CN115484190A - Method and device for automatically verifying network flow mirror integrity - Google Patents

Method and device for automatically verifying network flow mirror integrity Download PDF

Info

Publication number
CN115484190A
CN115484190A CN202211106579.0A CN202211106579A CN115484190A CN 115484190 A CN115484190 A CN 115484190A CN 202211106579 A CN202211106579 A CN 202211106579A CN 115484190 A CN115484190 A CN 115484190A
Authority
CN
China
Prior art keywords
flow
dial
mirror image
probe
pcap file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211106579.0A
Other languages
Chinese (zh)
Inventor
林飞
唐威
唐相雄
宋钰林
袁祥
罗晗
易永波
古元
毛华阳
华仲峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Act Technology Development Co ltd
Original Assignee
Beijing Act Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Act Technology Development Co ltd filed Critical Beijing Act Technology Development Co ltd
Priority to CN202211106579.0A priority Critical patent/CN115484190A/en
Publication of CN115484190A publication Critical patent/CN115484190A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/55Prevention, detection or correction of errors
    • H04L49/552Prevention, detection or correction of errors by ensuring the integrity of packets received through redundant connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for automatically verifying network flow mirror integrity, which relate to the technical field of information and comprise a client and a probe; the client consists of a dial-up device, a flow temporary storage device and a flow analyzer; the invention can automatically detect the integrity of the mirror image and detect the credibility of the mirror image path, and has simple structure and easy popularization.

Description

Method and device for automatically verifying network flow mirror integrity
Technical Field
The invention relates to the technical field of information.
Background
With the development of information technology and network technology, the internet has been widely used in various fields of work, study and life of people. While the internet greatly affects the life of people, the internet also brings unprecedented network security problems, especially some sensitive information in the network data transmission process. In the face of the severe situation of network security, how to take effective measures to ensure the safe and healthy development of network information has become a major issue to be solved urgently in each country.
For discovering the security problems in the network transmission process, the existing various schemes research more on how to efficiently and quickly discover the problems, for example, a flow acquisition probe is deployed in an IDC machine room, original flow is mirrored to the probe, and the probe analyzes a flow analysis result; if the flow mirrored to the probe is not complete, data auditing is incomplete, data loss and the like can be caused, a plurality of security problems can be missed, and the network security problems can not be found and solved comprehensively and completely. In present multiple schemes, whether the flow in the flow acquisition probe is complete or not is verified in a manual mode, and the manual verification has relatively high manual error rate due to capacity or other reasons, so that not only the actual desired effect cannot be achieved, but also a large amount of labor cost and time cost are wasted.
The method for automatically verifying whether the flow received by the flow acquisition probe is complete is provided, the step of manually capturing and checking the flow is omitted, the error rate of manual verification is reduced, and the operation cost can be saved for each large enterprise.
Description of the prior art used
The pcap file format is directly supported by most heavyweight data packet capturing and analyzing applications such as tcpdump, wireshark and the like.
Disclosure of Invention
In view of the defects of the prior art, the method and the device for automatically verifying the integrity of the network traffic mirror provided by the invention comprise a client and a probe; the client consists of a dial-up device, a flow temporary storage device and a flow analyzer;
the dial-up detector is responsible for dial-up testing a website of a preset target in a non-mirror network mode, sending all flow packets generated in the dial-up testing process to a flow temporary storage, and counting the number of uplink and downlink bytes and the number of uplink and downlink data packets generated in the dial-up testing process; when the dial testing process starts, the dial testing device sends an instruction for collecting mirror image flow to the probe; when the dial testing process is finished, the dial detector sends an instruction of stopping collecting mirror image flow to the probe;
the probe is responsible for collecting and dialing the website traffic of the booking target in a mirror image network mode, packaging the collected traffic into a pcap file format file, namely a pcap file, and sending the pcap file generated by packaging to the traffic analyzer when the probe receives an instruction of stopping collecting mirror image traffic;
the flow analyzer analyzes the pcap file after receiving the pcap file, compares the flow data in the flow temporary storage, and when the content of the pcap file is consistent with the flow data in the flow temporary storage, the mirror image is complete and the mirror image path is credible; when the content of the pcap file is less than the flow data in the flow temporary storage, the image is incomplete and the image path is not credible.
Advantageous effects
The integrity of the automatic detection mirror image and the credibility of the detection mirror image path are simple in structure and easy to popularize.
Drawings
FIG. 1 is a system block diagram of the present invention.
Detailed Description
Referring to fig. 1, the method and apparatus for automatically verifying the integrity of a network traffic mirror image according to the present invention is composed of a client 1 and a probe 2; the client consists of a dial-up tester 10, a flow temporary storage 11 and a flow analyzer 12;
the dial-up detector 10 is responsible for dial-up testing a website a of a preset target through a non-mirror network mode B, sending all flow packets generated in the dial-up testing process to the flow temporary storage 11, and counting the number of uplink and downlink bytes and the number of uplink and downlink data packets generated in the dial-up testing process; when the dial testing process starts, the dial testing device 10 sends an instruction for collecting mirror image flow to the probe 2; when the dial testing process is finished, the dial detector 10 sends an instruction for stopping collecting the mirror image flow to the probe 2;
the probe 2 is responsible for collecting and dialing the website traffic of the reservation target in a mirror image network mode C, and packaging the collected traffic into a file in a pcap file format, namely a pcap file, and when the probe 2 receives an instruction of stopping collecting mirror image traffic, the probe 2 sends the pcap file generated by packaging to the traffic analyzer 12;
the flow analyzer 12 analyzes the pcap file after receiving the pcap file, and compares the flow data in the flow temporary storage 11, when the content of the pcap file is consistent with the flow data in the flow temporary storage 11, the mirror image is complete, and the mirror image path is credible; when the contents of the pcap file are less than the traffic data in the traffic register 11, it indicates that the image is incomplete and the image path is not trusted.

Claims (1)

1. A device for automatically verifying the integrity of network flow mirror images is characterized by comprising a client and a probe; the client consists of a dial-up device, a flow temporary storage device and a flow analyzer;
the dial-up detector is responsible for dial-up testing a website of a preset target in a non-mirror network mode, sending all flow packets generated in the dial-up testing process to a flow temporary storage, and counting the number of uplink and downlink bytes and the number of uplink and downlink data packets generated in the dial-up testing process; when the dial testing process starts, the dial detector sends a command of collecting mirror image flow to the probe; when the dial testing process is finished, the dial detector sends an instruction of stopping collecting mirror image flow to the probe;
the probe is responsible for collecting and dialing the website traffic of the booking target in a mirror image network mode, packaging the collected traffic into a pcap file format file, namely a pcap file, and sending the pcap file generated by packaging to the traffic analyzer when the probe receives an instruction of stopping collecting mirror image traffic;
the flow analyzer analyzes the pcap file after receiving the pcap file, compares the flow data in the flow temporary storage, and when the content of the pcap file is consistent with the flow data in the flow temporary storage, the mirror image is complete and the mirror image path is credible; when the content of the pcap file is less than the flow data in the flow temporary storage, the image is incomplete and the image path is not credible.
CN202211106579.0A 2022-09-12 2022-09-12 Method and device for automatically verifying network flow mirror integrity Pending CN115484190A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211106579.0A CN115484190A (en) 2022-09-12 2022-09-12 Method and device for automatically verifying network flow mirror integrity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211106579.0A CN115484190A (en) 2022-09-12 2022-09-12 Method and device for automatically verifying network flow mirror integrity

Publications (1)

Publication Number Publication Date
CN115484190A true CN115484190A (en) 2022-12-16

Family

ID=84423966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211106579.0A Pending CN115484190A (en) 2022-09-12 2022-09-12 Method and device for automatically verifying network flow mirror integrity

Country Status (1)

Country Link
CN (1) CN115484190A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320335A (en) * 2014-11-20 2015-01-28 北京美琦华悦通讯科技有限公司 System and method for achieving optimal outlet route selection based on service quality dial testing
CN105530137A (en) * 2014-09-28 2016-04-27 中国银联股份有限公司 Traffic data analysis method and traffic data analysis system
CN111586397A (en) * 2019-02-19 2020-08-25 卓望数码技术(深圳)有限公司 Dial measuring device
US20200403826A1 (en) * 2019-06-21 2020-12-24 Amazon Technologies, Inc. Monitoring network traffic using traffic mirroring
CN115022201A (en) * 2022-06-16 2022-09-06 北京锐安科技有限公司 Data processing function test method, device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530137A (en) * 2014-09-28 2016-04-27 中国银联股份有限公司 Traffic data analysis method and traffic data analysis system
CN104320335A (en) * 2014-11-20 2015-01-28 北京美琦华悦通讯科技有限公司 System and method for achieving optimal outlet route selection based on service quality dial testing
CN111586397A (en) * 2019-02-19 2020-08-25 卓望数码技术(深圳)有限公司 Dial measuring device
US20200403826A1 (en) * 2019-06-21 2020-12-24 Amazon Technologies, Inc. Monitoring network traffic using traffic mirroring
CN115022201A (en) * 2022-06-16 2022-09-06 北京锐安科技有限公司 Data processing function test method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111600781B (en) Firewall system stability testing method based on tester
EP3197100A1 (en) Multi cause correlation in wireless protocols
US9426046B2 (en) Web page download time analysis
US20070280123A1 (en) Monitoring System For A Mobile Communication Network For Traffic Analysis Using A Hierarchial Approach
CN105306246B (en) A kind of method, apparatus and server of the complaint of automatic-answering back device network class
JP2002515152A (en) Method and apparatus for automated network-wide surveillance and security breach intervention
JP2009504027A5 (en)
Mistry et al. Network traffic measurement and analysis
CN112104613B (en) Honey net testing system based on data flow packet analysis and testing method thereof
CN110113325A (en) Network Data Control method, apparatus and storage medium based on third party SDK
CN116527403B (en) Network security control method and system for local area network
CN108241580A (en) The test method and terminal of client-side program
CN111314164A (en) Network flow restoration method and device and computer readable storage medium
CN105743732A (en) Method and system for recording transmission paths and distribution conditions of files in local area network
CN106371993A (en) Testing method and testing device based on data packet
CN115484190A (en) Method and device for automatically verifying network flow mirror integrity
CN108076070B (en) FASP (fast open shortest Path protocol) blocking method, device and analysis system
CN108763008A (en) A kind of server storage hard disk performance batch testing system, server and method
CN106982148B (en) Server downtime monitoring method, device and system
EP3316141A1 (en) Method and system for determining performance of an application installed on mobile stations
CN110401576B (en) Network interaction testing method and device
CN113127885A (en) Permission vulnerability detection method and device
CN111898012A (en) Automatic packet grabbing method for WEB application
JP4983435B2 (en) Packet communication quality measuring apparatus and method
CN105701002A (en) Test based execution path recording method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination