording of the large-scale host, accelerating the reading speed through caching, avoiding the operation during sending by preset data, greatly improving the sending efficiency, sending the detection messages of all IP addresses at the maximum speed, and accurately filtering the sent message by setting a mark symbol without being interfered by data sent by other hosts; and because the existence of the double channels, the receiving processing is synchronously carried out, the online hosts can be listed in a very short time, and the method is more worthy of popularization and application.
Drawings
FIG. 1 is an overall flow diagram of the present invention;
FIG. 2 is a send thread flow diagram of the present invention.
Detailed Description
The following examples are given for the detailed implementation and specific operation of the present invention, but the scope of the present invention is not limited to the following examples.
As shown in fig. 1 and 2, the present embodiment provides a technical solution: a method for rapidly identifying a large-scale host online comprises the following steps:
the method comprises the following steps: preprocessing input parameters, converting the input parameters into an IP address data set, dynamically applying for a memory storage data structure, then creating a receiving thread, and starting a receiving channel to prepare for receiving data at any time;
step two: sequentially encapsulating parameters of a target host group into an Echo-request message of ICMP through a sending thread, manually constructing a data packet, sequentially and directly sending the data packet to a network card through an original socket method, and then reaching the target host group through a network;
the ICMP message in the Echo-request message is obtained after the parameters of a target host group are manually filled, and an IP (Internet protocol) header in the Echo-request message is automatically filled;
Step three: after receiving the Echo-request message, the online host makes a response and returns an Echo-reply message;
step four: carrying out data receiving processing through a receiving thread, wherein once a host responds, the receiving thread receives a response message, the Type value of the response message is 0, a special mark Identifier is added in a request message, the mark is returned in the response message, the IP address of the host responding is filtered by comparing the special mark, and finally, the result is displayed, namely, the response source;
step five: and analyzing the response sources uniformly, judging whether the host receives the socket online and only binds a detection source IP and whether the socket is an ICMP protocol, analyzing and judging whether the socket is an Echo-reply of the ICMP protocol, and processing to determine.
The specific process of encapsulating the Echo-request message of ICMP is as follows: the sending thread encapsulates a detection request message corresponding to the IP address according to the previously calculated IP range, wherein the message content comprises a Type, a Code and an Identifier, and when the Type and the Code are preset values, the Type and the Code are combined to be represented as a request to be displayed back, namely, the other party is expected to respond; the Identifier flag is a preset flag 0x0f0 f.
The sending thread is only responsible for sending Echo-request messages, and the receiving thread is only responsible for receiving data and analyzing the data.
The method for rapidly identifying the large-scale host online comprises the steps of rapidly constructing an ICMP detection message, rapidly sending, processing and analyzing the message in a dual-channel transceiving separation mode and in combination with a preset special mark mode, thereby detecting the online condition of the large-scale host within a very short time, recording, rapidly, efficiently and online state scanning and recording of the large-scale host, accelerating the reading speed through caching, avoiding the operation during sending by preset data, greatly improving the sending efficiency, sending the detection messages of all IP addresses at the maximum speed, and accurately filtering the sent message by setting a mark symbol without being interfered by data sent by other hosts; and because the existence of the double channels, the receiving processing is synchronously carried out, the online hosts can be listed in a very short time, and the method is more worthy of popularization and application.
The specific working process of the invention is as follows:
pretreatment process
And processing the input parameters, converting the input parameters into an IP address data set, and dynamically applying for a memory storage data structure.
Then, a receiving thread is created, and a receiving channel is opened to prepare for receiving data at any time.
The function is as follows: the subsequent data reading speed can be increased through the cache, and the receiving thread is started first, so that data loss is avoided.
Data transmission
The sending thread encapsulates a detection request message corresponding to the IP address according to the previously calculated IP range, and the format of the request message is as follows
The Type 8 is a Type, the Code is coded as 0, and the combination of the Type and the Code is expressed as a request for showing back, namely, the opposite party is expected to respond;
the Identifier marker, we set to our own marker 0x0f0f, facilitates us to filter back the data.
And after the data of all the IP addresses are packaged, all the data are sent to the local network card through the original socket.
The function is as follows: and generating all the detection request messages of the IP and sending out the detection request messages at the highest speed.
Data reception processing
Once the host responds, the receiving thread receives a response message, wherein the Type value of the response message is 0, and a special mark Identifier of 0x0f0f is added in the request message, and the mark is returned in the response message, so that by comparing the special marks, the IP address of the host which makes a response can be accurately filtered, and finally the result is displayed.
The function is as follows: and accurately filtering the response to clarify the IP address of the host.
Overall effect
The reading speed can be increased through the cache, and the preset data can avoid operation in sending, so that the sending efficiency is greatly improved, and the detection messages of all IP addresses can be sent out at the maximum speed. Through measurement and calculation, 65535 detection requests can be sent in 1.4 seconds; through the setting of the marker, the message sent by the user can be accurately filtered, and the message is not interfered by data sent by other hosts; and due to the existence of double channels, the receiving processing is synchronously carried out, and online hosts can be listed in a very short time.
1. The method adopts a technology that original sockets are matched with an encapsulating ICMP packet, the sending speed is high, parameters of a target host group are sequentially encapsulated into an Echo-request message of the ICMP, a data packet is manually constructed, the data packet is directly sent to a network card in sequence through an original socket method, then the data packet reaches the target host group through a network, and 65535 detection messages can be sent in 1.6 seconds.
2. Through a double-thread mode, receiving and transmitting are separated, no packet is lost, a sending thread is only responsible for sending Echo-request messages, and a receiving thread is only responsible for receiving and analyzing data.
3. And a select mode is adopted for receiving, after the high-speed processing response data passes through the kernel, a select response of the socket is triggered, then analysis and judgment are carried out, and the waiting time is flexibly mastered through overtime configuration.
4. Analyzing the response sources uniformly, judging whether the host is on line or not, receiving the socket, only binding the IP of the detection source and whether the IP is an ICMP protocol or not, analyzing and judging whether the IP is an Echo-reply of the ICMP protocol or not, and then processing.
5. And various storage modes are supported, and storage screen output, mysql, redis and written file storage are supported.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are exemplary and not to be construed as limiting the present invention, and that changes, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (8)
1. A method for rapidly identifying a large-scale host online is characterized by comprising the following steps:
the method comprises the following steps: preprocessing input parameters, converting the input parameters into an IP address data set, dynamically applying for a memory storage data structure, then creating a receiving thread, and starting a receiving channel to prepare for receiving data at any time;
step two: sequentially encapsulating parameters of a target host group into an Echo-request message of ICMP through a sending thread, manually constructing a data packet, sequentially and directly sending the data packet to a network card through an original socket method, and then reaching the target host group through a network;
step three: after receiving the Echo-request message, the online host responds and returns an Echo-reply message;
step four: performing data receiving processing through a receiving thread to obtain a processing result, namely a response source;
step five: and uniformly analyzing the response sources, and then processing to determine the recognition result.
2. The method of claim 1, wherein the method comprises the steps of: the specific process of encapsulating the Echo-request message of ICMP is as follows: the sending thread encapsulates a detection request message corresponding to the IP address according to the IP range calculated in the previous step, the message content comprises a Type, a Code and an Identifier marker, when the Type and the Code are preset values, the Type and the Code are combined to be represented as a request to be displayed back, and the opposite side is expected to respond; the Identifier flag is a preset flag 0x0f0 f.
3. The method of claim 1, wherein the method comprises the steps of: the sending thread is only responsible for sending Echo-request messages, and the receiving thread is only responsible for receiving data and analyzing the data.
4. The method of claim 1, wherein the method comprises the steps of: the receiving thread receiving mode adopts a select mode.
5. The method of claim 4, wherein the method comprises the steps of: the specific process of the select mode is as follows: after the data passes through the kernel, a select response of the socket is triggered, then analysis and judgment are carried out, and the waiting time is flexibly mastered through overtime configuration.
6. The method of claim 1, wherein the method comprises the steps of: the ICMP message in the Echo-request message is obtained after the parameters of the target host group are manually filled, and the IP header in the Echo-request message is automatically filled.
7. The method of claim 1, wherein the method comprises the steps of: the receiving thread in the fourth step performs the data receiving and processing process as follows: and the receiving thread receives data, once the host responds, the receiving thread receives a response message, wherein the Type value of the response message is 0, a special mark Identifier is added in the request message, the mark is returned in the response message, the IP address of the host responding is filtered by comparing the special mark, and finally, the result is displayed, namely, the response source.
8. The method of claim 1, wherein the method comprises the steps of: the process of analyzing the response source in step five is as follows: and analyzing the response sources uniformly, judging whether the host receives the socket online and only binds a detection source IP and whether the socket is an ICMP protocol, analyzing and judging whether the socket is an Echo-reply of the ICMP protocol, and processing the socket-reply protocol to determine an identification result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210393907.3A CN114760231A (en) | 2022-04-14 | 2022-04-14 | Method for quickly identifying large-scale host online |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210393907.3A CN114760231A (en) | 2022-04-14 | 2022-04-14 | Method for quickly identifying large-scale host online |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114760231A true CN114760231A (en) | 2022-07-15 |
Family
ID=82331576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210393907.3A Pending CN114760231A (en) | 2022-04-14 | 2022-04-14 | Method for quickly identifying large-scale host online |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114760231A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621532A (en) * | 2008-06-30 | 2010-01-06 | 中兴通讯股份有限公司 | Method for realizing HTTP application by thread pool |
| CN103117798A (en) * | 2012-12-31 | 2013-05-22 | 广东东研网络科技股份有限公司 | Optical network unit (ONU) configuration fast restoring method after optical line terminal (OLT) undergoes outage and restart |
| CN107370636A (en) * | 2016-05-12 | 2017-11-21 | 华为技术有限公司 | Link State determines method and apparatus |
| CN107547505A (en) * | 2017-06-21 | 2018-01-05 | 新华三技术有限公司 | A kind of message processing method and device |
| CN111510353A (en) * | 2020-04-15 | 2020-08-07 | 深圳市三旺通信股份有限公司 | Detection method, device and equipment of online equipment and computer readable storage medium |
| CN112596874A (en) * | 2020-12-16 | 2021-04-02 | 北京天融信网络安全技术有限公司 | Information processing method and electronic equipment |
-
2022
- 2022-04-14 CN CN202210393907.3A patent/CN114760231A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621532A (en) * | 2008-06-30 | 2010-01-06 | 中兴通讯股份有限公司 | Method for realizing HTTP application by thread pool |
| CN103117798A (en) * | 2012-12-31 | 2013-05-22 | 广东东研网络科技股份有限公司 | Optical network unit (ONU) configuration fast restoring method after optical line terminal (OLT) undergoes outage and restart |
| CN107370636A (en) * | 2016-05-12 | 2017-11-21 | 华为技术有限公司 | Link State determines method and apparatus |
| CN107547505A (en) * | 2017-06-21 | 2018-01-05 | 新华三技术有限公司 | A kind of message processing method and device |
| CN111510353A (en) * | 2020-04-15 | 2020-08-07 | 深圳市三旺通信股份有限公司 | Detection method, device and equipment of online equipment and computer readable storage medium |
| CN112596874A (en) * | 2020-12-16 | 2021-04-02 | 北京天融信网络安全技术有限公司 | Information processing method and electronic equipment |
Non-Patent Citations (4)
| Title |
|---|
| 杨亮亮;李翔;史伟民;鲁文其;: "基于以太网的运动控制卡通信模块设计", 工业仪表与自动化装置, no. 03, pages 24 - 28 * |
| 杨亮亮等: ""基于以太网的运动控制卡通信模块设计"", 《工业仪表与自动化装置》, no. 3, pages 24 - 28 * |
| 程雪;侯思祖;王彬;: "具有多种通信功能的数据采集装置的实现", 中国集成电路, no. 08 * |
| 陈言;颜晨阳;: "一种网络爬虫的带缓存非阻塞异步域名解析器模型及其性能分析", 软件导刊, no. 11 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109451006B (en) | Data transmission method, device, server and computer storage medium | |
| CN101540740B (en) | Prompting method of a plurality of instant communication windows, system and device thereof | |
| CN109756401B (en) | Test method, test device, electronic equipment and storage medium | |
| US8472420B2 (en) | Gateway device | |
| CN113347258B (en) | Method and system for data acquisition, monitoring and analysis under cloud flow | |
| CN106375491A (en) | Method, device and system for discovering network equipment | |
| CN105245407A (en) | Network sniffer based on socket and method thereof | |
| JP2016167799A (en) | Network monitoring method and apparatus, and packet filtering method and apparatus | |
| CN112995358B (en) | Large-scale network address translation traffic identification method and device and computer equipment | |
| CN114760231A (en) | Method for quickly identifying large-scale host online | |
| CN101888303A (en) | Recording method of network traffic information and related device | |
| CN113660302A (en) | Industrial internet platform monitoring data transmission and exchange method and system | |
| CN101465738B (en) | Real time monitoring method and system for document transmission | |
| CN106789440B (en) | IP packet header detection method and device | |
| CN112543142B (en) | Method and device for realizing RSTP ring network protocol based on FPGA | |
| CN113973111A (en) | Data forwarding method and device, gateway equipment and computer readable storage medium | |
| CN111526137B (en) | Network accelerator compatible with server and client modes and data processing method | |
| CN115174414A (en) | Method, system and electronic device for automatically identifying devices and device paths in session | |
| CN110620682B (en) | Resource information acquisition method and device, storage medium and terminal | |
| CN110611678B (en) | Method for identifying message and access network equipment | |
| CN114598675A (en) | Control method, device, equipment and medium for realizing host blocking based on ARP | |
| CN113660134A (en) | Port detection method, device, electronic device and storage medium | |
| CN111814161A (en) | Data transmission method and system | |
| CN114760232A (en) | Method for rapidly identifying TCP port opened by host | |
| JPH0730564A (en) | Network system and method and device for detecting duplicate protocol address of network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |