CN115484190A - Method and device for automatically verifying network flow mirror integrity - Google Patents
Method and device for automatically verifying network flow mirror integrity Download PDFInfo
- Publication number
- CN115484190A CN115484190A CN202211106579.0A CN202211106579A CN115484190A CN 115484190 A CN115484190 A CN 115484190A CN 202211106579 A CN202211106579 A CN 202211106579A CN 115484190 A CN115484190 A CN 115484190A
- Authority
- CN
- China
- Prior art keywords
- flow
- dial
- mirror image
- probe
- pcap file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/80—Actions related to the user profile or the type of traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/55—Prevention, detection or correction of errors
- H04L49/552—Prevention, detection or correction of errors by ensuring the integrity of packets received through redundant connections
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for automatically verifying network flow mirror integrity, which relate to the technical field of information and comprise a client and a probe; the client consists of a dial-up device, a flow temporary storage device and a flow analyzer; the invention can automatically detect the integrity of the mirror image and detect the credibility of the mirror image path, and has simple structure and easy popularization.
Description
Technical Field
The invention relates to the technical field of information.
Background
With the development of information technology and network technology, the internet has been widely used in various fields of work, study and life of people. While the internet greatly affects the life of people, the internet also brings unprecedented network security problems, especially some sensitive information in the network data transmission process. In the face of the severe situation of network security, how to take effective measures to ensure the safe and healthy development of network information has become a major issue to be solved urgently in each country.
For discovering the security problems in the network transmission process, the existing various schemes research more on how to efficiently and quickly discover the problems, for example, a flow acquisition probe is deployed in an IDC machine room, original flow is mirrored to the probe, and the probe analyzes a flow analysis result; if the flow mirrored to the probe is not complete, data auditing is incomplete, data loss and the like can be caused, a plurality of security problems can be missed, and the network security problems can not be found and solved comprehensively and completely. In present multiple schemes, whether the flow in the flow acquisition probe is complete or not is verified in a manual mode, and the manual verification has relatively high manual error rate due to capacity or other reasons, so that not only the actual desired effect cannot be achieved, but also a large amount of labor cost and time cost are wasted.
The method for automatically verifying whether the flow received by the flow acquisition probe is complete is provided, the step of manually capturing and checking the flow is omitted, the error rate of manual verification is reduced, and the operation cost can be saved for each large enterprise.
Description of the prior art used
The pcap file format is directly supported by most heavyweight data packet capturing and analyzing applications such as tcpdump, wireshark and the like.
Disclosure of Invention
In view of the defects of the prior art, the method and the device for automatically verifying the integrity of the network traffic mirror provided by the invention comprise a client and a probe; the client consists of a dial-up device, a flow temporary storage device and a flow analyzer;
the dial-up detector is responsible for dial-up testing a website of a preset target in a non-mirror network mode, sending all flow packets generated in the dial-up testing process to a flow temporary storage, and counting the number of uplink and downlink bytes and the number of uplink and downlink data packets generated in the dial-up testing process; when the dial testing process starts, the dial testing device sends an instruction for collecting mirror image flow to the probe; when the dial testing process is finished, the dial detector sends an instruction of stopping collecting mirror image flow to the probe;
the probe is responsible for collecting and dialing the website traffic of the booking target in a mirror image network mode, packaging the collected traffic into a pcap file format file, namely a pcap file, and sending the pcap file generated by packaging to the traffic analyzer when the probe receives an instruction of stopping collecting mirror image traffic;
the flow analyzer analyzes the pcap file after receiving the pcap file, compares the flow data in the flow temporary storage, and when the content of the pcap file is consistent with the flow data in the flow temporary storage, the mirror image is complete and the mirror image path is credible; when the content of the pcap file is less than the flow data in the flow temporary storage, the image is incomplete and the image path is not credible.
Advantageous effects
The integrity of the automatic detection mirror image and the credibility of the detection mirror image path are simple in structure and easy to popularize.
Drawings
FIG. 1 is a system block diagram of the present invention.
Detailed Description
Referring to fig. 1, the method and apparatus for automatically verifying the integrity of a network traffic mirror image according to the present invention is composed of a client 1 and a probe 2; the client consists of a dial-up tester 10, a flow temporary storage 11 and a flow analyzer 12;
the dial-up detector 10 is responsible for dial-up testing a website a of a preset target through a non-mirror network mode B, sending all flow packets generated in the dial-up testing process to the flow temporary storage 11, and counting the number of uplink and downlink bytes and the number of uplink and downlink data packets generated in the dial-up testing process; when the dial testing process starts, the dial testing device 10 sends an instruction for collecting mirror image flow to the probe 2; when the dial testing process is finished, the dial detector 10 sends an instruction for stopping collecting the mirror image flow to the probe 2;
the probe 2 is responsible for collecting and dialing the website traffic of the reservation target in a mirror image network mode C, and packaging the collected traffic into a file in a pcap file format, namely a pcap file, and when the probe 2 receives an instruction of stopping collecting mirror image traffic, the probe 2 sends the pcap file generated by packaging to the traffic analyzer 12;
the flow analyzer 12 analyzes the pcap file after receiving the pcap file, and compares the flow data in the flow temporary storage 11, when the content of the pcap file is consistent with the flow data in the flow temporary storage 11, the mirror image is complete, and the mirror image path is credible; when the contents of the pcap file are less than the traffic data in the traffic register 11, it indicates that the image is incomplete and the image path is not trusted.
Claims (1)
1. A device for automatically verifying the integrity of network flow mirror images is characterized by comprising a client and a probe; the client consists of a dial-up device, a flow temporary storage device and a flow analyzer;
the dial-up detector is responsible for dial-up testing a website of a preset target in a non-mirror network mode, sending all flow packets generated in the dial-up testing process to a flow temporary storage, and counting the number of uplink and downlink bytes and the number of uplink and downlink data packets generated in the dial-up testing process; when the dial testing process starts, the dial detector sends a command of collecting mirror image flow to the probe; when the dial testing process is finished, the dial detector sends an instruction of stopping collecting mirror image flow to the probe;
the probe is responsible for collecting and dialing the website traffic of the booking target in a mirror image network mode, packaging the collected traffic into a pcap file format file, namely a pcap file, and sending the pcap file generated by packaging to the traffic analyzer when the probe receives an instruction of stopping collecting mirror image traffic;
the flow analyzer analyzes the pcap file after receiving the pcap file, compares the flow data in the flow temporary storage, and when the content of the pcap file is consistent with the flow data in the flow temporary storage, the mirror image is complete and the mirror image path is credible; when the content of the pcap file is less than the flow data in the flow temporary storage, the image is incomplete and the image path is not credible.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211106579.0A CN115484190A (en) | 2022-09-12 | 2022-09-12 | Method and device for automatically verifying network flow mirror integrity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211106579.0A CN115484190A (en) | 2022-09-12 | 2022-09-12 | Method and device for automatically verifying network flow mirror integrity |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115484190A true CN115484190A (en) | 2022-12-16 |
Family
ID=84423966
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211106579.0A Pending CN115484190A (en) | 2022-09-12 | 2022-09-12 | Method and device for automatically verifying network flow mirror integrity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115484190A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320335A (en) * | 2014-11-20 | 2015-01-28 | 北京美琦华悦通讯科技有限公司 | System and method for achieving optimal outlet route selection based on service quality dial testing |
CN105530137A (en) * | 2014-09-28 | 2016-04-27 | 中国银联股份有限公司 | Traffic data analysis method and traffic data analysis system |
CN111586397A (en) * | 2019-02-19 | 2020-08-25 | 卓望数码技术(深圳)有限公司 | Dial measuring device |
US20200403826A1 (en) * | 2019-06-21 | 2020-12-24 | Amazon Technologies, Inc. | Monitoring network traffic using traffic mirroring |
CN115022201A (en) * | 2022-06-16 | 2022-09-06 | 北京锐安科技有限公司 | Data processing function test method, device, equipment and storage medium |
-
2022
- 2022-09-12 CN CN202211106579.0A patent/CN115484190A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105530137A (en) * | 2014-09-28 | 2016-04-27 | 中国银联股份有限公司 | Traffic data analysis method and traffic data analysis system |
CN104320335A (en) * | 2014-11-20 | 2015-01-28 | 北京美琦华悦通讯科技有限公司 | System and method for achieving optimal outlet route selection based on service quality dial testing |
CN111586397A (en) * | 2019-02-19 | 2020-08-25 | 卓望数码技术(深圳)有限公司 | Dial measuring device |
US20200403826A1 (en) * | 2019-06-21 | 2020-12-24 | Amazon Technologies, Inc. | Monitoring network traffic using traffic mirroring |
CN115022201A (en) * | 2022-06-16 | 2022-09-06 | 北京锐安科技有限公司 | Data processing function test method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111600781B (en) | Firewall system stability testing method based on tester | |
EP3197100A1 (en) | Multi cause correlation in wireless protocols | |
US9426046B2 (en) | Web page download time analysis | |
US20070280123A1 (en) | Monitoring System For A Mobile Communication Network For Traffic Analysis Using A Hierarchial Approach | |
CN105306246B (en) | A kind of method, apparatus and server of the complaint of automatic-answering back device network class | |
JP2002515152A (en) | Method and apparatus for automated network-wide surveillance and security breach intervention | |
JP2009504027A5 (en) | ||
Mistry et al. | Network traffic measurement and analysis | |
CN112104613B (en) | Honey net testing system based on data flow packet analysis and testing method thereof | |
CN110113325A (en) | Network Data Control method, apparatus and storage medium based on third party SDK | |
CN116527403B (en) | Network security control method and system for local area network | |
CN108241580A (en) | The test method and terminal of client-side program | |
CN111314164A (en) | Network flow restoration method and device and computer readable storage medium | |
CN105743732A (en) | Method and system for recording transmission paths and distribution conditions of files in local area network | |
CN106371993A (en) | Testing method and testing device based on data packet | |
CN115484190A (en) | Method and device for automatically verifying network flow mirror integrity | |
CN108076070B (en) | FASP (fast open shortest Path protocol) blocking method, device and analysis system | |
CN108763008A (en) | A kind of server storage hard disk performance batch testing system, server and method | |
CN106982148B (en) | Server downtime monitoring method, device and system | |
EP3316141A1 (en) | Method and system for determining performance of an application installed on mobile stations | |
CN110401576B (en) | Network interaction testing method and device | |
CN113127885A (en) | Permission vulnerability detection method and device | |
CN111898012A (en) | Automatic packet grabbing method for WEB application | |
JP4983435B2 (en) | Packet communication quality measuring apparatus and method | |
CN105701002A (en) | Test based execution path recording method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |