TWI416910B - Network device and identification method of point-to-point connection - Google Patents

Network device and identification method of point-to-point connection Download PDF

Info

Publication number
TWI416910B
TWI416910B TW99141303A TW99141303A TWI416910B TW I416910 B TWI416910 B TW I416910B TW 99141303 A TW99141303 A TW 99141303A TW 99141303 A TW99141303 A TW 99141303A TW I416910 B TWI416910 B TW I416910B
Authority
TW
Taiwan
Prior art keywords
connection
point
internet protocol
protocol address
source internet
Prior art date
Application number
TW99141303A
Other languages
Chinese (zh)
Other versions
TW201223202A (en
Inventor
Jin Jiang
Chi Han Huang
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW99141303A priority Critical patent/TWI416910B/en
Publication of TW201223202A publication Critical patent/TW201223202A/en
Application granted granted Critical
Publication of TWI416910B publication Critical patent/TWI416910B/en

Links

Abstract

A network device records all connections of each customer premise equipment (CPE), counts a total connection number of each CPE as a first number, counts connections with different destination ports of each CPE as a second number, and computes a ratio of the second number to the first number. The network device determines whether the ratio is more than a predetermined ratio, determines whether a connection protocol of a connection of each CPE is a transmission control protocol (TCP) if the ratio is more than the predetermined ratio, determines whether a destination port number of the connection is more than a predetermined port number if the connection protocol of the connection is the TCP, and determines whether an average packet size is more than a predetermined size if the destination port number of the connection is more than the predetermined port number. The network device determines the connection with the average packet size more than the predetermined size is a point-to-point connection. An identification method of point-to-point connection is also provided.

Description

網路裝置及其識別點對點連接的方法 Network device and method for identifying point-to-point connection

本發明涉及網路裝置,尤其涉及一種網路裝置識別點對點連接的方法。 The present invention relates to network devices, and more particularly to a method for a network device to identify a point-to-point connection.

點對點傳輸技術是一種新興的資料傳輸技術,主要是藉由訪問分佈在互聯網各處的電腦來獲取資料。隨著這一傳輸技術的發展,越來越多的用戶使用點對點軟體來進行資料傳輸。在實際運行中,用戶往往藉由點對點軟體下載海量的資料,這一資料量比用戶常用的訪問網頁所需傳輸的資料量大很多倍。因此,若不進行控制,點對點軟體往往會佔用幾乎所有的帶寬,使得用戶在開啟點對點軟體的同時不能正常的訪問網頁。因此,若要保證用戶正常訪問網頁,就需要對點對點傳輸提供流量控制等品質服務,來有效解決這一問題。 Point-to-point transmission technology is an emerging data transmission technology that mainly acquires data by accessing computers distributed throughout the Internet. With the development of this transmission technology, more and more users use point-to-point software for data transmission. In actual operation, users often download massive amounts of data through peer-to-peer software, which is many times larger than the amount of data that users often need to access to access web pages. Therefore, if not controlled, the peer-to-peer software will occupy almost all the bandwidth, so that the user can not access the webpage normally while turning on the peer-to-peer software. Therefore, in order to ensure that users access the webpage normally, it is necessary to provide quality control services such as flow control for point-to-point transmission to effectively solve this problem.

有鑒於此,需提供一種網路裝置,用於識別點對點連接,以便實現點對點傳輸的品質服務。 In view of this, it is desirable to provide a network device for identifying a point-to-point connection in order to achieve quality service for point-to-point transmission.

另外,需提供一種識別點對點連接的方法,以便實現點對點傳輸的品質服務。 In addition, there is a need to provide a method of identifying point-to-point connections in order to achieve quality services for point-to-point transmission.

本發明實施方式所提供的網路裝置,用於將複數用戶終端設備連接至網際網路。網路裝置包括連接記錄模組、連接分析模組、機率計算模組、協定判斷模組、埠判斷模組及封包大小判斷模組。連接記錄模組用於記錄來自每個用戶終端設備的所有連接及每個連接的源網際網路協定位址、源埠號、目的網際網路協定位址、目的埠號、協定類型、經過的封包的總個數及總位元組數。連接分析模組用於每隔一時間段統計同一源網際網路協定位址的連接的總個數及不同目的埠號的連接的個數。機率計算模組用於計算同一源網際網路協定位址的不同目的埠號的連接的個數與該連接的總個數的比值,並判斷計算出的該比值是否大於預設機率,且在該比值大於該預設機率時判定該源網際網路協定位址的連接中存在點對點連接。協定判斷模組用於在該源網際網路協定位址的連接中存在點對點連接時,判斷該源網際網路協定位址的連接的協定類型是否為傳輸控制協定。埠判斷模組用於在該源網際網路協定位址的連接的協定類型為該傳輸控制協定時,判斷該源網際網路協定位址的連接的目的埠號是否大於預設埠號。封包大小判斷模組用於判斷該源網際網路協定位址的連接的目的埠號大於該預設埠號的連接所傳送的封包的平均大小是否大於預設大小值,並在大於該預設大小值時判定該源網際網路協定位址的連接皆屬於該點對點連接,其中,該封包的平均大小等於在該源網際網路協定位址的所有連接中所傳送的封包的總位元組數除以封包的總個數。 The network device provided by the embodiment of the present invention is used for connecting a plurality of user terminal devices to the Internet. The network device includes a connection recording module, a connection analysis module, a probability calculation module, an agreement determination module, a determination module, and a packet size determination module. The connection record module is used to record all the connections from each user terminal device and the source Internet Protocol address, source nickname, destination internet protocol address, destination nickname, agreement type, and elapsed The total number of packets and the total number of bytes. The connection analysis module is configured to count the total number of connections of the same source Internet Protocol address and the number of connections of different destination nicknames at intervals. The probability calculation module is configured to calculate a ratio of the number of connections of different destination nicknames of the same source Internet Protocol address to the total number of the connections, and determine whether the calculated ratio is greater than a preset probability, and When the ratio is greater than the preset probability, there is a point-to-point connection in the connection determining the source internet protocol address. The agreement judging module is configured to determine whether the protocol type of the connection of the source internet protocol address is a transmission control agreement when there is a point-to-point connection in the connection of the source internet protocol address. The judging module is configured to determine whether the destination nickname of the connection of the source internet protocol address is greater than a preset nickname when the protocol type of the connection of the source internet protocol address is the transmission control protocol. The packet size judging module is configured to determine whether the destination nickname of the connection of the source internet protocol address is greater than the average size of the packet transmitted by the connection of the preset nickname, and is greater than the preset size. The size value determines that the connection of the source internet protocol address belongs to the point-to-point connection, wherein the average size of the packet is equal to the total byte of the packet transmitted in all connections of the source internet protocol address. The number is divided by the total number of packets.

優選的,該機率計算模組在該比值小於該預設機率時判定該源網 際網路協定位址的連接中不存在該點對點連接。 Preferably, the probability calculation module determines the source network when the ratio is less than the preset probability. The point-to-point connection does not exist in the connection of the Internet Protocol address.

優選的,該協定判斷模組判定該源網際網路協定位址的協定類型不是該傳輸控制協定的連接皆不屬於該點對點連接。 Preferably, the agreement determining module determines that the protocol type of the source internet protocol address is not the connection of the transmission control protocol belongs to the point-to-point connection.

優選的,該埠判斷模組判定該源網際網路協定位址的連接的目的埠號小於該預設埠號的連接皆不屬於該點對點連接。 Preferably, the 埠 determining module determines that the connection nickname of the connection of the source internet protocol address is less than the connection of the preset nickname does not belong to the point-to-point connection.

優選的,該封包大小判斷模組判定該源網際網路協定位址的連接所傳送的封包的平均大小小於該預設大小值的連接皆不屬於該點對點連接。 Preferably, the packet size determining module determines that the average size of the packets transmitted by the connection of the source Internet Protocol address is less than the connection of the preset size value does not belong to the point-to-point connection.

優選的,該預設機率優選為5.5%。 Preferably, the preset probability is preferably 5.5%.

優選的,該預設埠號優選為1024。 Preferably, the preset apostrophe is preferably 1024.

優選的,該預設大小值優選為1200位元組。 Preferably, the preset size value is preferably 1200 bytes.

本發明實施方式所提供的識別點對點連接的方法,用於將複數用戶終端設備連接至網際網路。該識別點對點連接的方法包括:記錄來自每個用戶終端設備的所有連接及每個連接的源網際網路協定位址、源埠號、目的網際網路協定位址、目的埠號、協定類型、經過的封包的總個數及總位元組數;每隔一時間段統計同一源網際網路協定位址的連接的總個數及不同目的埠號的連接的個數;計算同一源網際網路協定位址的不同目的埠號的連接的個數與該連接的總個數的比值;判斷計算出的該比值是否大於預設機率;若該比值大於該預設機率,則判定該源網際網路協定位址的連接中存在該點對點連接;判斷該源網際網路協定位址的連接的協 定類型是否為傳輸控制協定;若該源網際網路協定位址的連接的協定類型為該傳輸控制協定,則判斷該源網際網路協定位址的連接的目的埠號是否大於預設埠號;若該源網際網路協定位址的連接的目的埠號大於該預設埠號,則判斷該源網際網路協定位址的目的埠號大於該預設埠號的連接所傳送的封包的平均大小是否大於預設大小值,其中,該封包的平均大小等於在該源網際網路協定位址的所有連接中所傳送的封包的總位元組數除以封包的總個數;及若大於該預設大小值,則判定該源網際網路協定位址的連接皆屬於該點對點連接。 A method for identifying a point-to-point connection provided by an embodiment of the present invention is used to connect a plurality of user terminal devices to the Internet. The method for identifying a point-to-point connection includes: recording all connections from each user terminal device and source network protocol addresses, source nicknames, destination internet protocol addresses, destination nicknames, protocol types, The total number of packets passed and the total number of bytes; the total number of connections of the same source Internet Protocol address and the number of connections of different destinations are counted at intervals; the same source network is calculated. The ratio of the number of connections of the different destination nicknames of the road agreement address to the total number of the connections; determining whether the calculated ratio is greater than a preset probability; if the ratio is greater than the preset probability, determining the source network The point-to-point connection exists in the connection of the network protocol address; the association that determines the connection of the source internet protocol address Whether the type is a transmission control protocol; if the protocol type of the connection of the source internet protocol address is the transmission control agreement, it is determined whether the destination nickname of the connection of the source internet protocol address is greater than a preset nickname If the destination nickname of the connection of the source internet protocol address is greater than the preset nickname, determining that the destination nickname of the source internet protocol address is greater than the packet transmitted by the connection of the preset nickname Whether the average size is greater than a preset size, wherein the average size of the packet is equal to the total number of bytes of the packet transmitted in all connections of the source Internet Protocol address divided by the total number of packets; If the value is greater than the preset size, it is determined that the connection of the source Internet Protocol address belongs to the point-to-point connection.

優選的,該識別點對點連接的方法還包括在該比值小於該預設機率時,判定在該源網際網路協定位址的連接中不存在該點對點連接。 Preferably, the method for identifying a point-to-point connection further comprises determining that the point-to-point connection does not exist in the connection of the source internet protocol address when the ratio is less than the preset probability.

優選的,該識別點對點連接的方法還包括若該源網際網路協定位址的連接的協定類型不是該傳輸控制協定,則判定該源網際網路協定位址的連接皆不屬於該點對點連接。 Preferably, the method for identifying a point-to-point connection further comprises determining that the connection of the source internet protocol address does not belong to the point-to-point connection if the protocol type of the connection of the source internet protocol address is not the transmission control agreement.

優選的,該識別點對點連接的方法還包括若該源網際網路協定位址的連接的目的埠號小於該預設埠號,則判定該源網際網路協定位址的連接皆不屬於該點對點連接。 Preferably, the method for identifying a point-to-point connection further comprises: if the destination nickname of the connection of the source internet protocol address is smaller than the preset nickname, determining that the connection of the source internet protocol address does not belong to the point-to-point connection.

優選的,該識別點對點連接的方法還包括若該源網際網路協定位址的目的埠號小於該預設埠號的連接所傳送的封包的平均大小小於該預設大小值,則判定該源網際網路協定位址的連接皆不屬於該點對點連接。 Preferably, the method for identifying the point-to-point connection further comprises determining the source if the average size of the packet transmitted by the connection of the source Internet Protocol address that is smaller than the connection of the preset nickname is less than the preset size value. The connection to the Internet Protocol address does not belong to the point-to-point connection.

優選的,該預設機率優選為5.5%。 Preferably, the preset probability is preferably 5.5%.

優選的,該預設埠號優選為1024。 Preferably, the preset apostrophe is preferably 1024.

優選的,該預設大小值優選為1200位元組。 Preferably, the preset size value is preferably 1200 bytes.

藉由以下對具體實施方式詳細的描述結合附圖,將可輕易的瞭解上述內容及此項發明之諸多優點。 The above and many advantages of the invention will be readily apparent from the following detailed description of the preferred embodiments.

10‧‧‧網路裝置 10‧‧‧Network devices

201、203、205‧‧‧用戶終端設備 201, 203, 205‧‧‧ User terminal equipment

30‧‧‧網際網路 30‧‧‧Internet

12‧‧‧處理器 12‧‧‧ Processor

14‧‧‧存儲媒介 14‧‧‧ Storage media

100‧‧‧連接記錄模組 100‧‧‧Connection Recording Module

102‧‧‧連接分析模組 102‧‧‧Connection Analysis Module

104‧‧‧機率計算模組 104‧‧‧ probability calculation module

106‧‧‧協定判斷模組 106‧‧‧Agreement judgment module

108‧‧‧埠判斷模組 108‧‧‧埠Judgement module

110‧‧‧封包大小判斷模組 110‧‧‧Package size judgment module

圖1為本發明一實施方式中網路裝置的應用環境及結構圖。 FIG. 1 is an application environment and a structural diagram of a network device according to an embodiment of the present invention.

圖2為圖1中網路裝置所需的預設機率的一次試驗結果的示意圖。 2 is a schematic diagram showing the results of one test of the preset probability required by the network device of FIG. 1.

圖3為本發明識別點對點連接的方法一實施方式的流程圖。 3 is a flow chart of an embodiment of a method for identifying a point-to-point connection according to the present invention.

請參閱圖1,所示為本發明一實施方式中網路裝置10的實施環境與結構示意圖。網路裝置10用於將局域網內的複數用戶終端設備201、203、205等接入網際網路30。在本實施方式中,網路裝置10可為路由器、閘道、數據機等,用戶終端設備201、203及205可為個人電腦等。 Please refer to FIG. 1 , which is a schematic diagram showing an implementation environment and structure of a network device 10 according to an embodiment of the present invention. The network device 10 is configured to access the plurality of user terminal devices 201, 203, 205, etc. in the local area network to the Internet 30. In the present embodiment, the network device 10 may be a router, a gateway, a data machine, or the like, and the user terminal devices 201, 203, and 205 may be a personal computer or the like.

在本實施方式中,網路裝置10包括處理器12、存儲媒介14、連接記錄模組100、連接分析模組102、機率計算模組104、協定判斷模組106、埠判斷模組108及封包大小判斷模組110。其中,連接記錄模組100、連接分析模組102、機率計算模組104、協定判斷模組106、埠判斷模組108及封包大小判斷模組110為存儲於存儲媒介14中的可執行程式,處理器12執行這些可執行程式,以實現其各自功能。 In this embodiment, the network device 10 includes a processor 12, a storage medium 14, a connection recording module 100, a connection analysis module 102, a probability calculation module 104, an agreement determination module 106, a UI determination module 108, and a packet. The size judging module 110. The connection record module 100, the connection analysis module 102, the probability calculation module 104, the agreement determination module 106, the UI determination module 108, and the packet size determination module 110 are executable programs stored in the storage medium 14, Processor 12 executes these executable programs to implement their respective functions.

連接記錄模組100記錄來自每一用戶終端設備(201、203及205)的所有連接及每一連接的參數,其中每一連接的參數包括源網際網路協定位址、源埠號、目的網際網路協定位址、目的埠號、協定類型、經過的封包的總個數及總位元組數。用戶終端設備201、203及205上安裝有點對點(Point to Point,P2P)應用程式,可藉由點對點傳輸技術訪問網際網路30中的資料。同時,用戶終端設備201、203及205上還具有其他各種網路應用程式,如網頁流覽器、遊戲用戶端等。無論用戶終端設備201、203及205藉由點對點應用程式還是其他應用程式訪問網際網路30,連接記錄模組100都會記錄下經過的連接。 The connection record module 100 records all connections and parameters of each connection from each user terminal device (201, 203, and 205), wherein each connection parameter includes a source internet protocol address, a source nickname, and a destination network. Network protocol address, destination nickname, protocol type, total number of packets passed, and total number of bytes. Point-to-point (P2P) applications are installed on the user terminal devices 201, 203, and 205, and the data in the Internet 30 can be accessed by the point-to-point transmission technology. At the same time, the user terminal devices 201, 203, and 205 also have various other web applications, such as a web page browser, a game client, and the like. Whether the user terminal devices 201, 203, and 205 access the Internet 30 by a peer-to-peer application or other applications, the connection recording module 100 records the elapsed connections.

由於每一用戶終端設備在訪問網際網路30時,一般會發起複數連接,但由同一台用戶終端設備發出的所有連接的源網際網路協定位址都是相同的。因此,針對同一個源網際網路協定位址,連接記錄模組100必然記錄有複數連接。這些連接中可能存在點對點連接,也可能不存在點對點連接。 Since each user terminal device generally initiates multiple connections when accessing the Internet 30, the source Internet Protocol addresses of all connections sent by the same user terminal device are the same. Therefore, for the same source Internet Protocol address, the connection record module 100 must record a plurality of connections. There may be point-to-point connections in these connections, or there may be no point-to-point connections.

連接分析模組102每隔一時間段統計同一源網際網路協定位址的連接的總個數及不同目的埠號的連接的個數。在本實施方式中,同一台用戶終端設備發出的所有連接中,有些連接的目的埠號相同,而有些連接的目的埠號不同,因此,一時間段內的目的埠號相同的連接一定比總的連接少。 The connection analysis module 102 counts the total number of connections of the same source Internet Protocol address and the number of connections of different destination nicks every other time period. In this embodiment, among all the connections sent by the same user terminal device, some of the connections have the same destination nickname, and some of the connections have different destination nicknames. Therefore, the connection with the same destination nickname in a period of time must be greater than the total. Less connections.

機率計算模組104計算同一源網際網路協定位址的不同目的埠號的連接的個數與連接的總個數的比值,並判斷計算出的比值是否大於預設機率。在本實施方式中,由於點對點傳輸技術的基礎是 用戶終端設備201、203及205藉由網路裝置10從散佈於網際網路30內各處的其他用戶終端設備獲取資料,而普通的網頁訪問等服務一般是針對網際網路30內特定的伺服器進行存取,所以點對點技術的連接所針對的目的埠必然比普通的網頁訪問多很多,也就是說機率計算模組104分別針對這兩者計算出的比例差別較大。所以,可以藉由判斷比值是否大於預設機率來判別一源網際網路協定位址的連接中是否存在點對點連接。 The probability calculation module 104 calculates the ratio of the number of connections of different destination nicknames of the same source Internet Protocol address to the total number of connections, and determines whether the calculated ratio is greater than the preset probability. In this embodiment, the basis of the point-to-point transmission technique is The user terminal devices 201, 203, and 205 acquire data from other user terminal devices dispersed throughout the Internet 30 by the network device 10, and the general web page access and the like are generally directed to specific servos within the Internet 30. The device accesses, so the purpose of the connection of the peer-to-peer technology is inevitably much more than the ordinary web page access, that is to say, the ratio calculated by the probability calculation module 104 for the two is relatively large. Therefore, it can be determined whether there is a point-to-point connection in the connection of a source internet protocol address by determining whether the ratio is greater than a preset probability.

在本實施方式中,預設機率是藉由實驗所得出的經驗值。藉由多次試驗,可以得出同一用戶終端設備(201、203或205)上安裝的點對點軟體的目的埠號相同的連接數在總連接數中所占的比例一般都在6%以上,而普通的網頁訪問一般都在2%以下。在本實施方式中,預設機率可設置於2%與6%之間,優選值為5.5%。圖2示出了其中一次試驗的結果。在該次試驗中,採用了常用的點對點軟體BT,EMULE,FOXY,其目的埠號相同的連接數在總連接數中所占的比例分別為21.68%、6.25%、6.72%,而一般使用者的目的埠號相同的連接數在總連接數中所占的比例則僅為1.18%。 In the present embodiment, the preset probability is an empirical value obtained by an experiment. Through multiple experiments, it can be concluded that the number of connections with the same nickname for the peer-to-peer software installed on the same user terminal device (201, 203, or 205) is generally more than 6% in the total number of connections. Ordinary web access is generally below 2%. In this embodiment, the preset probability may be set between 2% and 6%, preferably 5.5%. Figure 2 shows the results of one of the tests. In this test, the commonly used point-to-point software BT, EMULE, FOXY, the number of connections with the same destination number in the total number of connections was 21.68%, 6.25%, 6.72%, and the average user. The number of connections with the same nickname is only 1.18% of the total number of connections.

因此,機率計算模組104在計算出的比值大於預設機率時,判定該源網際網路協定位址的連接中存在點對點連接,在比值小於預設機率時判定該源網際網路協定位址的連接皆不屬於點對點連接。藉由對每個源網際網路協定位址所對應的所有連接進行判斷,就可以得出所有的源網際網路協定位址的連接中是否存在點對點連接。只有存在點對點連接,才需要進一步判斷哪些是點對點連接,對於不存在點對點連接的源網際網路協定位址,就不需要進 行後續的判斷。 Therefore, when the calculated ratio is greater than the preset probability, the probability calculation module 104 determines that there is a point-to-point connection in the connection of the source Internet Protocol address, and determines the source Internet Protocol address when the ratio is less than the preset probability. The connections are not part of a point-to-point connection. By judging all the connections corresponding to each source Internet Protocol address, it can be concluded that there is a point-to-point connection in the connection of all source Internet Protocol addresses. Only if there is a point-to-point connection, you need to further determine which ones are point-to-point connections. For source Internet Protocol addresses that do not have a point-to-point connection, you do not need to Follow-up judgments.

協定判斷模組106在一源網際網路協定位址的連接中存在點對點連接時,判斷該源網際網路協定位址的連接的協定類型是否為傳輸控制協定(Transmission Control Protocol,TCP)。因為點對點傳輸採用的一般是TCP協定,而不是UDP或其他協定,所以,協定判斷模組106判定該源網際網路協定位址的協定類型不是TCP協定的連接皆不屬於點對點連接,這樣,不屬於點對點的連接就不需要進行後續的進一步判斷了。 When the agreement judging module 106 has a point-to-point connection in the connection of the source internet protocol address, it is determined whether the protocol type of the connection of the source internet protocol address is a Transmission Control Protocol (TCP). Because the point-to-point transmission is generally a TCP protocol, not a UDP or other protocol, the agreement determination module 106 determines that the protocol type of the source Internet Protocol address is not a TCP connection, and does not belong to a point-to-point connection. A point-to-point connection does not require further further evaluation.

埠判斷模組108判斷該源網際網路協定位址的協定類型為TCP協定的連接的目的埠號是否大於預設埠號。在眾多的網路協定中,有很多埠號都被規定用來做特殊的應用,這類常見的埠號一般都小於1024,而點對點應用不會使用這類常見的埠。所以,在本實施方式中,將預設埠號設為1024,然後判斷目的埠號是否大於預設埠號,就可以過濾掉目的埠號小於該預設埠號的連接,也就是說,埠判斷模組108判定該源網際網路協定位址的目的埠號小於預設埠號的連接皆不屬於點對點連接,這樣,不屬於點對點的連接就不需要進行後續的進一步判斷了。 The determining module 108 determines whether the destination type of the connection of the source Internet Protocol address is a TCP protocol whose destination nickname is greater than a preset nickname. Among the many network protocols, many nicknames are specified for special applications. These common nicknames are generally less than 1024, and peer-to-peer applications do not use such common flaws. Therefore, in the embodiment, the preset apostrophe is set to 1024, and then it is determined whether the destination nickname is greater than the preset nickname, and the connection whose destination nickname is less than the preset nickname can be filtered out, that is, 埠The judging module 108 determines that the connection of the source internet protocol address whose destination nickname is smaller than the preset nickname does not belong to the point-to-point connection, so that the connection that does not belong to the point-to-point connection does not need to be further evaluated.

封包大小判斷模組110判斷該源網際網路協定位址的目的埠號大於預設埠號的連接所傳送的封包的平均大小是否大於預設大小值。在本實施方式中,一個連接所經過封包的平均大小等於該連接經過的封包總位元組數除以封包總個數。由於點對點封包一般都比普通網頁訪問等應用所使用的封包要大很多,因此可以藉由比對一個連接所經過封包的平均大小來判定該連接是否為點對點連 接。在本實施方式中,預設大小值是經過多次試驗得出的經驗值,優選為1200位元組(Byte)。 The packet size judging module 110 determines whether the destination nickname of the source internet protocol address is greater than the average size of the packet transmitted by the connection of the preset nickname. In this embodiment, the average size of a packet that is connected by one connection is equal to the total number of packets of the packet that the connection passes through divided by the total number of packets. Since point-to-point packets are generally much larger than those used by applications such as ordinary web pages, it is possible to determine whether the connection is a point-to-point connection by comparing the average size of packets that have passed through a connection. Pick up. In the present embodiment, the preset size value is an empirical value obtained after a plurality of tests, preferably 1200 Bytes.

封包大小判斷模組110判定該源網際網路協定位址的所傳送的封包的平均大小大於預設大小值的連接皆屬於點對點連接,判定該源網際網路協定位址的所傳送的封包的平均大小小於預設大小值的連接皆不屬於點對點連接。 The packet size determining module 110 determines that the average size of the transmitted packets of the source Internet Protocol address is greater than the preset size, and the connections are all point-to-point connections, and the transmitted packets of the source Internet Protocol address are determined. Connections whose average size is less than the preset size value are not part of a point-to-point connection.

藉由連接分析模組102與機率計算模組104,網路裝置10可以很快分辨出哪一台用戶終端設備30正在使用點對點應用,哪一台用戶終端設備30沒有使用點對點應用,可以很快分離出沒有使用點對點應用的用戶終端設備30,避免了對來自每一用戶終端設備30的每一個連接都進行判定,從而有效提升識別效率。 By connecting the analysis module 102 and the probability calculation module 104, the network device 10 can quickly distinguish which user terminal device 30 is using a peer-to-peer application, and which user terminal device 30 does not use a peer-to-peer application, which can be quickly Separating the user terminal devices 30 that do not use the peer-to-peer application avoids judging each connection from each user terminal device 30, thereby effectively improving the recognition efficiency.

然後,藉由協定判斷模組106、埠判斷模組108及封包大小判斷模組110的多次判斷,就可以過濾出絕大部分的點對點連接,從而可以更加有效的針對這些點對點連接提供品質服務。比如,若使用LINUX系統,就可以將這些過濾出來的點對點連接加入IPTABLES,根據用戶需求對點對點連接進行流量控制等管理。 Then, by means of the multiple judgments of the agreement judging module 106, the judging module 108 and the packet size judging module 110, most of the point-to-point connections can be filtered, so that the quality service can be more effectively provided for these point-to-point connections. . For example, if you use the LINUX system, you can add these filtered point-to-point connections to IPTABLES, and manage the traffic control of point-to-point connections according to user requirements.

請參閱圖3,所示為本發明一實施方式中識別點對點連接的方法的流程圖。在本實施方式中,該方法藉由圖1所示的各個模組來實現。 Referring to FIG. 3, a flow chart of a method for identifying a point-to-point connection according to an embodiment of the present invention is shown. In the present embodiment, the method is implemented by each module shown in FIG.

在步驟S300中,連接記錄模組100記錄來自每個用戶終端設備(201、203及205)的所有連接及每個連接的參數,其中每個連接的參數包括源網際網路協定位址、源埠號、目的網際網路協定位 址、目的埠號、協定類型、經過的封包的總個數及總位元組數。 In step S300, the connection record module 100 records all connections and parameters of each connection from each user terminal device (201, 203, and 205), wherein each connection parameter includes a source internet protocol address, a source. Nickname, destination internet protocol bit Address, destination nickname, type of agreement, total number of packets passed, and total number of bytes.

在步驟S302中,連接分析模組102每隔一時間段統計同一源網際網路協定位址的連接的總個數及不同目的埠號的連接的個數。 In step S302, the connection analysis module 102 counts the total number of connections of the same source Internet Protocol address and the number of connections of different destination nicknames every other time period.

在步驟S304中,機率計算模組104計算同一源網際網路協定位址的不同目的埠號的連接的個數與連接的總個數的比值,並在步驟S306中判斷計算出的比值是否大於預設機率。若一源網際網路協定位址對應的比值大於預設機率,機率計算模組104則判定該源網際網路協定位址的連接中存在點對點連接。 In step S304, the probability calculation module 104 calculates the ratio of the number of connections of different destination nicknames of the same source Internet Protocol address to the total number of connections, and determines whether the calculated ratio is greater than or greater than Preset probability. If the ratio of the source network protocol address is greater than the preset probability, the probability calculation module 104 determines that there is a point-to-point connection in the connection of the source internet protocol address.

若一源網際網路協定位址對應的比值小於預設機率,則在步驟S308中,機率計算模組104判定該源網際網路協定位址的連接中不存在點對點連接,也就是說,針對該源網際網路協定位址的所有連接,將不需要進行後續的判斷,即可確定其不是點對點連接。對於存在點對點連接的源網際網路協定位址,還需要後續的判斷步驟作進一步的判斷。 If the ratio of the source network protocol address is less than the preset probability, then in step S308, the probability calculation module 104 determines that there is no point-to-point connection in the connection of the source internet protocol address, that is, All connections to the source Internet Protocol address will not require subsequent judgment to determine that it is not a point-to-point connection. For source Internet Protocol addresses with point-to-point connections, subsequent judgment steps are required for further judgment.

在本實施方式中,預設機率是藉由實驗所得出的經驗值。藉由多次試驗,可以得出同一用戶終端設備(201、203或205)上安裝的點對點軟體的目的埠號相同的連接數在總連接數中所占的比例一般都在6%以上,而普通的網頁訪問一般都在2%以下。在本實施方式中,預設機率可設置於2%與6%之間,優選值為5.5%。 In the present embodiment, the preset probability is an empirical value obtained by an experiment. Through multiple experiments, it can be concluded that the number of connections with the same nickname for the peer-to-peer software installed on the same user terminal device (201, 203, or 205) is generally more than 6% in the total number of connections. Ordinary web access is generally below 2%. In this embodiment, the preset probability may be set between 2% and 6%, preferably 5.5%.

若機率計算模組104判定該源網際網路協定位址的連接中存在點對點連接,則在步驟S310中,協定判斷模組106判斷該源網際網路協定位址的連接的協定類型是否為TCP協定。若該源網際網路 協定位址的一個連接的協定類型不是TCP協定,則在步驟S318中,協定判斷模組106判定該連接不屬於點對點連接。 If the probability calculation module 104 determines that there is a point-to-point connection in the connection of the source Internet Protocol address, then in step S310, the agreement determination module 106 determines whether the protocol type of the connection of the source Internet Protocol address is TCP. agreement. If the source internet If the type of a connection of the protocol address is not a TCP protocol, then in step S318, the agreement determination module 106 determines that the connection does not belong to the point-to-point connection.

如果該連接的協定類型是TCP協定,則在步驟S312中,埠判斷模組108判斷該連接的目的埠號是否大於預設埠號。由於小於1024的埠號已被一些現有協定規定了特殊的應用,而點對點應用不會使用這些埠號,因此在本實施方式中,將預設埠號設為1024,就可以過濾掉一些不屬於點對點應用的連接。若該連接的目的埠號小於預設埠號,則在步驟S318中,埠判斷模組108判定該連接不屬於點對點連接。 If the protocol type of the connection is a TCP protocol, then in step S312, the UI determination module 108 determines whether the destination nickname of the connection is greater than a preset nickname. Since the nickname less than 1024 has been specified by some existing protocols, and the peer-to-peer application does not use these apostrophes, in this embodiment, the preset apostrophe is set to 1024, and some non-belonging can be filtered. A connection to a peer-to-peer application. If the destination nickname of the connection is less than the preset nickname, then in step S318, the 埠 determination module 108 determines that the connection does not belong to the point-to-point connection.

若該連接的目的埠號大於預設埠號,則在步驟S314中,封包大小判斷模組110判斷該連接所傳送的封包的平均大小是否大於預設大小值。在本實施方式中,一個連接所經過封包的平均大小等於該連接經過的封包總位元組數除以封包總個數。在本實施方式中,預設大小值是經過多次試驗得出的經驗值,優選為1200位元組(Byte)。 If the destination nickname of the connection is greater than the preset nickname, then in step S314, the packet size determination module 110 determines whether the average size of the packet transmitted by the connection is greater than a preset size value. In this embodiment, the average size of a packet that is connected by one connection is equal to the total number of packets of the packet that the connection passes through divided by the total number of packets. In the present embodiment, the preset size value is an empirical value obtained after a plurality of tests, preferably 1200 Bytes.

若該連接所傳送的封包的平均大小小於預設大小值,則在步驟S318中,封包大小判斷模組110判定該連接不屬於點對點連接。若該連接所傳送的封包的平均大小大於預設大小值,則在步驟S316中,封包大小判斷模組110判定該連接屬於點對點連接。 If the average size of the packet transmitted by the connection is less than the preset size value, then in step S318, the packet size determining module 110 determines that the connection does not belong to the point-to-point connection. If the average size of the packet transmitted by the connection is greater than a preset size value, then in step S316, the packet size determining module 110 determines that the connection belongs to a point-to-point connection.

本發明實施方式所提供的網路裝置10及其識別點對點連接的方法可以過濾出絕大部分的點對點連接,從而可以更加有效的針對這些點對點連接提供品質服務。而且,藉由先分辨出使用與未使用 點對點應用的用戶終端設備(201、203及205),可以有效加快點對點連接的識別速度。 The network device 10 and the method for identifying the point-to-point connection provided by the embodiments of the present invention can filter out most of the point-to-point connections, so that quality services can be provided more effectively for these point-to-point connections. Moreover, by first distinguishing between use and unused The user terminal devices (201, 203, and 205) of the peer-to-peer application can effectively speed up the recognition speed of the point-to-point connection.

綜上所述,本發明符合發明專利要件,爰依法提出專利申請。惟,以上所述僅為本發明之較佳實施例,舉凡熟悉本案技藝之人士,在爰依本案發明精神所作之等效修飾或變化,皆應包含於以下之申請專利範圍內。 In summary, the present invention complies with the requirements of the invention patent and submits a patent application according to law. The above description is only the preferred embodiment of the present invention, and equivalent modifications or variations made by those skilled in the art will be included in the following claims.

10‧‧‧網路裝置 10‧‧‧Network devices

201、203、205‧‧‧用戶終端設備 201, 203, 205‧‧‧ User terminal equipment

30‧‧‧網際網路 30‧‧‧Internet

12‧‧‧處理器 12‧‧‧ Processor

14‧‧‧存儲媒介 14‧‧‧ Storage media

100‧‧‧連接記錄模組 100‧‧‧Connection Recording Module

102‧‧‧連接分析模組 102‧‧‧Connection Analysis Module

104‧‧‧機率計算模組 104‧‧‧ probability calculation module

106‧‧‧協定判斷模組 106‧‧‧Agreement judgment module

108‧‧‧埠判斷模組 108‧‧‧埠Judgement module

110‧‧‧封包大小判斷模組 110‧‧‧Package size judgment module

Claims (16)

一種網路裝置,用於將複數用戶終端設備連接至網際網路,該網路裝置包括:連接記錄模組,用於記錄來自每個用戶終端設備的所有連接及每個連接的源網際網路協定位址、源埠號、目的網際網路協定位址、目的埠號、協定類型、經過的封包的總個數及總位元組數;連接分析模組,用於每隔一時間段統計同一源網際網路協定位址的連接的總個數及不同目的埠號的連接的個數;機率計算模組,用於計算同一源網際網路協定位址的不同目的埠號的連接的個數與該連接的總個數的比值,並判斷計算出的該比值是否大於預設機率,且在該比值大於該預設機率時判定該源網際網路協定位址的連接中存在點對點連接;協定判斷模組,用於在該源網際網路協定位址的連接中存在點對點連接時,判斷該源網際網路協定位址的連接的協定類型是否為傳輸控制協定;埠判斷模組,用於在該源網際網路協定位址的連接的協定類型為傳輸控制協定時,判斷該源網際網路協定位址的連接的目的埠號是否大於預設埠號;及封包大小判斷模組,用於判斷該源網際網路協定位址的連接的目的埠號大於該預設埠號的連接所傳送的封包的平均大小是否大於預設大小值,並在大於該預設大小值時判定該源網際網路協定位址的連接皆屬於該點對點連接,其中,該封包的平均大小等於在 該源網際網路協定位址的所有連接中所傳送的封包的總位元組數除以封包的總個數。 A network device for connecting a plurality of user terminal devices to the Internet, the network device comprising: a connection recording module for recording all connections from each user terminal device and a source internet connection of each connection Protocol address, source nickname, destination internet protocol address, destination nickname, protocol type, total number of packets passed and total number of bytes; connection analysis module, used for statistics at intervals The total number of connections of the same source Internet Protocol address and the number of connections of different destination nicknames; the probability calculation module is used to calculate the connection of different destination nicknames of the same source Internet Protocol address The ratio of the number to the total number of the connections, and determining whether the calculated ratio is greater than a preset probability, and determining that there is a point-to-point connection in the connection of the source internet protocol address when the ratio is greater than the preset probability; The agreement judging module is configured to determine whether the protocol type of the connection of the source internet protocol address is a transmission control agreement when there is a point-to-point connection in the connection of the source internet protocol address; a module for determining whether a destination nickname of a connection of the source internet protocol address is greater than a preset nickname when the protocol type of the connection of the source internet protocol address is a transmission control protocol; and The size judging module is configured to determine whether the destination nickname of the connection of the source internet protocol address is greater than the average size of the packet transmitted by the connection of the preset nickname, and is greater than the preset size. The size value determines that the connection of the source internet protocol address belongs to the point-to-point connection, wherein the average size of the packet is equal to The total number of bytes of the packet transmitted in all connections to the source Internet Protocol address divided by the total number of packets. 如申請專利範圍第1項所述之網路裝置,其中該機率計算模組在該比值小於該預設機率時判定該源網際網路協定位址的連接中不存在該點對點連接。 The network device of claim 1, wherein the probability calculation module determines that the point-to-point connection does not exist in the connection of the source internet protocol address when the ratio is less than the preset probability. 如申請專利範圍第1項所述之網路裝置,其中該協定判斷模組判定該源網際網路協定位址的協定類型不是該傳輸控制協定的連接皆不屬於該點對點連接。 The network device of claim 1, wherein the agreement determining module determines that the protocol type of the source internet protocol address is not the connection of the transmission control protocol belongs to the point-to-point connection. 如申請專利範圍第1項所述之網路裝置,其中該埠判斷模組判定該源網際網路協定位址的連接的目的埠號小於該預設埠號的連接皆不屬於該點對點連接。 The network device of claim 1, wherein the determining module determines that the connection of the source Internet Protocol address is less than the connection of the preset nickname. 如申請專利範圍第1項所述之網路裝置,其中該封包大小判斷模組判定該源網際網路協定位址的連接所傳送的封包的平均大小小於該預設大小值的連接皆不屬於該點對點連接。 The network device of claim 1, wherein the packet size judging module determines that the average size of the packets transmitted by the connection of the source internet protocol address is less than the connection of the preset size value. This point-to-point connection. 如申請專利範圍第1項所述之網路裝置,其中該預設機率優選為5.5%。 The network device of claim 1, wherein the preset probability is preferably 5.5%. 如申請專利範圍第1項所述之網路裝置,其中該預設埠號優選為1024。 The network device of claim 1, wherein the preset nickname is preferably 1024. 如申請專利範圍第1項所述之網路裝置,其中該預設大小值優選為1200位元組。 The network device of claim 1, wherein the preset size value is preferably 1200 bytes. 一種識別點對點連接的方法,用於將複數用戶終端設備連接至網際網路,該識別點對點連接的方法包括:記錄來自每個用戶終端設備的所有連接及每個連接的源網際網路協定位址、源埠號、目的網際網路協定位址、目的埠號、協定類 型、經過的封包的總個數及總位元組數;每隔一時間段統計同一源網際網路協定位址的連接的總個數及不同目的埠號的連接的個數;計算同一源網際網路協定位址的不同目的埠號的連接的個數與該連接的總個數的比值;判斷計算出的該比值是否大於預設機率;若該比值大於該預設機率,則判定該源網際網路協定位址的連接中存在該點對點連接;判斷該源網際網路協定位址的連接的協定類型是否為傳輸控制協定;若該源網際網路協定位址的連接的協定類型為該傳輸控制協定,則判斷該源網際網路協定位址的連接的目的埠號是否大於預設埠號;若該源網際網路協定位址的連接的目的埠號大於該預設埠號,則判斷該源網際網路協定位址的目的埠號大於該預設埠號的連接所傳送的封包的平均大小是否大於預設大小值,其中,該封包的平均大小等於在該源網際網路協定位址的所有連接中所傳送的封包的總位元組數除以封包的總個數;及若大於該預設大小值,則判定該源網際網路協定位址的連接皆屬於該點對點連接。 A method for identifying a point-to-point connection for connecting a plurality of user terminal devices to the Internet, the method for identifying a point-to-point connection comprising: recording all connections from each user terminal device and source Internet Protocol addresses for each connection , source nickname, destination internet protocol address, destination nickname, agreement class Type, the total number of packets passed and the total number of bytes; the total number of connections of the same source Internet Protocol address and the number of connections of different destinations are counted every other time period; The ratio of the number of connections of the different destination nicknames of the Internet Protocol address to the total number of the connections; determining whether the calculated ratio is greater than a preset probability; if the ratio is greater than the preset probability, determining the The point-to-point connection exists in the connection of the source internet protocol address; whether the protocol type of the connection of the source internet protocol address is a transmission control protocol; if the connection type of the connection of the source internet protocol address is The transmission control protocol determines whether the destination nickname of the connection of the source internet protocol address is greater than a preset nickname; if the destination nickname of the connection of the source internet protocol address is greater than the preset nickname, Determining whether the destination nickname of the source Internet Protocol address is greater than the average size of the packet transmitted by the connection of the preset nickname is greater than a preset size, where the average size of the packet is equal to the source network. The total number of bytes of the packet transmitted in all connections of the network protocol address divided by the total number of packets; and if greater than the preset size, the connection of the source Internet Protocol address is determined to belong to This point-to-point connection. 如申請專利範圍第9項所述之識別點對點連接的方法,還包括在該比值小於該預設機率時,判定在該源網際網路協定位址的連接中不存在該點對點連接。 The method for identifying a point-to-point connection as described in claim 9 further includes determining that the point-to-point connection does not exist in the connection of the source internet protocol address when the ratio is less than the preset probability. 如申請專利範圍第9項所述之識別點對點連接的方法,還包括若 該源網際網路協定位址的連接的協定類型不是該傳輸控制協定,則判定該源網際網路協定位址的連接皆不屬於該點對點連接。 The method for identifying a point-to-point connection as described in claim 9 of the patent application scope, further includes If the protocol type of the connection of the source internet protocol address is not the transmission control protocol, it is determined that the connection of the source internet protocol address does not belong to the point-to-point connection. 如申請專利範圍第9項所述之識別點對點連接的方法,還包括若該源網際網路協定位址的連接的目的埠號小於該預設埠號,則判定該源網際網路協定位址的連接皆不屬於該點對點連接。 The method for identifying a point-to-point connection according to claim 9 of the patent application, further comprising: if the destination nickname of the connection of the source internet protocol address is less than the preset nickname, determining the source internet protocol address None of the connections belong to the point-to-point connection. 如申請專利範圍第9項所述之識別點對點連接的方法,還包括若該源網際網路協定位址的目的埠號小於該預設埠號的連接所傳送的封包的平均大小小於該預設大小值,則判定該源網際網路協定位址的連接皆不屬於該點對點連接。 The method for identifying a point-to-point connection, as described in claim 9, further comprising: if the destination network nickname of the source internet protocol address is smaller than the preset nickname, the average size of the packet transmitted is less than the preset. The size value determines that the connection to the source Internet Protocol address does not belong to the point-to-point connection. 如申請專利範圍第9項所述之識別點對點連接的方法,其中該預設機率優選為5.5%。 A method for identifying a point-to-point connection as described in claim 9 wherein the predetermined probability is preferably 5.5%. 如申請專利範圍第9項所述之識別點對點連接的方法,其中該預設埠號優選為1024。 The method for identifying a point-to-point connection as described in claim 9 wherein the preset apostrophe is preferably 1024. 如申請專利範圍第9項所述之識別點對點連接的方法,其中該預設大小值優選為1200位元組。 The method for identifying a point-to-point connection as described in claim 9 wherein the preset size value is preferably 1200 bytes.
TW99141303A 2010-11-29 2010-11-29 Network device and identification method of point-to-point connection TWI416910B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW99141303A TWI416910B (en) 2010-11-29 2010-11-29 Network device and identification method of point-to-point connection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW99141303A TWI416910B (en) 2010-11-29 2010-11-29 Network device and identification method of point-to-point connection

Publications (2)

Publication Number Publication Date
TW201223202A TW201223202A (en) 2012-06-01
TWI416910B true TWI416910B (en) 2013-11-21

Family

ID=46725434

Family Applications (1)

Application Number Title Priority Date Filing Date
TW99141303A TWI416910B (en) 2010-11-29 2010-11-29 Network device and identification method of point-to-point connection

Country Status (1)

Country Link
TW (1) TWI416910B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6597660B1 (en) * 1997-01-03 2003-07-22 Telecommunications Research Laboratory Method for real-time traffic analysis on packet networks
US6839751B1 (en) * 1999-06-30 2005-01-04 Hi/Fn, Inc. Re-using information from data transactions for maintaining statistics in network monitoring
TW200740160A (en) * 2006-04-06 2007-10-16 Univ Nat Chiao Tung Apparatus and method of transmission control protocol (TCP) connection
TW200926674A (en) * 2007-12-07 2009-06-16 Univ Nat Chiao Tung Application classification method in network traffic

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6597660B1 (en) * 1997-01-03 2003-07-22 Telecommunications Research Laboratory Method for real-time traffic analysis on packet networks
US6839751B1 (en) * 1999-06-30 2005-01-04 Hi/Fn, Inc. Re-using information from data transactions for maintaining statistics in network monitoring
TW200740160A (en) * 2006-04-06 2007-10-16 Univ Nat Chiao Tung Apparatus and method of transmission control protocol (TCP) connection
TW200926674A (en) * 2007-12-07 2009-06-16 Univ Nat Chiao Tung Application classification method in network traffic

Also Published As

Publication number Publication date
TW201223202A (en) 2012-06-01

Similar Documents

Publication Publication Date Title
US7515596B2 (en) Full data link bypass
CN101803305B (en) Network monitoring device, network monitoring method, and network monitoring program
US8149866B2 (en) System and method for filtering communications at a network interface controller
CN106972985B (en) Method for accelerating data processing and forwarding of DPI (deep packet inspection) equipment and DPI equipment
US9660833B2 (en) Application identification in records of network flows
WO2014187238A1 (en) Application type identification method and network device
CN107666473B (en) Attack detection method and controller
CN101163051A (en) Network card transmission speed testing system and method
CN102098227A (en) Packet capture method and kernel module
CN114039875B (en) Data acquisition method, device and system based on eBPF technology
KR100479202B1 (en) System and method for protecting from ddos, and storage media having program thereof
CN104243237A (en) P2P flow detection method and device
US20230104069A1 (en) Traffic estimations for backbone networks
CN110719286A (en) Network optimization scheme sharing system and method based on big data
KR102211503B1 (en) Harmful ip determining method
TWI416910B (en) Network device and identification method of point-to-point connection
CN110224932B (en) Method and system for rapidly forwarding data
CN115664833B (en) Network hijacking detection method based on local area network safety equipment
CN105959248B (en) The method and device of message access control
US8050266B2 (en) Low impact network debugging
US20090285207A1 (en) System and method for routing packets using tags
CN108173717A (en) A kind of method under User space by obtaining ICMP error message monitoring network situations
CN111970250B (en) Method for identifying account sharing, electronic device and storage medium
CN110162969B (en) Flow analysis method and device
CN102480493B (en) Network device and method for recognizing point-to-point connection by using same