WO2016201673A1 - 一种共享接入主机数目检测方法及检测装置 - Google Patents

一种共享接入主机数目检测方法及检测装置 Download PDF

Info

Publication number
WO2016201673A1
WO2016201673A1 PCT/CN2015/081794 CN2015081794W WO2016201673A1 WO 2016201673 A1 WO2016201673 A1 WO 2016201673A1 CN 2015081794 W CN2015081794 W CN 2015081794W WO 2016201673 A1 WO2016201673 A1 WO 2016201673A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
request
reply
attribute file
file
Prior art date
Application number
PCT/CN2015/081794
Other languages
English (en)
French (fr)
Inventor
原毅强
顾明伟
张盼
廖友庆
朱珂
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2015/081794 priority Critical patent/WO2016201673A1/zh
Priority to CN201580031151.6A priority patent/CN106664223B/zh
Publication of WO2016201673A1 publication Critical patent/WO2016201673A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and a device for detecting the number of shared access hosts.
  • IP Internet Protocol
  • NAT Network Address Translation
  • the NAT device greatly alleviates the problem of IP starvation, but it seems that only one host is on the Internet, which has a great impact on the network management and benefits of the operator. Therefore, how to accurately obtain the connection to the NAT device
  • the number of active hosts that is, the number of hosts in the shared access network, effectively managing users who share access becomes a major problem for operators.
  • the method for obtaining the number of hosts in the shared access network mainly collects the value of the user agent field in the Hypertext Transfer Protocol (HTTP) packet in the data packet by collecting the data packet in the network, and Comparing the values of the recorded user agent fields, and determining the number of hosts in the shared access network according to the comparison result, the method mainly relies on the HTTP packets in the data packet, so that the accuracy of the detection result depends on the content of the data packet, thereby The number of detected hosts is less accurate.
  • HTTP Hypertext Transfer Protocol
  • the embodiment of the invention provides a method for detecting the number of shared access hosts and a detecting device, which can improve the accuracy of the detection result and reduce the dependence on the user's online behavior.
  • a first aspect of the embodiments of the present invention provides a method for detecting a number of shared access hosts, including:
  • redirect message carrying an attribute parameter to the user end, where the redirect message is used to instruct the client to request a storage attribute file from a virtual internet protocol IP address;
  • the user terminal When the user terminal is configured to request the storage attribute file from the virtual IP address, establish a transmission control protocol TCP connection with the user end, and send a reply message carrying the storage attribute file to the user end. So that the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back a request message carrying the edited attribute parameter;
  • the method before the step of intercepting the target access request sent by the user end in the shared access network, the method further includes:
  • the page access request carrying the GET packet is determined as the target access request.
  • the request returns a redirection packet carrying the attribute parameter to the client, including:
  • a third possible implementation manner of the first aspect of the embodiment of the present invention When the user terminal is configured to request the storage attribute file from the virtual IP address, establish a TCP connection with the user end, and send a reply message carrying the storage attribute file to the user end, including:
  • the request handshake handshake forging handshake acknowledgement packet establishes a TCP connection with the user end, and records the maximum segment length
  • the storage attribute file includes a script attribute file and an animation attribute file, where the reply message includes a first reply message and a second reply message;
  • the searching for the storage attribute file according to the request and encapsulating the storage attribute file in the reply message, so that the reply message carries the storage attribute file including:
  • the sending the reply message to the user end include:
  • the first reply message and/or the second reply message are greater than the preset message length, the first reply message and the maximum message segment length are / or the second reply message is fragmented, and an end flag is set for the last fragment of the second reply message;
  • the reply acknowledgement message is used to instruct the client to close the TCP connection.
  • the edited attribute parameter in the packet counts the number of the client, including:
  • the number of the edited attribute parameters is used as the number of the user terminals in the shared access network.
  • a second aspect of the embodiments of the present invention provides a detecting apparatus, including:
  • An intercepting unit configured to intercept a target access request sent by a user end in the shared access network, where the target access request is a page access request that carries a GET data packet;
  • a returning unit configured to: return, according to the target access request, a redirect message carrying an attribute parameter to the user end, where the redirect message is used to instruct the client to request a storage attribute file from a virtual internet protocol IP address;
  • connection unit configured to establish a transmission control protocol TCP connection with the user end, and send the storage attribute to the user end when the user terminal is configured to request the storage attribute file from the virtual IP address a reply message of the file, so that the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back a request message carrying the edited attribute parameter;
  • a statistics unit configured to count, according to the edited attribute parameter in the request message, the number of the user terminals to obtain a number of hosts in the shared access network.
  • the detecting apparatus further includes:
  • a monitoring unit configured to listen to a webpage access request sent by at least one client in the shared access network
  • the request judging unit is configured to: when the webpage access request of any one of the at least one user end is monitored, determine whether the monitored webpage access request is a page access request that carries the acquired data packet;
  • a determining unit configured to determine, when the result of the determination is yes, the page access request carrying the acquired data packet as the target access request.
  • the returning unit includes:
  • a generating unit configured to access a website to forge a website according to the purpose of the target access request, to generate a redirect message carrying an attribute parameter
  • the first sending unit is configured to send the redirect message to the client.
  • connection unit includes:
  • a spoofing unit configured to establish a TCP connection with the user terminal according to the request handshake message forging a handshake confirmation message when the user terminal is requested to request the storage attribute file from the virtual IP address, and record Maximum segment length;
  • a searching unit configured to search the storage attribute file according to the request, and encapsulate the storage attribute file in a reply message, so that the reply message carries the storage attribute file;
  • a second sending unit configured to send the reply message to the user end.
  • the storage attribute file includes a script in a fourth possible implementation manner of the second aspect of the embodiment of the present invention.
  • a property file and an animation property file where the reply message includes a first reply message and a second reply message;
  • the searching unit includes:
  • a first searching unit configured to: when detecting that the client requests the script attribute file from the virtual IP address, searching for the script attribute file and encapsulating the script attribute file in the first reply message,
  • the first reply message carries the script attribute file
  • a second searching unit configured to: when the user end requests the animation attribute file to the virtual IP address, search for the animation attribute file, and encapsulate the animation attribute file in a second reply message, So that the second reply message carries the animation attribute file.
  • the second sending unit includes:
  • a length determining unit configured to determine, respectively, whether a packet length of the first reply packet and the second reply packet is greater than a preset packet length
  • a message fragmentation unit configured to: when the length of the first reply message and/or the second reply message is greater than the preset message length, according to the maximum message segment length The first reply message and/or the second reply message are fragmented, and an end flag is set for the last fragment of the second reply message;
  • a fragment sending unit configured to send the fragmented first reply message and the second reply message fragment to the user end, so that the user end receives the end of the carrying When the fragmented packet of the flag is fed back, the acknowledgement packet and the end packet are received;
  • a feedback unit configured to: when receiving the confirmation message and the end message, feed back a reply confirmation message to the user end, where the reply confirmation message is used to instruct the user end to close the TCP connection .
  • the statistical unit includes:
  • a receiving unit configured to receive the request message that carries the edited attribute parameter sent by the user end, where the request message is used to request a blank file;
  • a parameter statistic unit configured to obtain the edited attribute parameter in the request message, and count the number of the edited attribute parameter, and use the number of the edited attribute parameter as the shared connection The number of the clients in the network.
  • the detecting device intercepts the target access request sent by the user end in the shared access network, and returns a redirect message carrying the attribute parameter to the user end according to the target access request, and then the user end reports according to the redirect message.
  • the file requests the storage attribute file to the virtual internet protocol address.
  • the detecting device detects that the user requests the storage attribute file from the virtual IP address, the detecting device establishes a transmission control protocol connection with the user end, and sends a reply message carrying the storage attribute file to the user end.
  • the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back the request message carrying the edited attribute parameter, and finally the detecting device counts the shared access network according to the edited attribute parameter in the request message.
  • the number of users implements the detection of the number of hosts in the shared access network, improves the accuracy of the detection results, and reduces the dependence on the user's online behavior.
  • FIG. 1 is a schematic flowchart of a method for detecting a number of shared access hosts according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flow chart of a specific implementation method of the embodiment shown in FIG. 1;
  • FIG. 3 is a schematic structural diagram of a detecting apparatus according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a return unit provided by the embodiment shown in FIG. 3;
  • FIG. 5 is a schematic structural diagram of a connection unit provided by the embodiment shown in FIG. 3;
  • FIG. 5 is a schematic structural diagram of a connection unit provided by the embodiment shown in FIG. 3;
  • FIG. 6 is a schematic structural diagram of a search unit provided in the embodiment shown in FIG. 5;
  • FIG. 7 is a schematic structural diagram of a second sending unit provided by the embodiment shown in FIG. 5;
  • FIG. 8 is a schematic structural diagram of a statistical unit provided by the embodiment shown in FIG. 3;
  • FIG. 9 is a schematic structural diagram of another detecting apparatus according to an embodiment of the present invention.
  • the embodiment of the present invention provides a method for detecting the number of shared access hosts and a detecting device, which can be applied to the scenario of counting the number of hosts in the shared access network, for example, counting the number of hosts after accessing the Internet NAT device with a public IP address. And statistics on the number of hosts connected to an Internet cafe.
  • the detecting device intercepts the target access request sent by the user end in the shared access network, and returns a redirect message carrying the attribute parameter to the user end according to the target access request, and then the user end is Redirecting a message requesting a storage attribute file to the virtual IP address, and when the detecting device detects that the user end requests the storage attribute file from the virtual IP address, Establishing a transmission control protocol connection, and sending a reply message carrying the storage attribute file to the user end, and then the user end edits the attribute parameter file according to the storage attribute file in the reply message and feeds back The request message carrying the edited attribute parameter, and finally the detecting device counts the number of the user terminals according to the edited attribute parameter in the request message, thereby obtaining the number of hosts in the shared access network.
  • the embodiment of the present invention can obtain the number of the user terminals in the shared access network, and the shared access network can be obtained.
  • the embodiment of the invention can improve the accuracy of the detection result, and can reduce the burden on the server in a scenario in which a large number of users share access.
  • the premise of the embodiment of the present invention is that a virtual IP address is set for the server in the detecting device, and the virtual IP address may be an inaccessible IP address, but the transmission control protocol (Transmission Control Protocol, TCP) initiated by the user end must be ensured.
  • TCP Transmission Control Protocol
  • a Synchronous (SYN) message can be routed through the monitoring link of the detecting device.
  • the user terminal of the shared access network in the embodiment of the present invention is a host in the shared access network, and may include, but is not limited to, a desktop computer, a laptop computer, and the like.
  • FIG. 1 is a schematic flowchart of a method for detecting a number of shared access hosts according to an embodiment of the present invention.
  • the method may include steps S101 to S104.
  • the target access request sent by the user end in the shared access network is intercepted, and the target access request is a page access request that carries the GET data packet.
  • a client behind the NAT device that is, a host accessing the Internet with the same public IP address, sends a webpage access request (WEB access request) to the server according to the URL input by the user.
  • Most web access requests are page access requests, which include get (GET) request and transfer (POST) requests.
  • the GET request is to obtain data by sending a GET packet to a specified resource, and the data of the GET request is cached and also saved in the history of the browser.
  • the POST request is to submit the data to be processed to the specified resource by sending a POST packet.
  • the POST request will not be cached and will not be saved in the browser's history. Therefore, the detecting device intercepts the page access request that is sent by the user end in the shared access network and carries the GET data packet, and the page access request that carries the GET data packet is the target access request.
  • the target access request is an access request that satisfies an editing condition of a local storage object (FLASH COOKIE) of the multimedia program player.
  • the FLASH COOKIE is similar to a local storage object (HTTP COOKIE) of a hypertext transfer protocol, which is a mechanism for transmitting state information between a browser and a server in HTTP, and the COOKIE is stored on the user's browser by the server. Small file that can contain information about the user.
  • the FLASH COOKIE also records the information that the user retains when accessing the multimedia program (FLASH) webpage. In view of the universality of the FLASH technology, almost all websites are adopted. Therefore, the embodiment of the present invention has low dependence on the user's online behavior.
  • the detecting device monitors the WEB access request sent by at least one client in the shared access network in real time, and determines the monitored WEB access when listening to the WEB access request of any one of the at least one client Whether the request is a page access request carrying a GET packet.
  • the page access request carrying the GET packet is determined as the target access request.
  • the target access request includes a webpage access request sent by the multiple clients when the webpage access request sent by the plurality of client terminals is the page access request carrying the GET data packet.
  • the redirection packet carrying the attribute parameter is returned to the user end according to the target access request, where the redirection message is used to instruct the client to request a storage attribute file from the virtual internet protocol IP address.
  • the detecting device returns, according to the target access request, a redirect message carrying an attribute parameter to a user end corresponding to the target access request, where the redirect message is used to indicate that the client sends a virtual IP address to the virtual IP address.
  • Request a storage properties file.
  • the target access request carries the destination access website, and during the interaction between the existing server and the user end, the server reads the corresponding data of the destination visiting website from the resource according to the webpage access request sent by the browser of the user end, and sends back the data.
  • the access request responds, the browser parses the data from the response, and displays the corresponding data on the display of the client.
  • the target access request sent by the user end in the shared access network is intercepted by the detecting device, so that the target access request is temporarily unable to reach the destination server, and therefore the detecting device is configured according to the target.
  • the target accessing website of the access request falsifies the visiting website to generate a redirect message carrying the attribute parameter.
  • the redirect message is a temporary redirect 302 message, and the target access is requested.
  • a temporary transfer to a forged visit site is made to respond to the target access request.
  • the detecting device sends the redirect message to the user end corresponding to the target access request, and when the user end receives the redirect message, requests the storage attribute file and reads the virtual IP address. And taking the attribute parameter in the redirect message.
  • the attribute parameter is a timestamp value, that is, a time value recorded by the server when the client accesses the server last time, and the timestamp value is automatically updated, and the latest time value is recorded.
  • the attribute parameter is recorded by the detecting device and the attribute parameter is encapsulated in the redirect message.
  • the client when the client receives the attribute parameter, it can only read and cannot write other information, so the user needs a specific tool to edit the attribute parameter.
  • the specific tool is a storage attribute file, where the storage attribute file is a necessary intermediate file for editing the attribute parameter, and the user terminal can edit the attribute parameter only after acquiring the storage attribute file. Therefore, the client requests a storage attribute file from the virtual IP address.
  • the virtual IP address is a virtual IP address of the server, which prevents performance pressure on the server caused by a large number of users acquiring the necessary intermediate files from the server.
  • the storage device stores at least one storage attribute file corresponding to the destination website, where the storage attribute file includes a script attribute file and an animation attribute file, and the script attribute file is a file with a suffix name of js, and the animation
  • the property file is the file with the suffix name swf.
  • the UE first sends a SYN packet to the virtual IP address, requesting to establish a TCP connection with the detecting device.
  • the spoofing handshake acknowledgment (SYN+ACK) message is sent by the detecting device after the SYN message is received by the detecting device.
  • Responding to the client thereby successfully establishing a TCP connection between the client and the virtual IP address, that is, establishing a TCP connection between the client and the detecting device.
  • the detecting device records a maximum segment size (MSS) at the same time as establishing a TCP connection, that is, each segment of the communication when the transmitting and receiving parties negotiate communication.
  • MSS maximum segment size
  • the detecting device After the TCP connection is established, the detecting device searches for the storage attribute file corresponding to the target access request in the detecting device according to the request, and encapsulates the storage attribute file in a reply message, that is, encapsulation.
  • the reply message is caused to carry the storage attribute file.
  • the 200 OK message indicates that the server has successfully processed the request sent by the client.
  • the detecting device sends the reply message to the user end, and when receiving the reply message, the user end extracts the storage attribute file in the reply message, and according to the storage
  • the property file edits the property parameters.
  • the user may edit the attribute parameter according to the following manner: the user end writes its own identification information into the attribute parameter, for example, writing the identification information of the user end, the private network IP address, and the like into the In the attribute parameters, the detection device obtains more comprehensive data.
  • the request message is used to request a blank file, such as a file with a suffix name of gif, and the request message is used to send the edited attribute parameter to the detecting device.
  • the detecting apparatus receives the request message fed back by the user end, and acquires the edited attribute parameter in the request message, because the target access request is more than one, the request report There is more than one text, each request message carries an edited attribute parameter, so the detecting device counts the number of the edited attribute parameters, and the number of the attribute parameters can be obtained by counting the number of the attribute parameters.
  • the number of the clients in the shared access network In most cases, the user end of the shared access network has a one-to-one correspondence with the host. Therefore, the embodiment of the present invention can obtain the number of the user terminals in the shared access network, and the shared access network can be obtained.
  • the number of the attribute parameters is the number of hosts in the shared access network. Since the edited attribute parameter includes the identification information of the user end, the statistical result is more comprehensive and accurate.
  • the user terminal After the detecting device acquires the edited attribute parameter and releases the interception of the target access request, the user terminal can normally access the target visiting website corresponding to the target access request.
  • the method provided by the embodiment of the present invention is used to detect the number of hosts in a shared access network, for example, detecting the number of hosts sharing a network with a public IP address in a school or a company.
  • the detecting device includes at least one network sniffing module and one host number counting module when the address shares the sum of the number of hosts connected to the Internet.
  • the network sniffing module in the at least one network sniffing module is responsible for collecting the editing and attribute parameters of the storage attribute file in each shared access network, and reporting the collected attribute parameters to the host number statistics. Module.
  • the host number statistics module summarizes the edited attribute parameters reported by the network sniffing modules and counts the number of shared accessing hosts in the cell or in the city.
  • the server may be abnormal due to performance pressure, or may have to passively reduce the number of requests of the system. Additional deployment of a high-performance server increases deployment costs.
  • the embodiment of the present invention can effectively alleviate the pressure of accessing a large number of clients, and does not need to add additional deployment costs, and the number of detected clients can reach millions, 10 million, or even higher.
  • the detecting device intercepts the target access request sent by the user end in the shared access network, and returns a redirect message carrying the attribute parameter to the user end according to the target access request, and then the user end reports according to the redirect message.
  • the file requests a storage attribute file from the virtual IP address.
  • the detecting device detects that the user requests the storage attribute file from the virtual IP address, the detecting device establishes a TCP connection with the user end, and sends a reply message carrying the storage attribute file to the user, and then the user
  • the terminal edits the attribute parameter according to the storage attribute file in the reply message and feeds back the request message carrying the edited attribute parameter.
  • the detecting device counts the number of the user terminals in the shared access network according to the edited attribute parameter in the request message.
  • the detection of the number of hosts in the shared access network is implemented, and the accuracy of the detection result is improved, and the dependence on the user's online behavior is reduced.
  • FIG. 2 is a schematic flowchart of a specific implementation method of the embodiment shown in FIG. 1, and the method may include steps S201 to S212.
  • the detecting device monitors a webpage access request sent by at least one client in the shared access network in real time, and the webpage access request may be a page access request, a data access request, or the like.
  • the webpage access request is an access request sent to the server according to a web address input by the user at the user end, and the webpage access request is used to access the extranet website.
  • the detecting device determines whether the monitored webpage access request is a WEB access request carrying a GET packet.
  • most web access requests are page access requests, including GET requests and POST requests.
  • the GET request is to obtain data by sending a GET packet to a specified resource, and the data of the GET request is cached and also saved in the history of the browser.
  • the POST request is to submit the data to be processed to the specified resource by sending a POST packet.
  • the POST request will not be cached and will not be saved in the browser's history. Therefore, the detecting device needs to determine whether the type of the webpage access request that is being monitored is a page access request that carries the acquired data packet.
  • the page access request carrying the GET packet is determined as the target access request.
  • the page access request carrying the GET packet is determined as the target access request.
  • the target access request is more than one, and all page access requests carrying GET data packets are used as the target access request.
  • the target access request includes a webpage access request sent by the multiple clients when the webpage access request sent by the plurality of client terminals is the page access request carrying the GET data packet.
  • the detecting device intercepts the target access request sent by a client in a shared access network.
  • the target access request is an access request that satisfies an editing condition of the FLASH COOKIE.
  • the FLASH COOKIE is similar to the HTTP COOKIE, which is a mechanism for transmitting state information between a browser and a server in HTTP.
  • the COOKIE is a small file that the server saves on the user's browser, and may contain related users. information.
  • the FLASH COOKIE also records the information that the user retains when accessing the FLASH. In view of the universality of the FLASH technology, almost all websites are adopted. Therefore, the embodiment of the present invention has low dependence on the user's online behavior.
  • the website is falsified according to the purpose of the target access request, and the website is forged to generate a redirect message carrying the attribute parameter.
  • the target access request carries a destination access website
  • the server reads from the resource according to the webpage access request sent by the browser of the user end.
  • the browser parses the data from the response and displays the corresponding data on the display screen of the user end.
  • the detecting device intercepts the target access request, so that the target access request cannot reach the destination server, the detecting device accesses the website to forge the visiting website according to the purpose of the target access request, to generate a weight carrying the attribute parameter.
  • the message is directed to respond to the target access request.
  • the attribute parameter is a timestamp value, that is, a time value recorded by the server when the client accesses the server last time, and the timestamp value is automatically updated, and the latest time value is recorded.
  • S206 Send the redirect message to the user end, where the redirect message is used to instruct the client to request a storage attribute file from a virtual IP address.
  • the redirect message is a temporary redirect 302 message, and the target access request is temporarily transferred to the forged visiting website.
  • the detecting device sends the redirect message to a client corresponding to the target access request.
  • the user can only read the attribute parameter in the redirection packet, and cannot write other information, so the user needs a specific tool to The attribute parameters are edited.
  • the specific tool is a storage attribute file, where the storage attribute file is a necessary intermediate file for editing the attribute parameter, and the user terminal can edit the attribute parameter only after acquiring the storage attribute file. Therefore, the UE requests a storage attribute file from the virtual IP address according to the redirect message.
  • the virtual IP address is a virtual IP address of the server, which prevents performance pressure on the server caused by a large number of users acquiring the necessary intermediate files from the server.
  • the storage device stores at least one storage attribute file corresponding to the destination website, where the storage attribute file includes a script attribute file and an animation attribute file, and the script attribute file is a file with a suffix name of js, and the animation
  • the property file is the file with the suffix name swf.
  • the UE first sends a SYN packet to the virtual IP address, requesting to establish a TCP connection with the detecting device.
  • the policy of the virtual IP address is routed through the network link monitored by the detecting device.
  • the simulation server forges a SYN+ACK packet and replies to the user end, thereby successfully establishing a TCP connection between the client and the virtual IP address, that is, establishing the A TCP connection between the client and the detection device.
  • the detecting device records the maximum segment length while establishing a TCP connection.
  • the detecting device searches for the storage attribute file corresponding to the target access request in the detecting device according to the request, and encapsulates the storage attribute file in the reply message. That is, it is encapsulated in 200 OK, so that the reply message carries the storage attribute file.
  • the 200 OK message indicates that the server has successfully processed the request sent by the client.
  • the request includes a request for the script attribute file and a request for the animation attribute file
  • the user side sequentially transmits the two requests.
  • the detecting device detects that the client requests the script attribute file from the virtual IP address, searches the script attribute file in the detecting device and encapsulates the script attribute file in the first reply message.
  • the first reply message carries the script attribute file; when the detecting device detects that the client requests the animation attribute file from the virtual IP address, in the detecting device Finding the animation property file and encapsulating the animation property file in the second reply message, so that the second reply message carries the animation property file.
  • the first reply message and the second reply message are both 200 OK messages.
  • the reply message is sent to the user end, so that the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back a request report carrying the edited attribute parameter. Text.
  • the maximum segment length is recorded when a TCP connection between the client and the detecting device is established.
  • the detection device When the detecting device encapsulates the first reply packet and the second reply packet, the detection device does not know the length of the encapsulated reply packet, so the detecting device needs to separately determine the first reply packet. Whether the length of the message and the second reply packet is greater than the preset packet length.
  • the preset message length is set by the detecting device. When the length of the first reply message and/or the second reply message is greater than the preset message length, the first reply message and the maximum message segment length are / or the second reply message is fragmented, and the final (Finish, FIN) flag is set for the last fragment of the second reply message.
  • the detection device will The fragmented first reply message and the second reply message fragment are sent to the user end.
  • the UE When receiving the fragmented message carrying the FIN flag, the UE sends an Acknowledgement (ACK) message and a FIN message to the detecting device.
  • ACK Acknowledgement
  • the acknowledgment packet is sent back to the user end, and the acknowledgment acknowledgment message is used to instruct the client to close the TCP connection.
  • the reply acknowledgement packet is also an ACK packet.
  • the UE After the TCP connection is closed, the UE extracts the storage attribute file in the first reply message and the second reply message, and edits the attribute parameter according to the storage attribute file.
  • the user end writes the identifier information of the user to the attribute parameter, for example, the identifier information of the user end, the private network IP address, and the like are written into the attribute parameter, so that the detecting device obtains More comprehensive data.
  • the detecting device receives the request message that carries the edited attribute parameter sent by the user end.
  • the request message is used to request a blank file, such as a file with a suffix name of gif, and the request message is used to send the edited attribute parameter to the detecting device.
  • the request message is more than one, and each request message carries an edited attribute parameter, so the detecting device acquires the identifier in the request message.
  • the edited attribute parameter and counts the number of the edited attribute parameters.
  • the detecting device uses the number of the edited attribute parameters as the number of the user terminals in the shared access network, and obtains the shared connection by counting the number of the edited attribute parameters.
  • the number of the clients in the network In most cases, the user end of the shared access network has a one-to-one correspondence with the host. Therefore, the embodiment of the present invention can obtain the number of the user terminals in the shared access network, and the shared access network can be obtained.
  • the user terminal After the detecting device acquires the edited attribute parameter and releases the interception of the target access request, the user terminal can normally access the target visiting website corresponding to the target access request.
  • the detecting device intercepts the target access request sent by the user end in the shared access network, and returns a redirect message carrying the attribute parameter to the user end according to the target access request, and then the user end reports according to the redirect message.
  • the file requests a storage attribute file from the virtual IP address.
  • the detecting device detects that the user requests the storage attribute file from the virtual IP address, the detecting device establishes a TCP connection with the user end, and sends a reply message carrying the storage attribute file to the user, and then the user
  • the terminal edits the attribute parameter according to the storage attribute file in the reply message and feeds back the request message carrying the edited attribute parameter.
  • the detecting device counts the number of the user terminals in the shared access network according to the edited attribute parameter in the request message. It realizes the detection of the number of hosts in the shared access network, improves the accuracy of the detection results, reduces the dependence on the user's online behavior, and reduces the performance pressure of the massive users on the server.
  • FIG. 3 to FIG. 9 is used to execute the method of the embodiment shown in FIG. 1 and FIG. 2 of the present invention.
  • FIG. 3 to FIG. 9 is used to execute the method of the embodiment shown in FIG. 1 and FIG. 2 of the present invention.
  • FIG. 3 is a schematic structural diagram of a detecting apparatus provided by the present invention.
  • the detecting apparatus 10 may include: an intercepting unit 101, a returning unit 102, a connecting unit 103, and a counting unit 104.
  • the intercepting unit 101 is configured to intercept a target access request sent by a user end in the shared access network, where the target access request is a page access request that carries a GET data packet.
  • a client behind the NAT device that is, a host accessing the Internet with the same public IP address, sends a webpage access request (WEB access request) to the server according to the URL input by the user.
  • Most web access requests are page access requests, which include get (GET) request and transfer (POST) requests.
  • the GET request is to obtain data by sending a GET packet to a specified resource, and the data of the GET request is cached and also saved in the history of the browser.
  • the POST request is to submit the data to be processed to the specified resource by sending a POST packet.
  • the POST request will not be cached and will not be saved in the browser's history. Therefore, the intercepting unit 101 intercepts users in the shared access network.
  • the target access request is an access request that satisfies an editing condition of a local storage object (FLASH COOKIE) of the multimedia program player.
  • the FLASH COOKIE is similar to a local storage object (HTTP COOKIE) of a hypertext transfer protocol, which is a mechanism for transmitting state information between a browser and a server in HTTP, and the COOKIE is stored on the user's browser by the server. Small file that can contain information about the user.
  • the FLASH COOKIE also records the information that the user retains when accessing the multimedia program (FLASH) webpage. In view of the universality of the FLASH technology, almost all websites are adopted. Therefore, the embodiment of the present invention has low dependence on the user's online behavior.
  • the detecting device 10 monitors the WEB access request sent by at least one client in the shared access network in real time, and determines the monitored WEB when listening to the WEB access request of any one of the at least one client. Whether the access request is a page access request carrying a GET packet. When the result of the determination is YES, the detecting means 10 determines the page access request carrying the GET packet as the target access request. And the target access request includes a webpage access request sent by the multiple clients when the webpage access request sent by the plurality of client terminals is the page access request carrying the GET data packet.
  • the returning unit 102 is configured to: return, according to the target access request, a redirect message carrying an attribute parameter to the user end, where the redirect message is used to instruct the client to request a storage attribute file from a virtual internet protocol IP address. .
  • the returning unit 102 returns a redirection packet carrying an attribute parameter to the user end according to the target access request, where the redirection packet is used to instruct the client to request a storage attribute file from the virtual IP address.
  • the return unit 102 may include a generating unit 1021 and a first sending unit 1022 .
  • the generating unit 1021 is configured to access the website forging the website according to the destination access request to generate a redirect message carrying the attribute parameter.
  • the target access request carries a destination access website, in an existing server and user
  • the server reads the corresponding data of the destination access website from the resource according to the webpage access request sent by the browser of the client, and sends back an access request response, and the browser parses the data from the response, and the user
  • the corresponding data is displayed on the display.
  • the intercepting unit 101 intercepts the target access request, so that the target access request cannot reach the destination server
  • the generating unit 1021 accesses the website according to the target access target of the target access request to generate a carrying attribute parameter.
  • Redirect message is a temporary redirect 302 message, and the target access request is temporarily transferred to the forged access website to respond to the target access request.
  • the attribute parameter is a timestamp value, that is, a time value recorded by the server when the client accesses the server last time, and the timestamp value is automatically updated, and the latest time value is recorded.
  • the first sending unit 1022 is configured to send the redirect message to the client.
  • the redirect message is a temporary redirect 302 message, and the target access request is temporarily transferred to the forged visiting website.
  • the first sending unit 1022 sends the redirect message to a client corresponding to the target access request.
  • the user can only read the attribute parameter in the redirection packet, and cannot write other information, so the user needs a specific tool to The attribute parameters are edited.
  • the specific tool is a storage attribute file, where the storage attribute file is a necessary intermediate file for editing the attribute parameter, and the user terminal can edit the attribute parameter only after acquiring the storage attribute file. Therefore, the UE requests a storage attribute file from the virtual IP address according to the redirect message.
  • the virtual IP address is a virtual IP address of the server, which prevents performance pressure on the server caused by a large number of users acquiring the necessary intermediate files from the server.
  • the detection device 10 stores at least one storage attribute file corresponding to the destination website, where the storage attribute file includes a script attribute file and an animation attribute file, and the script attribute file is a file with a suffix name of js,
  • the animation property file is the file with the suffix name swf.
  • the connection unit 103 is configured to establish a transmission control protocol TCP connection with the user end, and send the storage to the user end when the user terminal is requested to request the storage attribute file from the virtual IP address. a reply message of the attribute file, so that the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back a request message carrying the edited attribute parameter.
  • the connecting unit 103 establishes a TCP connection with the user end, and sends a reply message carrying the storage attribute file to the user end, so that the user end according to the storage attribute in the reply message
  • the file edits the attribute parameter and feeds back the request message carrying the edited attribute parameter.
  • connection unit 103 may include a forgery unit 1031, a search unit 1032, and a second sending unit 1033.
  • the spoofing unit 1031 is configured to establish a TCP connection with the user end according to the request handshake message forging a handshake confirmation message when the user terminal is configured to request the storage attribute file from the virtual IP address, and Record the maximum segment length.
  • the forging unit 1031 establishes a TCP connection with the user end according to the request handshake message forging a handshake confirmation message. And record the maximum segment length.
  • the UE first sends a SYN packet to the virtual IP address, requesting to establish a TCP connection with the detecting device 10.
  • the spoofing unit 1031 spoofs the SYN+ACK message and replies to the user end, so that the spoofing unit 1031 receives the SYN message after the spoofing unit 1031 receives the SYN message.
  • a TCP connection between the client and the virtual IP address is successfully established.
  • the detecting device records the maximum segment length while establishing a TCP connection.
  • the searching unit 1032 is configured to search the storage attribute file according to the request, and encapsulate the storage attribute file in the reply message, so that the reply message carries the storage attribute file.
  • the searching unit 1032 searches the storage attribute file according to the request, and encapsulates the storage attribute file in a reply message, so that the reply message carries the storage attribute file. Since the storage attribute file includes a script attribute file and an animation attribute file, the search unit 1032 needs to separately search for the two storage attribute files.
  • the search unit 1032 may include a first search unit 1132 and a second search unit 1232 .
  • the first searching unit 1132 is configured to: when detecting that the client requests the script attribute file from the virtual IP address, searching for the script attribute file and encapsulating the script attribute file in the first reply message So that the first reply message carries the script attribute file.
  • the first search unit 1132 searches the script attribute file in the detecting device and encapsulates the script attribute file in the first reply message, so that the first reply message is carried.
  • the script attribute file, wherein the first reply message is a 200 OK message.
  • a second searching unit 1232 configured to: when detecting that the user end requests the animation attribute file from the virtual IP address, searching for the animation attribute file and encapsulating the animation attribute file in a second reply message So that the second reply message carries the animation attribute file.
  • the second searching unit 1232 searches for the animation attribute file in the detecting device and The animation attribute file is encapsulated in the second reply message, so that the second reply message carries the animation attribute file, wherein the second reply message is a 200 OK message.
  • the second sending unit 1033 is configured to send the reply message to the user end.
  • the second sending unit 1033 sends the reply message to the user end, so that the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back the edit Request message for the attribute parameter after.
  • the user end extracts the storage attribute file in the reply message, and edits the attribute parameter according to the storage attribute file.
  • the user end writes the identifier information of the user to the attribute parameter, for example, the identifier information of the user end, the private network IP address, and the like are written into the attribute parameter, so that the detecting device obtains More comprehensive data.
  • the request message is used to request a blank file, such as a file with a suffix name of gif, and the request message is used to send the attribute parameter to the detecting device.
  • FIG. 7 is a schematic structural diagram of a second sending unit provided in the embodiment shown in FIG. 5.
  • the second sending unit 1033 may include a length determining unit 1133, a message fragmenting unit 1233, a fragment sending unit 1333, and feedback. Unit 1433.
  • the length judging unit 1133 is configured to determine whether the packet length of the first reply packet and the second reply packet is greater than a preset packet length.
  • the maximum segment length is recorded, that is, the length of data that can be carried between the two parties is limited.
  • the length judging unit 1133 needs to separately determine the packet length of the first reply message and the second reply message. Whether it is greater than the preset message length.
  • the preset message length is set by the detecting device 10.
  • a message fragmentation unit 1233 configured to: when the length of the first reply message and/or the second reply message is greater than the preset message length, according to the maximum segment length And segmenting the first reply message and/or the second reply message, and setting an end flag for the last slice of the second reply message.
  • the packet fragmentation unit 1233 when the packet length of the first reply packet and/or the second reply packet is greater than the preset packet length, the packet fragmentation unit 1233 is configured according to the maximum segment. The length of the first reply message and/or the second reply message is fragmented, and a FIN flag is set for the last fragment of the second reply message. It can be understood that the packet fragmentation unit 1233 divides the first reply message and/or the second reply message into several equal parts, and each fragment has a length of the largest segment. length.
  • the fragment sending unit 1333 is configured to send the fragmented first reply message and the second reply message fragment to the user end, so that the user end carries the When the fragmented packet of the end flag is received, the acknowledgement packet and the end packet are fed back.
  • the fragment sending unit 1333 sends the fragmented first reply message and the second reply message fragment to the user end.
  • the UE sends an ACK message and a FIN message to the detecting device 10.
  • the feedback unit 1433 is configured to: when receiving the acknowledgement packet and the end packet, feed back a reply acknowledgement message to the user end, where the reply acknowledgement packet is used to instruct the client to close the TCP connection.
  • the feedback unit 1433 feeds back a reply confirmation message to the user end, where the reply confirmation message is used to instruct the client to close the TCP connection.
  • the statistics unit 104 is configured to count the number of the user terminals according to the edited attribute parameters in the request message to obtain the number of hosts in the shared access network.
  • the statistics unit 104 counts the number of the user terminals according to the edited attribute parameters in the request message to obtain the number of hosts in the shared access network.
  • FIG. 8 is a schematic structural diagram of a statistical unit provided by the embodiment shown in FIG. 3.
  • the statistical unit 104 may include a receiving unit 1041 and a parameter statistics unit 1042.
  • the receiving unit 1041 is configured to receive the request message that carries the edited attribute parameter sent by the user end, where the request message is used to request a blank file.
  • the receiving unit 1041 receives the request message that carries the edited attribute parameter sent by the user end, and the request message is used to request a blank file, for example, a file with a suffix name of gif, the request message The text is used to send the edited attribute parameter to the detecting device 10.
  • a parameter statistic unit 1042 configured to acquire the edited attribute parameter in the request message, and count the number of the edited attribute parameter, and use the number of the edited attribute parameter as the share The number of said clients in the access network.
  • the parameter statistics unit 1042 obtains the edited attribute parameter in the request message and counts the number of the edited attribute parameters, and uses the number of the edited attribute parameters as the The number of the clients in the shared access network. Since the target access request is more than one, the request message is more than one, and each request message carries an edited attribute parameter, so the parameter statistics unit 1042 obtains the The edited attribute parameter is used to count the number of the edited attribute parameters, and the number of the edited attribute parameters is used as the number of the user terminals in the shared access network. In most cases, the user end of the shared access network has a one-to-one correspondence with the host. Therefore, the embodiment of the present invention can obtain the number of the user terminals in the shared access network, and the shared access network can be obtained. The number of hosts. Since the edited attribute parameter includes the identification information of the user end, the statistical result is more comprehensive and accurate.
  • the user terminal can normally access the target visiting website corresponding to the target access request.
  • the detecting apparatus 10 in the embodiment of the present invention includes a processor, an input device, and an output device.
  • the input device and the processor, the output device and the processor may be connected by a bus or other means.
  • the processor includes a connection unit 103, the input device includes an intercept unit 101, and the output device includes a return unit 102 and a statistics unit 104.
  • the detecting device intercepts the target access request sent by the user end in the shared access network, and returns a redirect message carrying the attribute parameter to the user end according to the target access request, and then the user end reports according to the redirect message.
  • the file requests a storage attribute file from the virtual IP address, and when the detecting device detects that the client requests the storage attribute file from the virtual IP address, establishes a TCP connection with the user end, and The client sends a reply message carrying the storage attribute file, and then the user edits the attribute parameter according to the storage attribute file in the reply message and feeds back the request message carrying the edited attribute parameter, and finally the detecting device performs editing according to the request message.
  • the attribute parameter statistics share the number of users in the access network to detect the number of hosts in the shared access network, improve the accuracy of the detection result, reduce the dependence on the user's online behavior, and reduce the number of users to the server. Performance pressure.
  • FIG. 9 is a schematic structural diagram of another detecting apparatus according to an embodiment of the present invention.
  • the detecting apparatus 20 may include: a listening unit 201, a request determining unit 202, a determining unit 203, an intercepting unit 204, a returning unit 205, and a connection.
  • Unit 206 and statistics unit 207 For the specific structure of the intercepting unit 204, the returning unit 205, the connecting unit 206, and the statistic unit 207, refer to the intercepting unit 101, the returning unit 102, the connecting unit 103, and the statistic unit 104 of the embodiment shown in FIG. .
  • the monitoring unit 201 is configured to listen to a webpage access request sent by at least one client in the shared access network.
  • the listening unit 201 intercepts a webpage access request sent by at least one client in the shared access network in real time, and the webpage access request may be a page access request, a data access request, and the like.
  • the webpage access request is an access request sent to the server according to a web address input by the user at the user end, and the webpage access request is used to access the extranet website.
  • the request judging unit 202 is configured to determine, when the webpage access request of any one of the at least one client is monitored, whether the monitored webpage access request is a page access request that carries the GET packet.
  • the request determining unit 202 determines whether the monitored webpage access request is a page access request carrying a GET packet. .
  • the determining unit 203 is configured to determine, when the result of the determination is YES, the page access request carrying the GET data packet as the target access request.
  • the determining unit 203 determines the page access request carrying the GET packet as the target access request.
  • the target access request is more than one, and all page access requests carrying the acquired data packet are used as the target access request, when the at least one user
  • the target access request includes the webpage access request sent by the plurality of client terminals.
  • the intercepting unit 204 is configured to intercept a target access request sent by a user end in the shared access network, where the target access request is a page access request that carries a GET data packet.
  • the returning unit 205 is configured to: return, according to the target access request, a redirect message carrying an attribute parameter to the user end, where the redirect message is used to instruct the client to request a storage attribute file from the virtual IP address.
  • the connecting unit 206 is configured to establish a TCP connection with the user end when the user end is requested to request the storage attribute file from the virtual IP address, and send the storage attribute file to the user end. And responding to the message, so that the user end edits the attribute parameter according to the storage attribute file in the reply message and feeds back a request message carrying the edited attribute parameter.
  • the statistics unit 207 is configured to count the number of the user terminals according to the edited attribute parameters in the request message to obtain the number of hosts in the shared access network.
  • the detecting apparatus 20 in the embodiment of the present invention includes a processor, an input device, and an output device.
  • the input device and the processor, the output device and the processor may be connected by a bus or other means.
  • the processor includes a request judging unit 202, a determining unit 203, and a connecting unit 206, the input device packet listening unit 201, an intercepting unit 204, and the output device includes a return unit 205 and a statistics unit 207.
  • the detecting device intercepts the target access request sent by the user end in the shared access network, and returns a redirect message carrying the attribute parameter to the user end according to the target access request, and then the user end reports according to the redirect message.
  • the file requests a storage attribute file from the virtual IP address.
  • the detecting device detects that the user requests the storage attribute file from the virtual IP address, the detecting device establishes a TCP connection with the user end, and sends a reply message carrying the storage attribute file to the user, and then the user
  • the terminal edits the attribute parameter according to the storage attribute file in the reply message and feeds back the request message carrying the edited attribute parameter.
  • the detecting device counts the number of the user terminals in the shared access network according to the edited attribute parameter in the request message.
  • the detection of the number of hosts in the shared access network is implemented, and the accuracy of the detection result is improved, and the dependence on the user's online behavior is reduced.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明实施例提供一种共享接入主机数目检测方法及检测装置,其中方法包括:截取共享接入网中的用户端发送的目标访问请求;根据目标访问请求向用户端返回携带属性参数的重定向报文,重定向报文用于指示用户端向虚拟互联网协议IP地址请求存储属性文件;当监听到用户端向虚拟IP地址请求存储属性文件时,与用户端建立传输控制协议TCP连接,并向用户端发送携带存储属性文件的回复报文,以使用户端根据回复报文中的存储属性文件编辑属性参数并反馈携带编辑后的属性参数的请求报文;根据请求报文中的编辑后的属性参数统计用户端的数量,以获得共享接入网中的主机数目。本发明实施例能够提高检测结果的准确性,降低对用户上网行为的依赖性。

Description

一种共享接入主机数目检测方法及检测装置 技术领域
本发明涉及通信技术领域,尤其涉及一种共享接入主机数目检测方法及检测装置。
背景技术
随着互联网的飞速发展,全球互联网协议(Internet Protocol,IP)地址资源匮乏的问题日益严峻,为解决IP匮乏的问题,互联网工程任务组提出一种网络地址转换(Network Address Translation,NAT)设备。NAT设备将连接该设备的多台主机组成一个共享接入网,当共享接入网内的多台主机需要与公网上的设备进行通信时,NAT设备将多台主机对应的私网IP地址和端口映射为同一台公网IP地址的不同端口,使共享接入网内的多台主机以同一公网IP地址接入互联网或公网上的设备,实现共享上网。
NAT设备极大地缓解了IP匮乏的问题,但是在外部看来似乎只有一台主机在进行上网,这样便给运营商的网络管理和利益带来极大的影响,因此如何准确获得连接NAT设备的活动主机的数量,即共享接入网中主机的数量,从而有效管理共享接入的用户成了运营商一大难题。
目前获取共享接入网中主机的数量的方法,主要通过采集网络中的数据包,提取数据包中的超文本传输协议(Hyper Text Transfer Protocol,HTTP)报文中的用户代理字段的值,并对比已记录的用户代理字段的值,从而根据对比结果确定共享接入网中的主机数目,该方法主要依靠数据包中的HTTP报文,使得检测结果的准确性需依赖数据包的内容,从而导致检测到的主机数目准确性较低。
发明内容
本发明实施例提供一种共享接入主机数目检测方法及检测装置,能够提高检测结果的准确性,降低对用户上网行为的依赖性。
本发明实施例第一方面提供一种共享接入主机数目检测方法,包括:
截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携 带获取GET数据包的页面访问请求;
根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟互联网协议IP地址请求存储属性文件;
当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立传输控制协议TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文;
根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
在本发明实施例第一方面的第一种可能的实现方式中,在所述截取共享接入网中的用户端发送的目标访问请求的步骤之前,还包括:
监听共享接入网中的至少一个用户端发送的网页访问请求;
当监听到所述至少一个用户端中任一个用户端的网页访问请求时,判断所监听到的网页访问请求是否为携带GET数据包的页面访问请求;
当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为目标访问请求。
结合本发明实施例第一方面或本发明实施例第一方面的第一种可能的实现方式,在本发明实施例第一方面的第二种可能的实现方式中,所述根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,包括:
根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文;
将所述重定向报文发送至所述用户端。
结合本发明实施例第一方面的第一种可能或本发明实施例第一方面的第二种可能的实现方式,在本发明实施例第一方面的第三种可能的实现方式中,所述当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,包括:
当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,根据 所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度;
根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件,并将所述回复报文发送至所述用户端。
结合本发明实施例第一方面的第一种至第三种中的任一种可能的实现方式,在本发明实施例第一方面的第四种可能的实现方式中,所述存储属性文件包括脚本属性文件和动画属性文件,所述回复报文包括第一回复报文和第二回复报文;
所述根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件,包括:
当检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件时,查找所述脚本属性文件并将所述脚本属性文件封装于第一回复报文中,以使所述第一回复报文携带所述脚本属性文件;
当检测到所述用户端向所述虚拟IP地址请求所述动画属性文件时,查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件。
结合本发明实施例第一方面的第四种可能的实现方式,在本发明实施例第一方面的第五种可能的实现方式中,所述将所述回复报文发送至所述用户端,包括:
分别判断所述第一回复报文和所述第二回复报文的报文长度是否大于预设的报文长度;
当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置结束标志;
将分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端,以使所述用户端在接收到携带有所述结束标志的分片报文时反馈确认报文和结束报文;
当接收到所述确认报文和所述结束报文时,向所述用户端反馈回复确认报 文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。
结合本发明实施例第一方面的第一种至第五种中的任一种可能的实现方式,在本发明实施例第一方面的第七种可能的实现方式中,所述根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,包括:
接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件;
获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数;
将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。
本发明实施例第二方面提供一种检测装置,包括:
截取单元,用于截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携带获取GET数据包的页面访问请求;
返回单元,用于根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟互联网协议IP地址请求存储属性文件;
连接单元,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立传输控制协议TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文;
统计单元,用于根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
在本发明实施例第二方面的第一种可能的实现方式中,所述检测装置还包括:
监听单元,用于监听共享接入网中的至少一个用户端发送的网页访问请求;
请求判断单元,用于当监听到所述至少一个用户端中任一个用户端的网页访问请求时,判断所监听到的网页访问请求是否为携带获取数据包的页面访问请求;
确定单元,用于当判断的结果为是时,将所述携带获取数据包的页面访问请求确定为目标访问请求。
结合本发明实施例第二方面或本发明实施例第二方面的第一种可能的实现方式,在本发明实施例第二方面的第二种可能的实现方式中,所述返回单元包括:
生成单元,用于根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文;
第一发送单元,用于将所述重定向报文发送至所述用户端。
结合本发明实施例第二方面的第一种可能或本发明实施例第二方面的第二种可能的实现方式,在本发明实施例第二方面的第三种可能的实现方式中,所述连接单元包括:
伪造单元,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,根据所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度;
查找单元,用于根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件;
第二发送单元,用于将所述回复报文发送至所述用户端。
结合本发明实施例第二方面的第一种至第三种中的任一种可能的实现方式,在本发明实施例第二方面的第四种可能的实现方式中所述存储属性文件包括脚本属性文件和动画属性文件,所述回复报文包括第一回复报文和第二回复报文;
所述查找单元包括:
第一查找单元,用于当检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件时,查找所述脚本属性文件并将所述脚本属性文件封装于第一回复报文中,以使所述第一回复报文携带所述脚本属性文件;
第二查找单元,用于当检测到所述用户端向所述虚拟IP地址请求所述动画属性文件时,查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件。
结合本发明实施例第二方面的第四种可能的实现方式,在本发明实施例第 二方面的第五种可能的实现方式中,所述第二发送单元包括:
长度判断单元,用于分别判断所述第一回复报文和所述第二回复报文的报文长度是否大于预设的报文长度;
报文分片单元,用于当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置结束标志;
分片发送单元,用于将分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端,以使所述用户端在接收到携带有所述结束标志的分片报文时反馈确认报文和结束报文;
反馈单元,用于当接收到所述确认报文和所述结束报文时,向所述用户端反馈回复确认报文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。
结合本发明实施例第二方面的第一种至第五种中的任一种可能的实现方式,在本发明实施例第二方面的第六种可能的实现方式中,所述统计单元包括:
接收单元,用于接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件;
参数统计单元,用于获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数,将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。
在本发明实施例中,通过检测装置截取共享接入网中的用户端发送的目标访问请求,并根据目标访问请求向用户端返回携带属性参数的重定向报文,然后用户端根据重定向报文向虚拟互联网协议地址请求存储属性文件,当检测装置监听到用户端向虚拟IP地址请求存储属性文件时,与用户端建立传输控制协议连接,并向用户端发送携带存储属性文件的回复报文,然后用户端根据回复报文中的存储属性文件编辑属性参数并反馈携带编辑后的属性参数的请求报文,最后检测装置根据请求报文中的编辑后的属性参数统计共享接入网中的用户端的数量,实现对共享接入网中主机数目的检测,并提高检测结果的准确性,降低对用户上网行为的依赖性。
附图说明
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本发明实施例提供的一种共享接入主机数目检测方法的流程示意图;
图2为图1所示实施例的具体实现方法的流程示意图;
图3为本发明实施例提供的一种检测装置的结构示意图;
图4为图3所示实施例提供的返回单元的结构示意图;
图5为图3所示实施例提供的连接单元的结构示意图;
图6为图5所示实施例提供的查找单元的结构示意图;
图7为图5所示实施例提供的第二发送单元的结构示意图;
图8为图3所示实施例提供的统计单元的结构示意图;
图9为本发明实施例提供的另一种检测装置的结构示意图。
具体实施方式
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
本发明实施例提供一种共享接入主机数目检测方法及检测装置,可以应用于统计共享接入网中主机数目的场景,例如统计以一个公网IP地址接入互联网的NAT设备之后的主机数目、统计某个网吧内接入的主机数目等场景。在本发明实施例中,检测装置截取共享接入网中的用户端发送的目标访问请求,并根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,然后用户端根据重定向报文向虚拟IP地址请求存储属性文件,当所述检测装置监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端 建立传输控制协议连接,并向所述用户端发送携带所述存储属性文件的回复报文,然后所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数文件并反馈携带编辑后的属性参数的请求报文,最后所述检测装置根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,从而获得所述共享接入网中的主机数目。在大多数的情况中,共享接入网中的用户端与主机是一一对应的关系,因此本发明实施例通过统计共享接入网中的用户端的数量,便可得到共享接入网中的主机数目。本发明实施例能够提高检测结果的准确性,并在海量用户共享接入的场景下能够减少服务器的负担。本发明实施例的前提条件是所述检测装置内为服务器设置了一个虚拟IP地址,虚拟IP地址可以是无法访问的IP地址,但是必须能够保证用户端发起的传输控制协议(Transmission Control Protocol,TCP)连接的握手(Synchronous,SYN)报文,能够路由经过所述检测装置的监测链路。
本发明实施例中的共享接入网的用户端即为共享接入网中的主机,可以包括但不限于台式电脑、笔记本电脑等上网设备。
请参见图1,为本发明实施例提供的一种共享接入主机数目检测方法的流程示意图,该方法可包括步骤S101-步骤S104。
S101,截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携带获取GET数据包的页面访问请求。
例如,在由NAT设备构成的共享接入网中,NAT设备之后的用户端,即以同一个公网IP地址接入互联网的主机,根据用户输入的网址向服务器发送网页访问请求(WEB访问请求)。大多数的WEB访问请求为页面访问请求,所述页面访问请求包括获取(GET)请求和传送(POST)请求。其中,GET请求是通过发送GET数据包向指定的资源请求获取数据,GET请求的数据会被缓存,也会被保存在浏览器的历史记录中。而POST请求是通过发送POST数据包向指定的资源提交要被处理的数据,POST请求不会被缓存,也不会被保存在浏览器的历史记录中。因此检测装置截取共享接入网中的用户端发送的携带GET数据包的页面访问请求,所述携带GET数据包的页面访问请求即为目标访问请求。
可选的,所述目标访问请求为满足多媒体程序播放器的本地存储对象(FLASH COOKIE)的编辑条件的访问请求。所述FLASH COOKIE与超文本传输协议的本地存储对象(HTTP COOKIE)相似,所述HTTP COOKIE为HTTP中用于在浏览器和服务器之间传输状态信息的机制,COOKIE是服务器保存在用户浏览器上的小文件,它可以包含有关用户的信息。FLASH COOKIE也就是记录用户在访问多媒体程序(FLASH)网页的时候保留的信息,鉴于FLASH技术的普遍性,几乎所有的网站都采用,因此本发明实施例对用户上网行为的依赖性较低。
需要说明的是,所述共享接入网中的用户端不止一个,所述目标访问请求也不止一个。所述检测装置实时监听所述共享接入网中的至少一个用户端发送的WEB访问请求,当监听到所述至少一个用户端中任一个用户端的WEB访问请求时,判断所监听到的WEB访问请求是否为携带GET数据包的页面访问请求。当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为所述目标访问请求。当所述至少一个用户端中的多个用户端发送网页访问请求均为所述携带GET数据包的页面访问请求时,所述目标访问请求包括所述多个用户端发送的网页访问请求。
S102,根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟互联网协议IP地址请求存储属性文件。
例如,所述检测装置根据所述目标访问请求向与所述目标访问请求对应的用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟IP地址请求存储属性文件。通常,所述目标访问请求携带目的访问网站,在现有服务器与用户端的交互过程中,服务器根据用户端的浏览器发送的网页访问请求从资源中读取所述目的访问网站相应的数据,并回送访问请求回应,浏览器从该回应中解析出数据,并在用户端的显示屏上显示相应的数据。在本发明实施例中,所述共享接入网中的用户端发送的目标访问请求被所述检测装置截获,使得所述目标访问请求暂时无法到达目的服务器,因此所述检测装置根据所述目标访问请求的目标访问网站伪造访问网站,以生成携带属性参数的重定向报文。所述重定向报文为暂时重定向302报文,将所述目标访问请 求临时转至伪造的访问网站,从而回应所述目标访问请求。所述检测装置将所述重定向报文发送至与所述目标访问请求相对应的用户端,当所述用户端接收到所述重定向报文时,向虚拟IP地址请求存储属性文件并读取所述重定向报文中的所述属性参数。
可选的,所述属性参数为时间戳值,即上次所述用户端访问服务器时服务器所记录的时间值,所述时间戳值会自动更新,记录最新的时间值。在本发明实施例中,所述属性参数由所述检测装置所记录并将所述属性参数封装于所述重定向报文中。
例如,当所述用户端收到所述属性参数时只能读取,不能写入其他信息,因此所述用户端需要特定工具才能对所述属性参数进行编辑。可选的,所述特定工具为存储属性文件,所述存储属性文件为编辑所述属性参数的必要中间文件,所述用户端只有获取到所述存储属性文件才能对所述属性参数进行编辑,因此所述用户端向所述虚拟IP地址请求存储属性文件。所述虚拟IP地址为服务器的虚拟IP地址,避免海量用户向服务器获取必要中间文件时对服务器造成的性能压力。所述检测装置内保存着至少一个目地访问网站所对应的存储属性文件,所述存储属性文件包括脚本属性文件和动画属性文件,所述脚本属性文件即为后缀名称为js的文件,所述动画属性文件即为后缀名称为swf的文件。
S103,当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立传输控制协议TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文。
例如,所述用户端在向所述虚拟IP地址发送的请求的过程中,首先向所述虚拟IP地址发送SYN报文,请求与所述检测装置建立TCP连接。由于所述虚拟IP地址的策略路由经过所述检测装置监测的网络链路,因此所述检测装置接收到所述SYN报文后,模拟服务器伪造握手确认(Synchronous+Acknowledgement,SYN+ACK)报文,回复所述用户端,从而成功建立所述用户端与所述虚拟IP地址之间的TCP连接,也即建立所述用户端与所述检测装置之间的TCP连接。在建立TCP连接的同时所述检测装置记录最大报文段长度(Maximum Segment Size,MSS),即为收发双方协商通信时每一个报文段 所能承载的最大数据长度。
建立TCP连接之后,所述检测装置根据所述请求在本检测装置内部查找与所述目标访问请求相对应的所述存储属性文件,并将所述存储属性文件封装于回复报文中,即封装于200OK中,使得所述回复报文携带所述存储属性文件。其中,200OK报文表示服务器已经成功的处理了用户端发送的请求。
所述检测装置将所述回复报文发送至所述用户端,所述用户端在接收到所述回复报文时,提取所述回复报文中的所述存储属性文件,并根据所述存储属性文件编辑所述属性参数。例如,用户端可根据如下方式编辑所述属性参数:所述用户端将自己的标识信息写入所述属性参数中,例如将所述用户端的名称、私网IP地址等标识信息写入所述属性参数中,以便所述检测装置获得更加全面的数据。所述请求报文用于请求空白文件,例如后缀名称为gif的文件,所述请求报文用于将所述编辑后的属性参数发送至所述检测装置。
S104,根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
例如,所述检测装置接收所述用户端反馈的所述请求报文,并获取所述请求报文中的所述编辑后的属性参数,由于所述目标访问请求不止一个,因此所述请求报文也不止一个,每个请求报文都携带一个编辑后的属性参数,因此所述检测装置统计所述编辑后的属性参数的个数,通过统计所述属性参数的个数便可得到所述共享接入网中的所述用户端的数量。在大多数的情况中,共享接入网中的用户端与主机是一一对应的关系,因此本发明实施例通过统计共享接入网中的用户端的数量,便可得到共享接入网中的主机数目。进而,所述属性参数的个数即为所述共享接入网中的主机数目。由于所述编辑后的属性参数中包括所述用户端的标识信息,因此使得统计的结果更加全面、准确。
当所述检测装置获取到所述编辑后的属性参数之后释放对所述目标访问请求的拦截,所述用户端便可正常访问所述目标访问请求所对应的目标访问网站。
需要说明的是,本发明实施例提供的方法用于检测一个共享接入网中的主机数量,例如,检测某个学校或某个公司内以一个公网IP地址共享上网的主机数量。当运营商或者管理方想要统计某个小区或者某个城市内以多个公网IP 地址共享上网的主机数量的总和时,所述检测装置包括至少一个网络嗅探模块和一个主机数目统计模块。所述至少一个网络嗅探模块中的各个网络嗅探模块分别负责每个共享接入网中的存储属性文件的编辑和属性参数的采集,并将采集到的属性参数上报至所述主机数目统计模块。所述主机数目统计模块汇总所述各个网络嗅探模块上报的编辑后的属性参数并统计该小区内或该城市内的共享接入上网的主机数目。现有技术中,当海量的用户端去访问服务器获取所述存储属性文件时,服务器会受限于性能压力而出现异常,或者不得不被动减少系统的请求次数。若额外部署一个高性能的服务器会增加部署成本。本发明实施例通过检测装置内为服务器设置的虚拟IP地址,能够有效缓解海量用户端访问的压力,且不需要增加额外的部署成本,检测的用户端数量可以达到百万、千万级别,甚至更高。
在本发明实施例中,通过检测装置截取共享接入网中的用户端发送的目标访问请求,并根据目标访问请求向用户端返回携带属性参数的重定向报文,然后用户端根据重定向报文向虚拟IP地址请求存储属性文件,当检测装置监听到用户端向虚拟IP地址请求存储属性文件时,与用户端建立TCP连接,并向用户端发送携带存储属性文件的回复报文,然后用户端根据回复报文中的存储属性文件编辑属性参数并反馈携带编辑后的属性参数的请求报文,最后检测装置根据请求报文中的编辑后属性参数统计共享接入网中的用户端的数量,实现对共享接入网中主机数目的检测,并提高检测结果的准确性,降低对用户上网行为的依赖性。
请参见图2,为图1所示实施例的具体实现方法的流程示意图,该方法可包括步骤S201-步骤S212。
S201,监听共享接入网中的至少一个用户端发送的网页访问请求。
例如,所述检测装置实时监听共享接入网中的至少一个用户端发送的网页访问请求,所述网页访问请求可以是页面访问请求、数据访问请求等等。所述网页访问请求为根据用户在用户端所输入的网址向服务器发送的访问请求,所述网页访问请求用于访问外网网站。
S202,当监听到所述至少一个用户端中任一个用户端的网页访问请求时, 判断所监听到的网页访问请求是否为携带GET数据包的页面访问请求。
例如,当所述检测装置监听到所述至少一个用户端中任一个用户端的网页访问请求时,所述检测装置判断所监听到的网页访问请求是否为携带GET数据包的WEB访问请求。通常,大多数的WEB访问请求为页面访问请求,所述页面访问请求包括GET请求和POST请求。其中,GET请求是通过发送GET数据包向指定的资源请求获取数据,GET请求的数据会被缓存,也会被保存在浏览器的历史记录中。而POST请求是通过发送POST数据包向指定的资源提交要被处理的数据,POST请求不会被缓存,也不会被保存在浏览器的历史记录中。因此所述检测装置需判断所监听到的网页访问请求的类型,是否为携带获取数据包的页面访问请求。
S203,当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为目标访问请求。
例如,当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为目标访问请求。所述目标访问请求不止一个,将所有携带GET数据包的页面访问请求均作为所述目标访问请求。当所述至少一个用户端中的多个用户端发送网页访问请求均为所述携带GET数据包的页面访问请求时,所述目标访问请求包括所述多个用户端发送的网页访问请求。
S204,截取共享接入网中的用户端发送的所述目标访问请求。
例如,所述检测装置截取共享接入网中的用户端发送的所述目标访问请求。可选的,所述目标访问请求为满足FLASH COOKIE的编辑条件的访问请求。所述FLASH COOKIE与HTTP COOKIE相似,所述HTTP COOKIE为HTTP中用于在浏览器和服务器之间传输状态信息的机制,COOKIE是服务器保存在用户浏览器上的小文件,它可以包含有关用户的信息。FLASH COOKIE也就是记录用户在访问FLASH的时候保留的信息,鉴于FLASH技术的普遍性,几乎所有的网站都采用,因此本发明实施例对用户上网行为的依赖性较低。
S205,根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文。
例如,通常,所述目标访问请求携带目的访问网站,在现有服务器与用户端的交互过程中,服务器根据用户端的浏览器发送的网页访问请求从资源中读 取所述目的访问网站相应的数据,并回送访问请求回应,浏览器从该回应中解析出数据,并在用户端的显示屏上显示相应的数据。由于所述检测装置将所述目标访问请求截获,使得所述目标访问请求无法到达目的服务器,因此所述检测装置根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文,从而回应所述目标访问请求。
可选的,所述属性参数为时间戳值,即上次所述用户端访问服务器时服务器所记录的时间值,所述时间戳值会自动更新,记录最新的时间值。
S206,将所述重定向报文发送至所述用户端,所述重定向报文用于指示所述用户端向虚拟IP地址请求存储属性文件。
例如,所述重定向报文为暂时重定向302报文,将所述目标访问请求临时转至伪造的访问网站。所述检测装置将所述重定向报文发送至与所述目标访问请求相对应的用户端。当所述用户端接收到所述重定向报文时,只能读取所述重定向报文中的所述属性参数,不能写入其他信息,因此所述用户端需要特定工具才能对所述属性参数进行编辑。可选的,所述特定工具为存储属性文件,所述存储属性文件为编辑所述属性参数的必要中间文件,所述用户端只有获取到所述存储属性文件才能对所述属性参数进行编辑,因此所述用户端根据所述重定向报文向所述虚拟IP地址请求存储属性文件。所述虚拟IP地址为服务器的虚拟IP地址,避免海量用户向服务器获取必要中间文件时对服务器造成的性能压力。所述检测装置内保存着至少一个目地访问网站所对应的存储属性文件,所述存储属性文件包括脚本属性文件和动画属性文件,所述脚本属性文件即为后缀名称为js的文件,所述动画属性文件即为后缀名称为swf的文件。
S207,当监听到所述用户端向所述虚拟IP协议地址请求所述存储属性文件时,根据所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度。
例如,所述用户端在向所述虚拟IP地址发送的请求的过程中,首先向所述虚拟IP地址发送SYN报文,请求与所述检测装置建立TCP连接。由于所述虚拟IP地址的策略路由经过所述检测装置监测的网络链路,因此所述检测装置接收到SYN报文后,模拟服务器伪造SYN+ACK报文,回复所述用户端,从而成功建立所述用户端与所述虚拟IP地址之间的TCP连接,也即建立所述 用户端与所述检测装置之间的TCP连接。在建立TCP连接的同时所述检测装置记录最大报文段长度。
S208,根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件。
例如,建立TCP连接之后,所述检测装置根据所述请求在本检测装置内部查找与所述目标访问请求相对应的所述存储属性文件,并将所述存储属性文件封装于回复报文中,即封装于200OK中,使得所述回复报文携带所述存储属性文件。其中,200OK报文表示服务器已经成功的处理了用户端发送的请求。
由于所述存储属性文件包括脚本属性文件和动画属性文件,因此所述请求包括所述脚本属性文件的请求和所述动画属性文件的请求,所述用户端依次发送这两个请求。当所述检测装置检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件时,在所述检测装置内查找所述脚本属性文件并将所述脚本属性文件封装于第一回复报文中,以使所述第一回复报文携带所述脚本属性文件;当所述检测装置检测到所述用户端向所述虚拟IP地址请求所述动画属性文件时,在所述检测装置内查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件。其中,所述第一回复报文和所述第二回复报文均为200OK报文。
S209,将所述回复报文发送至所述用户端,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文。
例如,由于在建立所述用户端与所述检测装置之间的TCP连接时,记录了所述最大报文段长度。所述检测装置在对所述第一回复报文和所述第二回复报文进行封装时,并不清楚封装后的回复报文长度,因此所述检测装置需分别判断所述第一回复报文和所述第二回复报文的报文长度是否大于预设的报文长度。所述预设的报文长度由所述检测装置设定。当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置结束(Finish,FIN)标志。然后所述检测装置将 分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端。所述用户端在接收到携带有FIN标志的分片报文时,发送确认(Acknowledgement,ACK)报文和FIN报文至所述检测装置。
当所述检测装置接收到所述ACK报文和所述FIN报文时,向所述用户端反馈回复确认报文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。其中,所述回复确认报文也为ACK报文。
在关闭所述TCP连接之后,所述用户端便提取所述第一回复报文和所述第二回复报文中的所述存储属性文件,并根据所述存储属性文件编辑所述属性参数。可选的,所述用户端将自己的标识信息写入所述属性参数中,例如将所述用户端的名称、私网IP地址等标识信息写入所述属性参数中,以便所述检测装置获得更加全面的数据。
S210,接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件。
例如,所述检测装置接收所述用户端发送的所述携带编辑后的属性参数的请求报文。所述请求报文用于请求空白文件,例如后缀名称为gif的文件,所述请求报文用于将所述编辑后的属性参数发送至所述检测装置。
S211,获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数。
例如,由于所述目标访问请求不止一个,因此所述请求报文也不止一个,每个请求报文都携带一个编辑后的属性参数,因此所述检测装置获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数。
S212,将所述属性参数的个数作为所述共享接入网中的所述用户端的数量。
例如,所述检测装置将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量,通过统计所述编辑后的属性参数的个数便得到所述共享接入网中的所述用户端的数量。在大多数的情况中,共享接入网中的用户端与主机是一一对应的关系,因此本发明实施例通过统计共享接入网中的用户端的数量,便可得到共享接入网中的主机数目。由于所述编辑后的属性参数中包括所述用户端的标识信息,因此使得统计的结果更加全面、准确。
当所述检测装置获取到所述编辑后的属性参数之后释放对所述目标访问请求的拦截,所述用户端便可正常访问所述目标访问请求所对应的目标访问网站。
在本发明实施例中,通过检测装置截取共享接入网中的用户端发送的目标访问请求,并根据目标访问请求向用户端返回携带属性参数的重定向报文,然后用户端根据重定向报文向虚拟IP地址请求存储属性文件,当检测装置监听到用户端向虚拟IP地址请求存储属性文件时,与用户端建立TCP连接,并向用户端发送携带存储属性文件的回复报文,然后用户端根据回复报文中的存储属性文件编辑属性参数并反馈携带编辑后的属性参数的请求报文,最后检测装置根据请求报文中的编辑后属性参数统计共享接入网中的用户端的数量,实现对共享接入网中主机数目的检测,并提高检测结果的准确性,降低对用户上网行为的依赖性,同时减少了海量用户对服务器的性能压力。
下面将结合附图3-附图9对本发明实施例提供的检测装置进行详细介绍。需要说明的是,附图3-附图9所示的检测装置,用于执行本发明图1和图2所示实施例的方法,为了便于说明,仅示出了与本发明实施例相关的部分,具体技术细节未揭示的,请参照本发明图1和图2所示的实施例。
请参见图3,为本发明提供的一种检测装置的结构示意图,该检测装置10可包括:截取单元101、返回单元102、连接单元103和统计单元104。
截取单元101,用于截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携带获取GET数据包的页面访问请求。
例如,在由NAT设备构成的共享接入网中,NAT设备之后的用户端,即以同一个公网IP地址接入互联网的主机,根据用户输入的网址向服务器发送网页访问请求(WEB访问请求)。大多数的WEB访问请求为页面访问请求,所述页面访问请求包括获取(GET)请求和传送(POST)请求。其中,GET请求是通过发送GET数据包向指定的资源请求获取数据,GET请求的数据会被缓存,也会被保存在浏览器的历史记录中。而POST请求是通过发送POST数据包向指定的资源提交要被处理的数据,POST请求不会被缓存,也不会被保存在浏览器的历史记录中。因此所述截取单元101截取共享接入网中的用户 端发送的携带GET数据包的页面访问请求,所述携带GET数据包的页面访问请求即为目标访问请求。
可选的,所述目标访问请求为满足多媒体程序播放器的本地存储对象(FLASH COOKIE)的编辑条件的访问请求。所述FLASH COOKIE与超文本传输协议的本地存储对象(HTTP COOKIE)相似,所述HTTP COOKIE为HTTP中用于在浏览器和服务器之间传输状态信息的机制,COOKIE是服务器保存在用户浏览器上的小文件,它可以包含有关用户的信息。FLASH COOKIE也就是记录用户在访问多媒体程序(FLASH)网页的时候保留的信息,鉴于FLASH技术的普遍性,几乎所有的网站都采用,因此本发明实施例对用户上网行为的依赖性较低。
需要说明的是,所述共享接入网中的用户端不止一个,所述目标访问请求也不止一个。所述检测装置10实时监听所述共享接入网中的至少一个用户端发送的WEB访问请求,当监听到所述至少一个用户端中任一个用户端的WEB访问请求时,判断所监听到的WEB访问请求是否为携带GET数据包的页面访问请求。当判断的结果为是时,所述检测装置10将所述携带GET数据包的页面访问请求确定为所述目标访问请求。当所述至少一个用户端中的多个用户端发送网页访问请求均为所述携带GET数据包的页面访问请求时,所述目标访问请求包括所述多个用户端发送的网页访问请求。
返回单元102,用于根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟互联网协议IP地址请求存储属性文件。
例如,所述返回单元102根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟IP地址请求存储属性文件。
请参见图4,为图3所示实施例提供的返回单元的结构示意图,所述返回单元102可包括生成单元1021和第一发送单元1022。
生成单元1021,用于根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文。
例如,通常,所述目标访问请求携带目的访问网站,在现有服务器与用户 端的交互过程中,服务器根据用户端的浏览器发送的网页访问请求从资源中读取所述目的访问网站相应的数据,并回送访问请求回应,浏览器从该回应中解析出数据,并在用户端的显示屏上显示相应的数据。由于所述截取单元101将所述目标访问请求截获,使得所述目标访问请求无法到达目的服务器,因此所述生成单元1021根据所述目标访问请求的目标访问网站伪造访问网站,以生成携带属性参数的重定向报文。所述重定向报文为暂时重定向302报文,将所述目标访问请求临时转至伪造的访问网站,从而回应所述目标访问请求。
可选的,所述属性参数为时间戳值,即上次所述用户端访问服务器时服务器所记录的时间值,所述时间戳值会自动更新,记录最新的时间值。
第一发送单元1022,用于将所述重定向报文发送至所述用户端。
例如,所述重定向报文为暂时重定向302报文,将所述目标访问请求临时转至伪造的访问网站。所述第一发送单元1022将所述重定向报文发送至与所述目标访问请求相对应的用户端。当所述用户端接收到所述重定向报文时,只能读取所述重定向报文中的所述属性参数,不能写入其他信息,因此所述用户端需要特定工具才能对所述属性参数进行编辑。可选的,所述特定工具为存储属性文件,所述存储属性文件为编辑所述属性参数的必要中间文件,所述用户端只有获取到所述存储属性文件才能对所述属性参数进行编辑,因此所述用户端根据所述重定向报文向所述虚拟IP地址请求存储属性文件。所述虚拟IP地址为服务器的虚拟IP地址,避免海量用户向服务器获取必要中间文件时对服务器造成的性能压力。所述检测装置10内保存着至少一个目地访问网站所对应的存储属性文件,所述存储属性文件包括脚本属性文件和动画属性文件,所述脚本属性文件即为后缀名称为js的文件,所述动画属性文件即为后缀名称为swf的文件。
连接单元103,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立传输控制协议TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文。
例如,当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时, 所述连接单元103与所述用户端建立TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文。
请参见图5,为图3所示实施例提供的连接单元的结构示意图,所述连接单元103可包括伪造单元1031、查找单元1032和第二发送单元1033。
伪造单元1031,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,根据所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度。
例如,当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,所述伪造单元1031根据所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度。所述用户端在向所述虚拟IP地址发送的请求的过程中,首先向所述虚拟IP地址发送SYN报文,请求与所述检测装置10建立TCP连接。由于所述虚拟IP地址的策略路由经过所述检测装置10监测的网络链路,因此所述伪造单元1031接收到SYN报文后,模拟服务器伪造SYN+ACK报文,回复所述用户端,从而成功建立所述用户端与所述虚拟IP地址之间的TCP连接。在建立TCP连接的同时所述检测装置记录最大报文段长度。
查找单元1032,用于根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件。
例如,所述查找单元1032根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件。由于所述存储属性文件包括脚本属性文件和动画属性文件,因此所述查找单元1032需分别查找这两个存储属性文件。
请参见图6,为图5所示实施例提供的查找单元的结构示意图,所述查找单元1032可包括第一查找单元1132和第二查找单元1232。
第一查找单元1132,用于当检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件时,查找所述脚本属性文件并将所述脚本属性文件封装于第一回复报文中,以使所述第一回复报文携带所述脚本属性文件。
例如,当所述检测装置10检测到所述用户端向所述虚拟IP地址请求所述 脚本属性文件时,所述第一查找单元1132在所述检测装置内查找所述脚本属性文件并将所述脚本属性文件封装于第一回复报文中,以使所述第一回复报文携带所述脚本属性文件,其中,所述第一回复报文为200OK报文。
第二查找单元1232,用于当检测到所述用户端向所述虚拟IP地址请求所述动画属性文件时,查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件。
例如,当所述检测装置10检测到所述用户端向所述虚拟IP地址请求所述动画属性文件时,所述第二查找单元1232在所述检测装置内查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件,其中,所述第二回复报文为200OK报文。
第二发送单元1033,用于将所述回复报文发送至所述用户端。
例如,所述第二发送单元1033将所述回复报文发送至所述用户端,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文。所述用户端在接收到所述回复报文时,提取所述回复报文中的所述存储属性文件,并根据所述存储属性文件编辑所述属性参数。可选的,所述用户端将自己的标识信息写入所述属性参数中,例如将所述用户端的名称、私网IP地址等标识信息写入所述属性参数中,以便所述检测装置获得更加全面的数据。所述请求报文用于请求空白文件,例如后缀名称为gif的文件,所述请求报文用于将所述属性参数发送至所述检测装置。
请参见图7,为图5所示实施例提供的第二发送单元的结构示意图,所述第二发送单元1033可包括长度判断单元1133、报文分片单元1233、分片发送单元1333和反馈单元1433。
长度判断单元1133,用于分别判断所述第一回复报文和所述第二回复报文的报文长度是否大于预设的报文长度。
例如,由于在建立所述用户端与所述检测装置之间的TCP连接时,记录了所述最大报文段长度,即对双方之间的能够承载的数据长度做了限定。所述第一查找单元1132和所述第二查找单元1232分别在对所述第一回复报文和所述第二回复报文进行封装时,并不清楚封装后的回复报文长度,因此所述长度判断单元1133需分别判断所述第一回复报文和所述第二回复报文的报文长度 是否大于预设的报文长度。所述预设的报文长度由所述检测装置10设定。
报文分片单元1233,用于当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置结束标志。
例如,当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,所述报文分片单元1233根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置FIN标志。可以理解的是,所述报文分片单元1233将所述第一回复报文和/或所述第二回复报文分为若干等份,每个分片的长度为所述最大报文段长度。
分片发送单元1333,用于将分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端,以使所述用户端在接收到携带有所述结束标志的分片报文时反馈确认报文和结束报文。
例如,所述分片发送单元1333将分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端。所述用户端在接收到携带有FIN标志的分片报文时,发送ACK报文和FIN报文至所述检测装置10。
反馈单元1433,用于当接收到所述确认报文和所述结束报文时,向所述用户端反馈回复确认报文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。
例如,当接收到所述ACK报文和所述FIN报文时,所述反馈单元1433向所述用户端反馈回复确认报文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。
统计单元104,用于根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
例如,所述统计单元104根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
请参见图8,为图3所示实施例提供的统计单元的结构示意图,所述统计单元104可包括接收单元1041和参数统计单元1042。
接收单元1041,用于接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件。
例如,所述接收单元1041接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件,例如后缀名称为gif的文件,所述请求报文用于将所述编辑后的属性参数发送至所述检测装置10。
参数统计单元1042,用于获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数,将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。
例如,所述参数统计单元1042获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数,将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。由于所述目标访问请求不止一个,因此所述请求报文也不止一个,每个请求报文都携带一个编辑后的属性参数,因此所述参数统计单元1042获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数,并将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。在大多数的情况中,共享接入网中的用户端与主机是一一对应的关系,因此本发明实施例通过统计共享接入网中的用户端的数量,便可得到共享接入网中的主机数目。由于所述编辑后的属性参数中包括所述用户端的标识信息,因此使得统计的结果更加全面、准确。
当所述检测装置10在参数统计单元1042获取到所述编辑后的属性参数之后释放对所述目标访问请求的拦截,所述用户端便可正常访问所述目标访问请求所对应的目标访问网站。
需要说明的是,本发明实施例中的所述检测装置10包括处理器、输入装置以及输出装置。所述输入装置和所述处理器之间、所述输出装置和所述处理器之间可以通过总线或其他方式连接。所述处理器包括连接单元103,所述输入装置包括截取单元101,所述输出装置包括返回单元102和统计单元104。
在本发明实施例中,通过检测装置截取共享接入网中的用户端发送的目标访问请求,并根据目标访问请求向用户端返回携带属性参数的重定向报文,然后用户端根据重定向报文向虚拟IP地址请求存储属性文件,当检测装置监听到用户端向虚拟IP地址请求存储属性文件时,与用户端建立TCP连接,并向 用户端发送携带存储属性文件的回复报文,然后用户端根据回复报文中的存储属性文件编辑属性参数并反馈携带编辑后的属性参数的请求报文,最后检测装置根据请求报文中的编辑后属性参数统计共享接入网中的用户端的数量,实现对共享接入网中主机数目的检测,并提高检测结果的准确性,降低对用户上网行为的依赖性,同时减少了海量用户对服务器的性能压力。
请参见图9,为本发明实施例提供的另一种检测装置的结构示意图,该检测装置20可包括:监听单元201、请求判断单元202、确定单元203、截取单元204、返回单元205、连接单元206和统计单元207。其中,截取单元204、返回单元205、连接单元206和统计单元207的具体结构可参见图3所示实施例的截取单元101、返回单元102、连接单元103和统计单元104,在此不再赘述。
监听单元201,用于监听共享接入网中的至少一个用户端发送的网页访问请求。
例如,所述监听单元201实时监听共享接入网中的至少一个用户端发送的网页访问请求,所述网页访问请求可以是页面访问请求、数据访问请求等等。所述网页访问请求为根据用户在用户端所输入的网址向服务器发送的访问请求,所述网页访问请求用于访问外网网站。
请求判断单元202,用于当监听到所述至少一个用户端中任一个用户端的网页访问请求时,判断所监听到的网页访问请求是否为携带GET数据包的页面访问请求。
例如,当所述监听单元201监听到所述至少一个用户端中任一个用户端的网页访问请求时,所述请求判断单元202判断所监听到的网页访问请求是否为携带GET数据包的页面访问请求。
确定单元203,用于当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为目标访问请求。
例如,当判断的结果为是时,所述确定单元203将所述携带GET数据包的页面访问请求确定为目标访问请求。所述目标访问请求不止一个,将所有携带获取数据包的页面访问请求均作为所述目标访问请求,当所述至少一个用户 端中的多个用户端发送网页访问请求均为所述携带GET数据包的页面访问请求时,所述目标访问请求包括所述多个用户端发送的网页访问请求。
截取单元204,用于截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携带GET数据包的页面访问请求。
返回单元205,用于根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟IP地址请求存储属性文件。
连接单元206,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文。
统计单元207,用于根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
需要说明的是,本发明实施例中的所述检测装置20包括处理器、输入装置以及输出装置。所述输入装置和所述处理器之间、所述输出装置和所述处理器之间可以通过总线或其他方式连接。所述处理器包括请求判断单元202、确定单元203和连接单元206,所述输入装置包监听单元201、截取单元204,所述输出装置包括返回单元205和统计单元207。
在本发明实施例中,通过检测装置截取共享接入网中的用户端发送的目标访问请求,并根据目标访问请求向用户端返回携带属性参数的重定向报文,然后用户端根据重定向报文向虚拟IP地址请求存储属性文件,当检测装置监听到用户端向虚拟IP地址请求存储属性文件时,与用户端建立TCP连接,并向用户端发送携带存储属性文件的回复报文,然后用户端根据回复报文中的存储属性文件编辑属性参数并反馈携带编辑后的属性参数的请求报文,最后检测装置根据请求报文中的编辑后属性参数统计共享接入网中的用户端的数量,实现对共享接入网中主机数目的检测,并提高检测结果的准确性,降低对用户上网行为的依赖性。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程, 是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。
以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。

Claims (14)

  1. 一种共享接入主机数目检测方法,其特征在于,包括:
    截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携带获取GET数据包的页面访问请求;
    根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟互联网协议IP地址请求存储属性文件;
    当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立传输控制协议TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文;
    根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获得所述共享接入网中的主机数目。
  2. 根据权利要求1所述的方法,其特征在于,在所述截取共享接入网中的用户端发送的目标访问请求的步骤之前,还包括:
    监听共享接入网中的至少一个用户端发送的网页访问请求;
    当监听到所述至少一个用户端中任一个用户端的网页访问请求时,判断所监听到的网页访问请求是否为携带GET数据包的页面访问请求;
    当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为目标访问请求。
  3. 根据权利要求1或2所述的方法,其特征在于,所述根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,包括:
    根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文;
    将所述重定向报文发送至所述用户端。
  4. 根据权利要求2或3所述的方法,其特征在于,所述当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,包括:
    当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时时,根据所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度;
    根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件,并将所述回复报文发送至所述用户端。
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述存储属性文件包括脚本属性文件和动画属性文件,所述回复报文包括第一回复报文或第二回复报文;
    所述根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件,包括:
    当检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件时,查找所述脚本属性文件并将所述脚本属性文件封装于第一回复报文中,以使所述第一回复报文携带所述脚本属性文件;
    当检测到所述用户端向所述虚拟IP地址请求所述动画属性文件时,查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件。
  6. 根据权利要求5所述的方法,其特征在于,所述将所述回复报文发送至所述用户端,包括:
    分别判断所述第一回复报文和所述第二回复报文的报文长度是否大于预设的报文长度;
    当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置结束标志;
    将分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端,以使所述用户端在接收到携带有所述结束标志的分片报文时反馈确认报文和结束报文;
    当接收到所述确认报文和所述结束报文时,向所述用户端反馈回复确认报文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。
  7. 根据权利要求1至6任一项所述的方法,其特征在于,所述根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,包括:
    接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件;
    获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数;
    将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。
  8. 一种检测装置,其特征在于,包括:
    截取单元,用于截取共享接入网中的用户端发送的目标访问请求,所述目标访问请求为携带获取GET数据包的页面访问请求;
    返回单元,用于根据所述目标访问请求向所述用户端返回携带属性参数的重定向报文,所述重定向报文用于指示所述用户端向虚拟互联网协议IP地址请求存储属性文件;
    连接单元,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,与所述用户端建立传输控制协议TCP连接,并向所述用户端发送携带所述存储属性文件的回复报文,以使所述用户端根据所述回复报文中的所述存储属性文件编辑所述属性参数并反馈携带编辑后的属性参数的请求报文;
    统计单元,用于根据所述请求报文中的所述编辑后的属性参数统计所述用户端的数量,以获取所述共享接入网中的主机数目。
  9. 根据权利要求8所述的检测装置,其特征在于,所述检测装置还包括:
    监听单元,用于监听共享接入网中的至少一个用户端发送的网页访问请求;
    请求判断单元,用于当监听到所述至少一个用户端中任一个用户端的网页访问请求时,判断所监听到的网页访问请求是否为携带GET数据包的页面访问请求;
    确定单元,用于当判断的结果为是时,将所述携带GET数据包的页面访问请求确定为目标访问请求。
  10. 根据权利要求8或9所述的检测装置,其特征在于,所述返回单元包括:
    生成单元,用于根据所述目标访问请求的目的访问网站伪造访问网站,以生成携带属性参数的重定向报文;
    第一发送单元,用于将所述重定向报文发送至所述用户端。
  11. 根据权利要求9或10所述的检测装置,其特征在于,所述连接单元包括:
    伪造单元,用于当监听到所述用户端向所述虚拟IP地址请求所述存储属性文件时,根据所述请求的握手报文伪造握手确认报文与所述用户端建立TCP连接,并记录最大报文段长度;
    查找单元,用于根据所述请求查找所述存储属性文件并将所述存储属性文件封装于回复报文中,以使所述回复报文携带所述存储属性文件;
    第二发送单元,用于将所述回复报文发送至所述用户端。
  12. 根据权利要求8至11任一项所述的检测装置,其特征在于,所述存储属性文件包括脚本属性文件和动画属性文件,所述回复报文包括第一回复报文和第二回复报文;
    所述查找单元包括:
    第一查找单元,用于当检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件时,查找所述脚本属性文件并将所述脚本属性文件封装于第一回复 报文中,以使所述第一回复报文携带所述脚本属性文件;
    第二查找单元,用于当检测到所述用户端向所述虚拟IP地址请求所述脚本属性文件,查找所述动画属性文件并将所述动画属性文件封装于第二回复报文中,以使所述第二回复报文携带所述动画属性文件。
  13. 根据权利要求12所述的检测装置,其特征在于,所述第二发送单元包括:
    长度判断单元,用于分别判断所述第一回复报文和所述第二回复报文的报文长度是否大于预设的报文长度;
    报文分片单元,用于当所述第一回复报文和/或所述第二回复报文的报文长度大于所述预设的报文长度时,根据所述最大报文段长度对所述第一回复报文和/或所述第二回复报文进行分片,并对所述第二回复报文的最后一个分片设置结束标志;
    分片发送单元,用于将分片后的所述第一回复报文和所述第二回复报文分片发送至所述用户端,以使所述用户端在接收到携带有所述结束标志的分片报文时反馈确认报文和结束报文;
    反馈单元,用于当接收到所述确认报文和所述结束报文时,向所述用户端反馈回复确认报文,所述回复确认报文用于指示所述用户端关闭所述TCP连接。
  14. 根据权利要求8至13任一项所述的检测装置,其特征在于,所述统计单元包括:
    接收单元,用于接收所述用户端发送的所述携带编辑后的属性参数的请求报文,所述请求报文用于请求空白文件;
    参数统计单元,用于获取所述请求报文中的所述编辑后的属性参数并统计所述编辑后的属性参数的个数,将所述编辑后的属性参数的个数作为所述共享接入网中的所述用户端的数量。
PCT/CN2015/081794 2015-06-18 2015-06-18 一种共享接入主机数目检测方法及检测装置 WO2016201673A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2015/081794 WO2016201673A1 (zh) 2015-06-18 2015-06-18 一种共享接入主机数目检测方法及检测装置
CN201580031151.6A CN106664223B (zh) 2015-06-18 2015-06-18 一种共享接入主机数目检测方法及检测装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/081794 WO2016201673A1 (zh) 2015-06-18 2015-06-18 一种共享接入主机数目检测方法及检测装置

Publications (1)

Publication Number Publication Date
WO2016201673A1 true WO2016201673A1 (zh) 2016-12-22

Family

ID=57544733

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/081794 WO2016201673A1 (zh) 2015-06-18 2015-06-18 一种共享接入主机数目检测方法及检测装置

Country Status (2)

Country Link
CN (1) CN106664223B (zh)
WO (1) WO2016201673A1 (zh)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495538B (zh) * 2018-09-19 2021-11-12 奇安信科技集团股份有限公司 一种共享接入终端数量的检测方法及装置
CN115065627B (zh) * 2022-05-20 2024-04-12 北京奇艺世纪科技有限公司 参数修改方法、装置、电子设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035031A (zh) * 2007-04-03 2007-09-12 华为技术有限公司 检测共享接入的主机数目的方法和装置
CN101599857A (zh) * 2009-06-25 2009-12-09 成都市华为赛门铁克科技有限公司 检测共享接入主机数目的方法、装置及网络检测系统
WO2011036333A1 (en) * 2009-09-28 2011-03-31 Joikusoft Ltd Scalable wlan gateway

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100562020C (zh) * 2007-03-30 2009-11-18 华为技术有限公司 检测方法、统计分析服务器以及检测系统
CN100495993C (zh) * 2007-04-02 2009-06-03 华为技术有限公司 检测主机数量的方法、装置与系统及通信方法
CN101291327B (zh) * 2008-06-06 2011-11-30 成都市华为赛门铁克科技有限公司 一种检测共享接入主机数的方法及装置
CN101436965B (zh) * 2008-11-29 2012-04-04 成都市华为赛门铁克科技有限公司 一种共享接入客户端数量的检测方法、装置以及系统
CN101442450B (zh) * 2008-12-24 2011-04-20 成都市华为赛门铁克科技有限公司 一种检测共享接入终端数量的方法、系统及装置
CN101447928B (zh) * 2008-12-31 2011-09-14 华为技术有限公司 分片信息处理的方法和装置
CN101505247A (zh) * 2009-03-09 2009-08-12 成都市华为赛门铁克科技有限公司 一种共享接入主机数目的检测方法和装置
CN101631052B (zh) * 2009-08-25 2012-09-05 杭州华三通信技术有限公司 一种检测接入终端数量的方法及装置
CN102469088A (zh) * 2010-11-17 2012-05-23 郑州威科姆科技股份有限公司 基于udp协议的大量数据传输方法
CN102868690B (zh) * 2012-09-13 2015-05-20 北京航空航天大学 Web服务隔离检测的方法及系统
CN103401861B (zh) * 2013-07-29 2016-08-10 深信服网络科技(深圳)有限公司 代理上网识别方法及装置
CN103763125A (zh) * 2013-12-27 2014-04-30 北京集奥聚合科技有限公司 运营商网络实际用户数的统计方法和装置
CN103986616B (zh) * 2014-04-15 2017-05-10 深信服网络科技(深圳)有限公司 识别代理上网的机器数的方法及装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035031A (zh) * 2007-04-03 2007-09-12 华为技术有限公司 检测共享接入的主机数目的方法和装置
CN101599857A (zh) * 2009-06-25 2009-12-09 成都市华为赛门铁克科技有限公司 检测共享接入主机数目的方法、装置及网络检测系统
WO2011036333A1 (en) * 2009-09-28 2011-03-31 Joikusoft Ltd Scalable wlan gateway

Also Published As

Publication number Publication date
CN106664223B (zh) 2020-03-20
CN106664223A (zh) 2017-05-10

Similar Documents

Publication Publication Date Title
US10778554B2 (en) Latency measurement in resource requests
US9253065B2 (en) Latency measurement in resource requests
CN104580192B (zh) 应用程序的网络访问请求的处理方法和装置
US9185012B2 (en) Latency measurement in resource requests
US8949368B2 (en) Method for cache object aggregation
US8326923B1 (en) Smart prefetching of data over a network
US9379952B2 (en) Monitoring NAT behaviors through URI dereferences in web browsers
US11196833B1 (en) Proxy server synchronizer
EP3125502A1 (en) Method for providing access to a web server
US10250637B2 (en) System and method of pre-establishing SSL session connections for faster SSL connection establishment
TW201513623A (zh) 一種發送業務請求訊息的方法及裝置
US11470175B1 (en) Early positive communication response in a proxy infrastructure
US20240073274A1 (en) Accelerating connections to a host server
CN111917900A (zh) 一种域名代理的请求处理方法及装置
US20230018506A1 (en) Token-based authentication for a proxy web scraping service
US8490173B2 (en) Unauthorized communication detection method
WO2016086755A1 (zh) 一种报文处理的方法和透明代理服务器
CN105635073A (zh) 访问控制方法、装置和网络接入设备
WO2016201673A1 (zh) 一种共享接入主机数目检测方法及检测装置
WO2017020597A1 (zh) 一种资源缓存方法及装置
TW201312369A (zh) 網頁內容過濾方法以及具網頁內容過濾功能之網路設備
CN113411228B (zh) 一种网络状况的确定方法及服务器
CN112202785B (zh) 一种上传文件处理方法、装置、设备及计算机存储介质
KR20190090862A (ko) 재지향 감소
JP2013243534A (ja) 遅延時間評価装置および遅延時間評価方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15895246

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15895246

Country of ref document: EP

Kind code of ref document: A1