WO2019057089A1 - Network card image packet capture method, terminal, and readable storage medium - Google Patents

Network card image packet capture method, terminal, and readable storage medium Download PDF

Info

Publication number
WO2019057089A1
WO2019057089A1 PCT/CN2018/106521 CN2018106521W WO2019057089A1 WO 2019057089 A1 WO2019057089 A1 WO 2019057089A1 CN 2018106521 W CN2018106521 W CN 2018106521W WO 2019057089 A1 WO2019057089 A1 WO 2019057089A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
capture
network card
port
captured
Prior art date
Application number
PCT/CN2018/106521
Other languages
French (fr)
Chinese (zh)
Inventor
阎松明
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2019057089A1 publication Critical patent/WO2019057089A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9063Intermediate storage in different physical parts of a node or terminal
    • H04L49/9068Intermediate storage in different physical parts of a node or terminal in the network interface card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Definitions

  • the present disclosure relates to the field of network information technologies, and in particular, to a network card (NIC) image capture method, a terminal, and a readable storage medium.
  • NIC network card
  • packet capture is a very common and useful technology.
  • the packet capture technology is to intercept, retransmit, edit, and transfer data packets sent and received by the network transmission. Packet capture can be used to check network security or analyze traffic, so packet capture is a technology that is very practical and difficult to use.
  • a physical host cannot directly capture packets that are not directly connected to it. If you want to capture a network card that is mounted on a virtual machine or other network that is not directly connected to the physical host, you need to add additional external devices or change the settings of the original external network device. This increases the cost of capturing the bag, reduces the operability, and also has certain technical requirements for the operator.
  • the present disclosure provides a network card image capture method, where the image capture method includes the following steps: configuring a mapping module, and performing association configuration with the mapping module on the network card to be captured and the mirrored port; The image of the NIC to be captured is generated. The mirroring of the mirrored port is obtained.
  • the present disclosure also provides a mobile terminal, including: a memory, a processor, and a network card image capture program stored on the memory and operable on the processor, the network card image capture program being used by the processor
  • the step of implementing the network card image capture method as described above is implemented during execution.
  • the present disclosure further provides a computer readable storage medium, wherein the computer readable storage medium stores a network card image capture program, and the network card image capture program is executed by the processor to implement the network card image capture method as described above. A step of.
  • FIG. 1 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of a network card image capture method according to the present disclosure
  • step S30 of the network card image capture method is a schematic flowchart of the refinement of step S30 of the network card image capture method according to the present disclosure
  • FIG. 4 is a schematic diagram of a usage scenario of a network card image capture method according to the present disclosure in some cases;
  • FIG. 5 is a schematic diagram of a usage scenario of a network card image capture method according to the present disclosure
  • FIG. 6 is a schematic diagram of a typical scenario of a network card image capture method according to the present disclosure.
  • FIG. 7 is a flow chart of a network card image capture method according to the present disclosure in a typical scenario shown in FIG. 6;
  • FIG. 8 is a schematic diagram of still another typical scenario of a network card image capture method according to the present disclosure.
  • FIG. 9 is a flowchart of another exemplary scenario shown in FIG. 8 of the network card image capture method according to the present disclosure.
  • FIG. 10 is a schematic diagram of another exemplary scenario of a network card image capture method according to the present disclosure.
  • FIG. 11 is a flow chart of another exemplary scenario shown in FIG. 10 of the network card image capture method according to the present disclosure.
  • VNIC Virtual Network Interface Card
  • FIG. 1 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • the terminal in the embodiment of the present disclosure may be a PC, or may be a smart phone, a tablet computer, an e-book reader, a Motion Picture Experts Group Audio Layer III (MP3) player, and a motion picture expert compression standard.
  • a portable terminal device having a display function such as a Moving Picture Experts Group Audio Layer IV (MP4) player or a portable computer.
  • MP4 Moving Picture Experts Group Audio Layer IV
  • the terminal may include a processor 1001 (eg, a CPU), a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002.
  • Communication bus 1002 is used to implement the connections and communications between these components.
  • the user interface 1003 can include a display, an input unit (such as a keyboard), and the user interface 1003 can also include a standard wired interface, a wireless interface.
  • the network interface 1004 can include a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 1005 may be a high speed RAM memory or a non-volatile memory such as a disk memory.
  • the memory 1005 may also be a storage device independent of the aforementioned processor 1001.
  • the terminal may also include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like.
  • the sensors are such as light sensors, motion sensors, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display screen according to the brightness of the ambient light, and the proximity sensor may turn off the display screen when the mobile terminal moves to the ear. Or backlight.
  • the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally three axes), and can detect the magnitude and direction of gravity (when the sensor is stationary), so it can be used to identify the mobile terminal.
  • gestures such as horizontal and vertical screen switching, related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping).
  • the mobile terminal can also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, and the like, and details are not described herein again.
  • terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
  • the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a network card image capture program.
  • the network interface 1004 is configured to connect to the background server and perform data communication with the background server;
  • the user interface 1003 is configured to connect to the client (user end) for data communication with the client;
  • the processor 1001 is set to call the network card image capture program stored in the memory 1005, and performs the following operations: setting a mapping module with the physical host command sending end in the network card driver; setting a packet capturing switch and a preset packet capturing time; and passing the mapping module Configure the mirrored port of the NIC to be captured, and capture the mirrored packets of the NIC according to the packet capture duration.
  • the processor 1001 can invoke the network card image capture program stored in the memory 1005 to perform the following operations: selecting a mirrored port, where the mirrored port is a port that the physical host can directly capture.
  • the processor 1001 may invoke the network card image capture procedure stored in the memory 1005 to perform the following operations: acquiring a packet of the network card to be captured, and mapping the packet to the mirrored port by using the mapping module.
  • the processor 1001 may invoke the network card image capture program stored in the memory 1005 to perform the following operations: after receiving the packet capture instruction, the mirror port is captured by the preset packet capture tool based on the physical host. .
  • the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: recording the packet capture duration and comparing with the preset capture duration, according to the capture duration and the preset. The comparison result of the packet capture duration controls whether to stop capturing packets.
  • the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: when the packet capture duration is less than the preset capture duration, the packet capture is continued; and when the packet capture duration is greater than Or equal to the preset capture time, then stop capturing.
  • the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: after the packet capture is stopped, the packet acquired by the packet capture is stored in a preset local path.
  • the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: after the packet capture is stopped, the packet obtained by the packet capture is sent to the preset remote address through the network. .
  • the disclosure also provides a network image capture method.
  • the network card image capture method includes: steps S10-S30.
  • step S10 the mapping module is configured, and the network card to be captured and the mirrored port are associated with the mapping module.
  • mapping module is first added to the network card driver (the mapping module is added to the network card driver by software to have corresponding functions).
  • the mapping module is configured to associate the network card to be captured with the mirrored port, and the mirroring port can mirror the network card to be captured by the mapping module.
  • step S20 the mirroring of the network card to be captured is generated in the mirrored port by the mapping module.
  • the network card driver first obtains the packet of the network card to be captured, and then maps the packet of the network card to be captured to the mirrored port through the mapping module, and then generates a mirror image of the network card to be captured on the mirrored port.
  • step S30 the image of the mirrored port is captured, and the packet of the mirrored port is obtained.
  • the mirrored port is different from the network card to be captured.
  • the mirrored port is a PCI (Peripheral Component Interconnect) device that can be directly viewed by the physical host (that is, the port data can be directly obtained). Therefore, the physical host can capture the mirrored port, and the mirrored port is the mirrored packet of the NIC to be captured by the mapping module. Therefore, the packet of the mirrored port can be regarded as the packet to be captured.
  • PCI Peripheral Component Interconnect
  • a mapping module is configured in the network card driver, and the mapping module can map the packets of the network card to be captured to be mapped to the mirrored port, so as to generate a mirror image of the network card to be captured in the mirrored port.
  • the network card to be captured is not directly connected to the physical host. Therefore, the physical host cannot directly capture the captured network card. However, the physical host can capture the mirrored port through the capture tool such as TcpDump.
  • the packet in the mirrored port is The packet obtained by the NIC to be captured is the same as that of the NIC to be captured. Therefore, the packet of the mirrored port can be obtained as the packet of the NIC to be captured. Capture the bag.
  • NICs implement multiple virtual NICs (Single-root I/O virtualization, SR-IOV or SRIOV) to implement multiple virtual NICs (VF, Virtual).
  • VM Virtual Machine
  • VM Virtual Machine
  • PCI Peripheral Component Interconnect Express
  • the device is directly mounted on the virtual machine through the hardware exchange of the NIC itself.
  • the virtual machine can view the PCI device itself.
  • the physical host does not load the PCI device. Therefore, the physical host cannot implement the physical device. Capture packets on the port of the PCI device (the scenario is shown in Figure 4).
  • the virtual network card VNIC and the virtual network card VF may have the same meaning.
  • the first thing to be solved is how to enable the physical host to view (or connect, etc., that is, establish the association relationship between the physical host and the network card).
  • the network card to which it is connected can be achieved by adding external devices or by an operator modifying the settings of the external network device. However, this may increase the cost of additional use (additional external equipment), high technical requirements for operators (change the settings of external network equipment), and increase the cost of capturing packets.
  • the port packet of the network card to be captured is mapped to the mirrored port (the mirrored port is the network card port that the physical host can directly capture), and the mirrored port is in the mirrored port.
  • a packet with a mirrored network card to be captured At this time, the physical host can obtain the packets of the mirrored port by capturing the mirrored port.
  • the packets of the mirrored port are obtained by mirroring the NIC to be captured. Therefore, the packets of the mirrored port are the same as those of the NIC to be captured. Packets for the network card.
  • the VF image capture packet parameter can be set by calling the interface of the underlying driver in the form of IOCTL.
  • Packet capture is one of the most common technologies in network communication technology. Packet capture is the interception, retransmission, editing, and transfer of data packets transmitted and received by the network. Packet capture is commonly used to check network security or to intercept data for interception. For example, in the field of network security, packet capture is used to obtain data packets transmitted between networks, and after the data packet is acquired, the content of the data packet is further analyzed to determine whether the data packet contains content that threatens network security. In addition, in software development, software testing is also performed by capturing packets. After the problem is discovered, by capturing packets and obtaining incorrect data streams, logs, and other data, the tester can locate the problem by reproducing errors, intercepting data, and the like.
  • FIG. 6 illustrates a scenario in which the virtual machine VM2 captures the packet of the virtual network card VF1 port (the network card to be captured) in the virtual machine VM1 through the virtual network card VF2 (mirror port) under the same physical host HOST.
  • FIG. 7 is a packet capture interaction process between a virtual network card VF1 (a network card to be captured) and a virtual machine VM2 (a mirror port) in the same physical host in the connection relationship in the scenario of FIG. 6;
  • FIG. 7 is a packet capture interaction process between a virtual network card VF1 (a network card to be captured) and a virtual machine VM2 (a mirror port) in the same physical host in the connection relationship in the scenario of FIG. 6;
  • the physical host HOST captures the scenario of the virtual network card VF1 (the network card to be captured) in the virtual machine VM1 through the mirroring port through the virtual network card VF2 (mirror port).
  • FIG. 9 illustrates a packet capture interaction process of the virtual network card VF2 (mirror port) in the virtual host VM1 in the physical host HOST in the connection relationship in the scenario of FIG.
  • the physical host HOST and the virtual machine VM2 are described, and the scene of the virtual network card VF1 (to be captured) is mirrored by the OpenVSwitch (OVS) bridge image and the virtual network card VF2 (mirror port).
  • OVS OpenVSwitch
  • Figure 11 illustrates the virtual network card VF2 (mirrored port) in the virtual host VM2 and the virtual network card VF1 (to be captured) in another virtual machine VM1.
  • Neutron is a network control component.
  • the Neutron SRIOV agent is a process running on the compute node server. It is used to control the management of the SR-IOV network card and its VM.
  • the Neutron OVS agent is running. Another process on the compute node server.
  • the disclosure sets the mapping module in the network card driver, sets the network card that needs to be captured to the network card driver, and the network card driver completes the mirroring function, and the host HOST can use the special packet capture tool (TcpDump, etc.) to mirror the port.
  • the packet is captured to solve the packet capture problem caused by the virtual machine of the SR-IOV NIC in the virtual machine environment.
  • packet capture for all virtual network card ports in the virtual machine can be completed without adding additional external devices and without changing the external setting configuration; and, according to an embodiment of the present disclosure, the use is low in difficulty and easy to use.
  • you can implement fault location for network data abnormality and important operations such as traffic monitoring on the network.
  • step S10 the step of performing the association configuration of the to-be-captured network card and the mirrored port with the mapping module includes: Step 11.
  • the mirrored port is selected, and the mirrored port is a port that the physical host can directly capture.
  • the mirrored port needs to be able to be loaded by the physical host, that is, the physical host can capture the mirrored port.
  • a mirrored port is used to store the image of the NIC to be captured, and the physical host obtains the packet in the mirror. Therefore, the mirrored port is different from the NIC to be captured.
  • the mirrored port can be loaded by the physical host.
  • the physical network host cannot capture the physical network host. Therefore, the physical host can capture packets directly from the captured network adapter.
  • the physical host can capture packets on the mirrored port and obtain packets on the mirrored port. By selecting the port that can be loaded by the physical host as the mirroring port, the physical host can capture the mirrored port directly.
  • step S20 the step of generating a mirror image of the network card to be captured in the mirror port by using the mapping module includes: step S21.
  • Step S21 Obtain a packet of the network card to be captured, and map the packet to the mirrored port by using the mapping module.
  • the mapping port when the mapping module is used to mirror the captured network card, the mapping port first obtains the data sent and received by the network card to be captured, and then sends the obtained data to the mirrored port, and generates the image in the mirrored port. Capture the image of the network card.
  • the mapping module is configured to mirror the captured network card, which is to copy the data received and sent by the captured network card, and send the copied data to the mirrored port, so that the data in the mirrored port is the same as the data packet to be captured.
  • the mapping module can send the data received and sent by the network card to be captured to the mirroring port to generate a mirror image of the network card to be captured. After the mirroring port is mirrored, the physical host can obtain the mirroring of the NIC to be captured on the mirroring port.
  • step S30 the image of the mirrored port is captured, and the step of obtaining the packet of the mirrored port includes: Steps S31-S342.
  • step S31 after receiving the packet capture instruction, the mirror port is captured by the preset packet capture tool based on the physical host.
  • the physical host obtains the required packet by using the packet capture tool to capture the mirrored packet. .
  • the physical host can obtain the mirrored packet of the target NIC when the packet needs to be captured.
  • the physical host captures the packets of the mirroring port through the packet capture tool (such as TcpDump).
  • the SR-IOV network card itself has registers in which the source destination image can be set.
  • the physical host cannot randomly capture the network card.
  • the mapping module establishes a bridge between the physical host and the target network card that needs to be captured, thereby solving the problem that the physical host cannot directly mount the virtual machine on the virtual machine.
  • the physical host performs the view of the network card driver, and the network card driver completes the image capture of the network card through the mapping module, thereby implementing image capture of the network card.
  • step S31 after the step of capturing the mirror port by using the preset packet capture tool based on the physical host, the method includes: step S32.
  • step S32 the packet capture duration is recorded, and compared with the preset packet capture duration, and the packet capture is stopped according to the comparison result of the capture packet duration and the preset capture duration.
  • the packet capture start time is recorded.
  • the current time is subtracted from the packet capture start time to obtain the packet capture duration.
  • Packet capture is the process of intercepting, resending, editing, and transferring data packets sent and received by the network transmission. Therefore, the target of packet capture is data, and as the packet capture time increases, the amount of data captured by the packet will also follow. Increase. The increase in the amount of data will increase the resources occupied by the captured messages, while the excessively large data is not conducive to subsequent interpretation. Therefore, it is necessary to control the captured data to an appropriate size, so that a sufficient amount of data can be acquired at one time, and the problem that the data is too large and the resource consumption is too large and the reading speed is slow is not caused.
  • the control of the packet capture duration can be used to control the amount of data to be captured. When the packet capture duration reaches the preset packet capture duration, it indicates that the packet has been captured with sufficient data. In order to avoid the crawling of the message data is too large, making storage and reading inconvenient.
  • step S32 after the step of controlling whether to stop capturing packets according to the comparison result of the packet capture duration and the preset packet capture duration, the steps include: steps S33 and S34.
  • step S33 when the packet capture duration is less than the preset packet capture duration, the packet capture is continued.
  • step S34 when the packet capture duration is greater than or equal to the preset capture packet duration, the packet capture is stopped.
  • the length of the packet capture determines the total amount of data captured in this capture.
  • the preset duration is determined according to the packet capture requirement and the hardware and software conditions. After the preset duration is set, whether to stop the packet capture is controlled according to the relationship between the recorded packet capture duration and the preset duration.
  • the amount of data acquired by the packet capture increases as the packet capture time increases, and the amount of data that needs to be fetched is adjusted according to different conditions. If the amount of data captured is too small, the purpose of data monitoring or network security may result in the inability to obtain accurate information due to insufficient data. If the amount of data captured is too large, it may cause inconvenience or even failure of storage or transmission, and too much data will only make the user less efficient in the analysis, and can not significantly improve the accuracy of the analysis results. Sex. Therefore, after the preset packet capture time is set according to the specific requirements, the packet capture duration is compared with the preset capture packet duration, and the comparison result is determined to continue to capture the packet or stop the packet capture, thereby accurately controlling The amount of data fetched by the port.
  • step S34 when the packet capture duration is greater than or equal to the preset packet capture duration, the step of stopping the packet capture includes: step S341.
  • step S341 after the packet capture is stopped, the packet acquired by the packet capture is stored in a preset local path.
  • the obtained port data (that is, the packet obtained by the packet capture) is stored locally, and the storage path is a preset local path.
  • the obtained packet needs to be assigned a stored local path to store the packet locally.
  • Stored locally allows technicians to better use locally captured messages.
  • the technician can obtain the locally stored message according to the specified path when needed, thereby realizing the analysis of the local data.
  • step S34 when the packet capture duration is greater than or equal to the preset packet capture duration, the step of stopping the packet capture further includes: step S342.
  • step S342 after the packet capture is stopped, the packet obtained by the packet capture is sent to the preset remote address through the network.
  • the captured message can be sent to the remote address, thereby implementing remote monitoring and analysis of the network data by the technician.
  • NIC image capture method of the present disclosure in addition to being able to store the captured data locally, it is also possible to set an address for transmitting the packet data to the remote end through the network. In this way, the technician can uniformly manage the devices in the network through the administrator device.
  • the present disclosure also provides a terminal.
  • the terminal includes: a memory, a processor, and a network card image capture program stored on the memory and operable on the processor, where the network card image capture program is implemented by the processor, as described above The steps of the NIC image capture method.
  • embodiments of the present disclosure also propose a computer readable storage medium.
  • the network readable storage medium of the present disclosure stores a network card image capture program, and the network card image capture program is executed by the processor to implement the steps of the network card image capture method as described above.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform.
  • the essential part of the technical solution of the present disclosure or the part contributing to the prior art can be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present disclosure.

Abstract

This disclosure provides a network card image packet capture method, a terminal, and a readable storage medium. The image packet capture method comprises the following steps: configuring a mapping module, and performing associated configuration with the mapping module on a network card, on which packet capture is to be performed, and an image port; generating an image of the network card in the image port by means of the mapping module; and performing packet capture in the image in the image port to obtain a packet of the image port.

Description

网卡镜像抓包方法、终端以及可读存储介质NIC image capture method, terminal, and readable storage medium 技术领域Technical field
本公开涉及网络信息技术领域,尤其涉及一种网卡(NIC)镜像抓包方法、终端以及可读存储介质。The present disclosure relates to the field of network information technologies, and in particular, to a network card (NIC) image capture method, a terminal, and a readable storage medium.
背景技术Background technique
在计算机网络信息技术中,抓包是一个很非常常用以及有用的技术。抓包技术就是将网络传输发送与接收的数据包进行截获、重发、编辑、转存等操作。抓包可以用来检查网络安全或者分析流量等,因此抓包是一个实用价值非常高并且使用难度不大的技术。In computer network information technology, packet capture is a very common and useful technology. The packet capture technology is to intercept, retransmit, edit, and transfer data packets sent and received by the network transmission. Packet capture can be used to check network security or analyze traffic, so packet capture is a technology that is very practical and difficult to use.
但是,在虚拟机环境中,物理主机无法对没有与其直接连接的网卡直接进行抓包。若想对挂载于虚拟机或者其他未与物理主机直接连接的网卡进行抓包,需要额外的外部设备或者改变原有外部网络设备的设置。这样就增加了抓包的成本,降低了可操作性,并且还对操作人员有一定的技术要求。However, in a virtual machine environment, a physical host cannot directly capture packets that are not directly connected to it. If you want to capture a network card that is mounted on a virtual machine or other network that is not directly connected to the physical host, you need to add additional external devices or change the settings of the original external network device. This increases the cost of capturing the bag, reduces the operability, and also has certain technical requirements for the operator.
发明内容Summary of the invention
本公开提供一种网卡镜像抓包方法,所述镜像抓包方法包括以下步骤:配置映射模块,并将待抓包网卡与镜像端口进行与所述映射模块的关联配置;通过映射模块在镜像端口中生成待抓包网卡的镜像;以及对镜像端口中的镜像进行抓包,获取镜像端口的报文。The present disclosure provides a network card image capture method, where the image capture method includes the following steps: configuring a mapping module, and performing association configuration with the mapping module on the network card to be captured and the mirrored port; The image of the NIC to be captured is generated. The mirroring of the mirrored port is obtained.
本公开还提供一种移动终端,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的网卡镜像抓包程序,所述网卡镜像抓包程序被所述处理器执行时实现如上所述网卡镜像抓包方法的步骤。The present disclosure also provides a mobile terminal, including: a memory, a processor, and a network card image capture program stored on the memory and operable on the processor, the network card image capture program being used by the processor The step of implementing the network card image capture method as described above is implemented during execution.
本公开还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有网卡镜像抓包程序,所述网卡镜像抓包程序被处理器执行时实现如上所述的网卡镜像抓包方法的步骤。The present disclosure further provides a computer readable storage medium, wherein the computer readable storage medium stores a network card image capture program, and the network card image capture program is executed by the processor to implement the network card image capture method as described above. A step of.
附图说明DRAWINGS
图1是根据本公开实施例的终端的结构示意图;1 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;
图2是根据本公开的网卡镜像抓包方法的一种流程示意图;2 is a schematic flowchart of a network card image capture method according to the present disclosure;
图3是根据本公开的网卡镜像抓包方法的步骤S30的细化流程示意图;3 is a schematic flowchart of the refinement of step S30 of the network card image capture method according to the present disclosure;
图4是根据本公开的网卡镜像抓包法在一些情况下的使用场景示意图;4 is a schematic diagram of a usage scenario of a network card image capture method according to the present disclosure in some cases;
图5是根据本公开的网卡镜像抓包方法的使用场景示意图;FIG. 5 is a schematic diagram of a usage scenario of a network card image capture method according to the present disclosure; FIG.
图6是根据本公开的网卡镜像抓包方法的一种典型场景示意图;6 is a schematic diagram of a typical scenario of a network card image capture method according to the present disclosure;
图7是根据本公开的网卡镜像抓包方法在图6中所示的典型场景中的流程图;7 is a flow chart of a network card image capture method according to the present disclosure in a typical scenario shown in FIG. 6;
图8是根据本公开的网卡镜像抓包方法的又一典型场景示意图;8 is a schematic diagram of still another typical scenario of a network card image capture method according to the present disclosure;
图9是根据本公开的网卡镜像抓包方法在图8中所示的又一典型场景中的流程图;9 is a flowchart of another exemplary scenario shown in FIG. 8 of the network card image capture method according to the present disclosure;
图10是根据本公开的网卡镜像抓包方法的另一典型场景示意图;以及10 is a schematic diagram of another exemplary scenario of a network card image capture method according to the present disclosure;
图11是根据本公开的网卡镜像抓包方法在图10中所示的另一典型场景中的流程图。11 is a flow chart of another exemplary scenario shown in FIG. 10 of the network card image capture method according to the present disclosure.
本公开目的的实现、功能特点及优点将结合实施例并参照附图做进一步说明。The implementation, functional features, and advantages of the present disclosure will be further described in conjunction with the embodiments and the accompanying drawings.
具体实施方式Detailed ways
应当理解,此处所描述的具体实施例仅仅用以解释本公开,并不用于限定本公开。It is understood that the specific embodiments described herein are merely illustrative of the disclosure and are not intended to limit the disclosure.
在各实施例中,可以存在虚拟网卡(Virtual Network Interface Card,VNIC)。In various embodiments, there may be a Virtual Network Interface Card (VNIC).
如图1所示,图1是根据本公开实施例的终端的结构示意图。As shown in FIG. 1, FIG. 1 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
本公开实施例终端可以是PC,也可以是智能手机、平板电脑、电子书阅读器、动态影像专家压缩标准音频层面3(Moving Picture Experts Group Audio Layer III,MP3)播放器、动态影像专家压缩 标准音频层面4(Moving Picture Experts Group Audio Layer IV,MP4)播放器、便携计算机等具有显示功能的可移动式终端设备。The terminal in the embodiment of the present disclosure may be a PC, or may be a smart phone, a tablet computer, an e-book reader, a Motion Picture Experts Group Audio Layer III (MP3) player, and a motion picture expert compression standard. A portable terminal device having a display function such as a Moving Picture Experts Group Audio Layer IV (MP4) player or a portable computer.
如图1所示,该终端可以包括:处理器1001(例如CPU)、网络接口1004、用户接口1003、存储器1005、通信总线1002。通信总线1002用于实现这些组件之间的连接和通信。用户接口1003可以包括显示屏(Display)、输入单元(比如键盘(Keyboard)),用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器1005可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1005还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1, the terminal may include a processor 1001 (eg, a CPU), a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002. Communication bus 1002 is used to implement the connections and communications between these components. The user interface 1003 can include a display, an input unit (such as a keyboard), and the user interface 1003 can also include a standard wired interface, a wireless interface. The network interface 1004 can include a standard wired interface, a wireless interface (such as a WI-FI interface). The memory 1005 may be a high speed RAM memory or a non-volatile memory such as a disk memory. The memory 1005 may also be a storage device independent of the aforementioned processor 1001.
终端还可以包括摄像头、RF(Radio Frequency,射频)电路、传感器、音频电路、WiFi模块等等。所述传感器比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示屏的亮度,而接近传感器可在移动终端移动到耳边时,关闭显示屏和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,并可检测出重力的大小及方向(当所述传感器静止时),因而其可用于识别移动终端姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等。当然,移动终端还可以配置有陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。The terminal may also include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like. The sensors are such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display screen according to the brightness of the ambient light, and the proximity sensor may turn off the display screen when the mobile terminal moves to the ear. Or backlight. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally three axes), and can detect the magnitude and direction of gravity (when the sensor is stationary), so it can be used to identify the mobile terminal. The application of gestures (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping). Of course, the mobile terminal can also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, and the like, and details are not described herein again.
本领域技术人员可以理解,图1中示出的终端结构并不构成对终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。It will be understood by those skilled in the art that the terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
如图1所示,作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及网卡镜像抓包程序。As shown in FIG. 1, the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a network card image capture program.
在图1所示的终端中,网络接口1004设置为连接后台服务器,并与后台服务器进行数据通信;用户接口1003设置为连接客户端(用户端),以与客户端进行数据通信;而处理器1001设置为调用存储 器1005中存储的网卡镜像抓包程序,并执行以下操作:在网卡驱动中与物理主机命令发送端设置映射模块;设置抓包的开关与预设抓包时长;以及通过映射模块配置需要抓包的网卡的镜像端口,并根据抓包时长抓取所述网卡的镜像报文。In the terminal shown in FIG. 1, the network interface 1004 is configured to connect to the background server and perform data communication with the background server; the user interface 1003 is configured to connect to the client (user end) for data communication with the client; and the processor 1001 is set to call the network card image capture program stored in the memory 1005, and performs the following operations: setting a mapping module with the physical host command sending end in the network card driver; setting a packet capturing switch and a preset packet capturing time; and passing the mapping module Configure the mirrored port of the NIC to be captured, and capture the mirrored packets of the NIC according to the packet capture duration.
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:选定镜像端口,所述镜像端口为物理主机能够直接进行抓包的端口。In one embodiment, the processor 1001 can invoke the network card image capture program stored in the memory 1005 to perform the following operations: selecting a mirrored port, where the mirrored port is a port that the physical host can directly capture.
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:获取待抓包网卡的报文,通过映射模块将报文映射至镜像端口。In one embodiment, the processor 1001 may invoke the network card image capture procedure stored in the memory 1005 to perform the following operations: acquiring a packet of the network card to be captured, and mapping the packet to the mirrored port by using the mapping module.
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:在接收到抓包指令后,基于物理主机通过预设抓包工具对镜端口进行抓包。In an embodiment, the processor 1001 may invoke the network card image capture program stored in the memory 1005 to perform the following operations: after receiving the packet capture instruction, the mirror port is captured by the preset packet capture tool based on the physical host. .
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:记录抓包时长,并与预设抓包时长进行比对,根据抓包时长与预设抓包时长的比对结果控制是否停止抓包。In an embodiment, the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: recording the packet capture duration and comparing with the preset capture duration, according to the capture duration and the preset. The comparison result of the packet capture duration controls whether to stop capturing packets.
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:当抓包时长小于预设抓包时长时,则持续抓包;以及当抓包时长大于或等于预设抓包时长时,则停止抓包。In an embodiment, the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: when the packet capture duration is less than the preset capture duration, the packet capture is continued; and when the packet capture duration is greater than Or equal to the preset capture time, then stop capturing.
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:停止抓包后将所述抓包获取的报文储存在预设本地路径中。In an embodiment, the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: after the packet capture is stopped, the packet acquired by the packet capture is stored in a preset local path.
在一个实施例中,处理器1001可以调用存储器1005中存储的网卡镜像抓包程序,以执行以下操作:停止抓包后将所述抓包获取的报文通过网络发送到预设的远端地址。In an embodiment, the processor 1001 may call the network card image capture program stored in the memory 1005 to perform the following operations: after the packet capture is stopped, the packet obtained by the packet capture is sent to the preset remote address through the network. .
本公开还提供一种网络镜像抓包方法。The disclosure also provides a network image capture method.
参照图2,所述网卡镜像抓包方法包括:步骤S10-S30。Referring to FIG. 2, the network card image capture method includes: steps S10-S30.
在步骤S10,配置映射模块,并将待抓包网卡与镜像端口进行与 所述映射模块的关联配置。In step S10, the mapping module is configured, and the network card to be captured and the mirrored port are associated with the mapping module.
具体地,首先在网卡驱动中添加映射模块(通过软件在网卡驱动中增加映射模块,使其具有相应的功能)。映射模块用以将待抓包网卡与镜像端口进行关联,通过所述映射模块,镜像端口能够对待抓包网卡进行镜像。Specifically, the mapping module is first added to the network card driver (the mapping module is added to the network card driver by software to have corresponding functions). The mapping module is configured to associate the network card to be captured with the mirrored port, and the mirroring port can mirror the network card to be captured by the mapping module.
在步骤S20,通过映射模块在镜像端口中生成待抓包网卡的镜像。In step S20, the mirroring of the network card to be captured is generated in the mirrored port by the mapping module.
具体地,网卡驱动首先会获取到待抓包网卡的报文,然后通过映射模块将待抓包网卡的报文映射至镜像端口中,然后在镜像端口再生成待抓包网卡的镜像。Specifically, the network card driver first obtains the packet of the network card to be captured, and then maps the packet of the network card to be captured to the mirrored port through the mapping module, and then generates a mirror image of the network card to be captured on the mirrored port.
在步骤S30,对镜像端口中的镜像进行抓包,获取镜像端口的报文。In step S30, the image of the mirrored port is captured, and the packet of the mirrored port is obtained.
具体地,镜像端口与待抓包网卡不同,镜像端口是物理主机能够直接进行查看(即能够直接获取该端口数据)的一个PCI(Peripheral Component Interconnect,外设部件互连标准)设备。因此,物理主机是能够对镜像端口进行抓包的,而镜像端口的报文是通过映射模块生成的待抓包网卡的镜像报文,因此获取镜像端口的报文即可视为获取待抓包网卡的报文。Specifically, the mirrored port is different from the network card to be captured. The mirrored port is a PCI (Peripheral Component Interconnect) device that can be directly viewed by the physical host (that is, the port data can be directly obtained). Therefore, the physical host can capture the mirrored port, and the mirrored port is the mirrored packet of the NIC to be captured by the mapping module. Therefore, the packet of the mirrored port can be regarded as the packet to be captured. NIC message.
首先在网卡驱动中配置映射模块,所述映射模块能够将待抓包网卡的报文进行映射,以映射到镜像端口中,从而在镜像端口中生成待抓包网卡的镜像。待抓包网卡未直接与物理主机连接,因此物理主机无法直接对待抓包网卡进行抓包,但是物理主机可以通过TcpDump等抓包工具直接对镜像端口进行抓包,而镜像端口中的报文是由待抓包网卡映射得到的,因此与待抓包网卡的报文是相同的,因此获取了镜像端口的报文可视为获取了待抓包网卡的报文,即完成了对待抓包网卡的抓包。First, a mapping module is configured in the network card driver, and the mapping module can map the packets of the network card to be captured to be mapped to the mirrored port, so as to generate a mirror image of the network card to be captured in the mirrored port. The network card to be captured is not directly connected to the physical host. Therefore, the physical host cannot directly capture the captured network card. However, the physical host can capture the mirrored port through the capture tool such as TcpDump. The packet in the mirrored port is The packet obtained by the NIC to be captured is the same as that of the NIC to be captured. Therefore, the packet of the mirrored port can be obtained as the packet of the NIC to be captured. Capture the bag.
目前,在虚拟化技术已经在计算机技术中得到广泛运用,例如网卡通过单根I/O虚拟化(Single-root I/O virtualization,SR-IOV或SRIOV)来实现多个虚拟网卡(VF,Virtual Function),每个虚拟机(VM,Virtual Machine)根据需求来分配一定数量的虚拟网卡,其中每个虚拟网卡是一个实体的快速外设组件互连件(Peripheral  Component Interconnect Express,PCI)。设备通过网卡本身的硬件交换直接挂载在虚拟机中,虚拟机可以查看其自身挂载的PCI设备,但是对于云平台来说,这个物理主机并不会加载这个PCI设备,因此物理主机无法实现在对该PCI设备的端口抓包(场景示意图如图4)。在本公开中,虚拟网卡VNIC和虚拟网卡VF可以是相同的含义。At present, virtualization technology has been widely used in computer technology. For example, NICs implement multiple virtual NICs (Single-root I/O virtualization, SR-IOV or SRIOV) to implement multiple virtual NICs (VF, Virtual). Function), each virtual machine (VM, Virtual Machine) allocates a certain number of virtual network cards according to requirements, wherein each virtual network card is a physical Peripheral Component Interconnect Express (PCI). The device is directly mounted on the virtual machine through the hardware exchange of the NIC itself. The virtual machine can view the PCI device itself. However, for the cloud platform, the physical host does not load the PCI device. Therefore, the physical host cannot implement the physical device. Capture packets on the port of the PCI device (the scenario is shown in Figure 4). In the present disclosure, the virtual network card VNIC and the virtual network card VF may have the same meaning.
想要解决在虚拟机环境中物理主机对于网卡的抓包问题,首先要解决的是如何使物理主机能够查看(或者进行连接等,即建立能够使物理主机完成对网卡抓包的关联关系)未与其连接的网卡。一般而言,这可以通过增加外部设备或者由操作人员修改外部网络设备的设置来实现。但是,这可能会增加了额外的使用成本(增加额外的外部设备)、对操作人员的技术要求较高(改外部网络设备的设置)等弊端,增加了用户的抓包成本。If you want to solve the problem of the physical host's capture of the network card in the virtual machine environment, the first thing to be solved is how to enable the physical host to view (or connect, etc., that is, establish the association relationship between the physical host and the network card). The network card to which it is connected. In general, this can be achieved by adding external devices or by an operator modifying the settings of the external network device. However, this may increase the cost of additional use (additional external equipment), high technical requirements for operators (change the settings of external network equipment), and increase the cost of capturing packets.
在本公开中,通过在网卡驱动中增加映射模块,由此将待抓包网卡的端口报文映射到镜像端口中(镜像端口为物理主机能够直接进行抓包的网卡端口),镜像端口中则存有镜像的待抓包网卡的报文。此时,物理主机可以通过对镜像端口进行抓包来获取镜像端口的报文。由于镜像端口的报文是由镜像待抓包网卡而得到,因此镜像端口的报文与待抓包网卡的报文是相同的,因此物理主机通过对镜像端口进行抓包而间接获取了待抓包网卡的报文。因此,通过在网卡驱动中添加映射模块,使得物理主机与待抓包网卡之间建立了间接的连接关系,从而实现了对待抓包网卡的抓包(本公开使用场景示意图如图5)。在图5中,可以通过IOCTL的形式来调用底层驱动的接口设置VF镜像抓包参数。In the present disclosure, by adding a mapping module to the network card driver, the port packet of the network card to be captured is mapped to the mirrored port (the mirrored port is the network card port that the physical host can directly capture), and the mirrored port is in the mirrored port. A packet with a mirrored network card to be captured. At this time, the physical host can obtain the packets of the mirrored port by capturing the mirrored port. The packets of the mirrored port are obtained by mirroring the NIC to be captured. Therefore, the packets of the mirrored port are the same as those of the NIC to be captured. Packets for the network card. Therefore, by adding a mapping module to the network card driver, an indirect connection relationship is established between the physical host and the network card to be captured, thereby realizing the packet capture of the network card to be captured (the schematic diagram of the usage scenario of the present disclosure is shown in FIG. 5). In FIG. 5, the VF image capture packet parameter can be set by calling the interface of the underlying driver in the form of IOCTL.
抓包是目前网络通信技术中最常见的技术之一,抓包是将网络传输发送与接收的数据包进行截获、重发、编辑、转存等操作。抓包普遍用来检查网络安全或者对数据进行截取监控。例如,在网络安全领域,通过抓包获取网络间相互传输的数据包,在获取数据包后进一步对数据包的内容进行分析,以判断数据包是否包含有威胁网络安全的内容。除此之外,在软件开发中也会通过抓包来进行软件测试。在发现问题后,通过抓包获取错误的数据流、日志等数据,测试人员可 以通过重现错误、截取数据等方式来定位问题。Packet capture is one of the most common technologies in network communication technology. Packet capture is the interception, retransmission, editing, and transfer of data packets transmitted and received by the network. Packet capture is commonly used to check network security or to intercept data for interception. For example, in the field of network security, packet capture is used to obtain data packets transmitted between networks, and after the data packet is acquired, the content of the data packet is further analyzed to determine whether the data packet contains content that threatens network security. In addition, in software development, software testing is also performed by capturing packets. After the problem is discovered, by capturing packets and obtaining incorrect data streams, logs, and other data, the tester can locate the problem by reproducing errors, intercepting data, and the like.
在实际运用中,抓包的应用场景也有各种不同情况。例如,图6描述了在同一个物理主机HOST下,虚拟机VM2通过虚拟网卡VF2(镜像端口)来抓取虚拟机VM1中虚拟网卡VF1端口(待抓包网卡)的报文的场景。图7则是在图6场景下的连接关系中,虚拟机VM1中虚拟网卡VF1(待抓包网卡)与同一个物理主机下的虚拟机VM2(镜像端口)的抓包交互过程;图8描述了物理主机HOST通过与去连接的虚拟网卡VF2(镜像端口)通过镜像口抓取虚拟机VM1中虚拟网卡VF1(待抓包网卡)报文的场景。图9描述了在图8场景下的连接关系中,物理主机HOST中的虚拟网卡VF2(镜像端口)抓取虚拟机VM1中的虚拟网卡VF1(待抓包网卡)的抓包交互过程;图10描述了物理主机HOST与虚拟机VM2,通过OpenVSwitch(OVS)桥镜像和虚拟网卡VF2(镜像端口),镜像抓虚拟机VM1中的虚拟网卡VF1(待抓包网卡)报文的场景。图11描述了在图10场景下的连接关系中,物理主机HOST与虚拟机VM2中的虚拟网卡VF2(镜像端口)对另一个虚拟机VM1中的虚拟网卡VF1(待抓包网卡)镜像抓包的交互过程。在图7、9、11中,Neutron为一种网络控制组件,Neutron SRIOV代理是跑在计算节点服务器上的一个进程,其用于控制SR-IOV网卡及其VM的管理,Neutron OVS代理是跑在计算节点服务器上的另一个进程。In actual use, there are various situations in the application scenario of capturing packets. For example, FIG. 6 illustrates a scenario in which the virtual machine VM2 captures the packet of the virtual network card VF1 port (the network card to be captured) in the virtual machine VM1 through the virtual network card VF2 (mirror port) under the same physical host HOST. FIG. 7 is a packet capture interaction process between a virtual network card VF1 (a network card to be captured) and a virtual machine VM2 (a mirror port) in the same physical host in the connection relationship in the scenario of FIG. 6; FIG. The physical host HOST captures the scenario of the virtual network card VF1 (the network card to be captured) in the virtual machine VM1 through the mirroring port through the virtual network card VF2 (mirror port). FIG. 9 illustrates a packet capture interaction process of the virtual network card VF2 (mirror port) in the virtual host VM1 in the physical host HOST in the connection relationship in the scenario of FIG. The physical host HOST and the virtual machine VM2 are described, and the scene of the virtual network card VF1 (to be captured) is mirrored by the OpenVSwitch (OVS) bridge image and the virtual network card VF2 (mirror port). Figure 11 illustrates the virtual network card VF2 (mirrored port) in the virtual host VM2 and the virtual network card VF1 (to be captured) in another virtual machine VM1. The process of interaction. In Figures 7, 9, and 11, Neutron is a network control component. The Neutron SRIOV agent is a process running on the compute node server. It is used to control the management of the SR-IOV network card and its VM. The Neutron OVS agent is running. Another process on the compute node server.
本公开通过在网卡驱动中设置映射模块,将需要抓包的网卡设置到网卡驱动中,并且由网卡驱动来完成镜像功能,而主机HOST则可以通过专用抓包工具(TcpDump等)对镜像口的报文进行抓取,从而解决SR-IOV网卡在虚拟机环境中的虚拟机对于自身虚拟网卡而导致的抓包问题。通过本公开,可以在不增加额外的外部设备并且不改变外部设置配置的情况下完成对于虚拟机中所有虚拟网卡端口的抓包;并且,根据本公开的实施例使用难度低、简单易用,通过对网卡的镜像抓包,可以实现网络数据异常的故障定位,以及对网络的流量监控等重要操作。The disclosure sets the mapping module in the network card driver, sets the network card that needs to be captured to the network card driver, and the network card driver completes the mirroring function, and the host HOST can use the special packet capture tool (TcpDump, etc.) to mirror the port. The packet is captured to solve the packet capture problem caused by the virtual machine of the SR-IOV NIC in the virtual machine environment. Through the present disclosure, packet capture for all virtual network card ports in the virtual machine can be completed without adding additional external devices and without changing the external setting configuration; and, according to an embodiment of the present disclosure, the use is low in difficulty and easy to use. By capturing the image of the NIC, you can implement fault location for network data abnormality and important operations such as traffic monitoring on the network.
在一个实施例中,在步骤S10,将待抓包网卡与镜像端口进行与所述映射模块的关联配置的步骤包括:步骤11。In an embodiment, in step S10, the step of performing the association configuration of the to-be-captured network card and the mirrored port with the mapping module includes: Step 11.
在步骤S11,选定镜像端口,所述镜像端口为物理主机能够直接进行抓包的端口。In the step S11, the mirrored port is selected, and the mirrored port is a port that the physical host can directly capture.
具体地,为了能够通过镜像端口获取到待抓包网卡端口中的报文,镜像端口需要能够被物理主机加载,即物理主机能够对镜像端口进行抓包。Specifically, the mirrored port needs to be able to be loaded by the physical host, that is, the physical host can capture the mirrored port.
在网卡驱动中设置好映射模块之后,需要选定一个作为镜像端口的网卡端口。镜像端口是用以储存待抓包网卡的镜像,并且使物理主机通过抓包获取该镜像中的报文,因此镜像端口与待抓包网卡不同的地方在于镜像端口能够被物理主机加载(待抓包网卡为物理主机无法加载的,因此物理主机无法对待抓包网卡直接进行抓包),从而物理主机能够直接对镜像端口进行抓包,获取镜像端口中的报文。通过选定物理主机能够加载的端口作为镜像端口,使得物理主机能够直接对镜像端口进行抓包,从而快速的获取镜像端口中的报文。After setting up the mapping module in the NIC driver, you need to select a NIC port as the mirroring port. A mirrored port is used to store the image of the NIC to be captured, and the physical host obtains the packet in the mirror. Therefore, the mirrored port is different from the NIC to be captured. The mirrored port can be loaded by the physical host. The physical network host cannot capture the physical network host. Therefore, the physical host can capture packets directly from the captured network adapter. The physical host can capture packets on the mirrored port and obtain packets on the mirrored port. By selecting the port that can be loaded by the physical host as the mirroring port, the physical host can capture the mirrored port directly.
在一个实施例中,在步骤S20,通过映射模块在镜像端口中生成待抓包网卡的镜像的步骤包括:步骤S21。In an embodiment, in step S20, the step of generating a mirror image of the network card to be captured in the mirror port by using the mapping module includes: step S21.
步骤S21,获取待抓包网卡的报文,通过映射模块将报文映射至镜像端口。Step S21: Obtain a packet of the network card to be captured, and map the packet to the mirrored port by using the mapping module.
具体地,通过映射模块对待抓包网卡进行镜像时,首先映射端口会获取到待抓包网卡发送与接收到的数据,然后将获取到的数据发送到镜像端口中,并在镜像端口中生成待抓包网卡的镜像。对待映射模块对抓包网卡进行镜像,实质上就是对待抓包网卡接收与发送的数据进行复制,并将复制的数据发送至镜像端口,从而使得镜像端口中的数据与待抓包网卡的相同。Specifically, when the mapping module is used to mirror the captured network card, the mapping port first obtains the data sent and received by the network card to be captured, and then sends the obtained data to the mirrored port, and generates the image in the mirrored port. Capture the image of the network card. The mapping module is configured to mirror the captured network card, which is to copy the data received and sent by the captured network card, and send the copied data to the mirrored port, so that the data in the mirrored port is the same as the data packet to be captured.
通过映射模块,能够将待抓包网卡接收与发送的数据发送至镜像端口,以生成待抓包网卡的镜像。镜像端口在完成镜像之后,物理主机能够通过抓包获取到镜像端口中待抓包网卡的镜像,从而使得物理主机实现对待抓包网卡的抓包。The mapping module can send the data received and sent by the network card to be captured to the mirroring port to generate a mirror image of the network card to be captured. After the mirroring port is mirrored, the physical host can obtain the mirroring of the NIC to be captured on the mirroring port.
在一个实施例中,如图3所示,在步骤S30,对镜像端口中的镜像进行抓包,获取镜像端口的报文的步骤包括:步骤S31-S342。In an embodiment, as shown in FIG. 3, in step S30, the image of the mirrored port is captured, and the step of obtaining the packet of the mirrored port includes: Steps S31-S342.
在步骤S31,在接收到抓包指令后,基于物理主机通过预设抓包 工具对镜端口进行抓包。In step S31, after receiving the packet capture instruction, the mirror port is captured by the preset packet capture tool based on the physical host.
具体地,镜像端口完成对待抓包网卡的镜像后,在接收到物理主机发送的抓包指令时,物理主机通过抓包工具对镜像端口中的镜像报文进行抓取,从而获取需要的报文。Specifically, after the mirroring port completes the mirroring of the packet to be captured, the physical host obtains the required packet by using the packet capture tool to capture the mirrored packet. .
在镜像端口中设置好需要抓包的网卡的镜像报文后,物理主机能够在需要抓包的时候由网卡驱动来获取目标网卡的镜像报文。物理主机通过抓包工具(例如TcpDump等)抓取镜像口的报文。After the mirroring packet of the NIC that needs to be captured is set on the mirrored port, the physical host can obtain the mirrored packet of the target NIC when the packet needs to be captured. The physical host captures the packets of the mirroring port through the packet capture tool (such as TcpDump).
SR-IOV网卡本身里面有寄存器,可以在其中设置源目的的镜像,但是由于没有驱动的接口和实现,因此物理主机无法随意的进行对网卡的抓包。在本公开中,通过在网卡驱动中建立映射模块,并且由映射模块建立物理主机与需要抓包的目标网卡之间的桥梁,由此解决了物理主机无法直接对挂载在虚拟机上的虚拟网卡进行查看(进行抓包等操作)的问题。根据本公开,物理主机通过对网卡驱动的查看,而网卡驱动通过映射模块完成对网卡的镜像抓包,从而实现了对网卡的镜像抓包。The SR-IOV network card itself has registers in which the source destination image can be set. However, since there is no driver interface and implementation, the physical host cannot randomly capture the network card. In the present disclosure, by establishing a mapping module in the network card driver, and the mapping module establishes a bridge between the physical host and the target network card that needs to be captured, thereby solving the problem that the physical host cannot directly mount the virtual machine on the virtual machine. The problem that the NIC performs viewing (operations such as capturing packets). According to the disclosure, the physical host performs the view of the network card driver, and the network card driver completes the image capture of the network card through the mapping module, thereby implementing image capture of the network card.
在一个实施例中,如图3所示,在步骤S31,基于物理主机通过预设抓包工具对镜端口进行抓包的步骤之后包括:步骤S32。In an embodiment, as shown in FIG. 3, in step S31, after the step of capturing the mirror port by using the preset packet capture tool based on the physical host, the method includes: step S32.
在步骤S32,记录抓包时长,并与预设抓包时长进行比对,根据抓包时长与预设抓包时长的比对结果控制是否停止抓包。In step S32, the packet capture duration is recorded, and compared with the preset packet capture duration, and the packet capture is stopped according to the comparison result of the capture packet duration and the preset capture duration.
具体地,开始抓包时,记录抓包开始时间,在抓包进行的过程中,当前时间减去抓包开始时间即可得到抓包时长。将抓包时长与预设抓包时长进行对比,来确定是否继续进行抓包,从而能够准确控制本次抓包的数据量。Specifically, when the packet capture is started, the packet capture start time is recorded. In the process of capturing the packet, the current time is subtracted from the packet capture start time to obtain the packet capture duration. Compare the packet capture duration with the preset capture packet duration to determine whether to continue packet capture, so as to accurately control the amount of data captured in the capture packet.
抓包就是将网络传输发送与接收的数据包进行截获、重发、编辑、转存等操作,因此抓包的目标是数据,而随着抓包时长的增加,抓包的数据量也会随之增加。数据量的增加会使得抓取的报文所占用的资源增加,而过于庞大的数据不利于后续的解读。因此,需要将所抓取的数据控制在合适的大小,这样既能够一次性获取到足够的数据量,又不会因为数据过于庞大所导致占用资源过多、读取速度慢等问题。通过对抓包时长的控制,可以达到控制抓取数据的量的目的,当 抓包时长达到预设的抓包时长时,表明已经抓取了足够数据的报文,此时需要停止抓包,以免抓取的报文数据过于庞大,使得储存和读取造成不便。Packet capture is the process of intercepting, resending, editing, and transferring data packets sent and received by the network transmission. Therefore, the target of packet capture is data, and as the packet capture time increases, the amount of data captured by the packet will also follow. Increase. The increase in the amount of data will increase the resources occupied by the captured messages, while the excessively large data is not conducive to subsequent interpretation. Therefore, it is necessary to control the captured data to an appropriate size, so that a sufficient amount of data can be acquired at one time, and the problem that the data is too large and the resource consumption is too large and the reading speed is slow is not caused. The control of the packet capture duration can be used to control the amount of data to be captured. When the packet capture duration reaches the preset packet capture duration, it indicates that the packet has been captured with sufficient data. In order to avoid the crawling of the message data is too large, making storage and reading inconvenient.
在一个实施例中,在步骤S32,根据抓包时长与预设抓包时长的比对结果控制是否停止抓包的步骤之后包括:步骤S33和S34。在步骤S33,当抓包时长小于预设抓包时长时,则持续抓包。在步骤S34,当抓包时长大于或等于预设抓包时长时,则停止抓包。In an embodiment, in step S32, after the step of controlling whether to stop capturing packets according to the comparison result of the packet capture duration and the preset packet capture duration, the steps include: steps S33 and S34. In step S33, when the packet capture duration is less than the preset packet capture duration, the packet capture is continued. In step S34, when the packet capture duration is greater than or equal to the preset capture packet duration, the packet capture is stopped.
具体地,抓包时长决定了本次抓包的总数据量。预设时长是根据抓包需求与软硬件条件决定的,在设置好预设时长后,根据记录的抓包时长与预设时长的关系来控制是否停止抓包。Specifically, the length of the packet capture determines the total amount of data captured in this capture. The preset duration is determined according to the packet capture requirement and the hardware and software conditions. After the preset duration is set, whether to stop the packet capture is controlled according to the relationship between the recorded packet capture duration and the preset duration.
抓包获取的数据量随着抓包时长的增加而增加,而需要抓取端口多少的数据则根据不同的情况进行调整。若是抓取的数据量太少,则在进行数据监控或者网络安全等目的是可能会由于数据不足而导致无法获得精确的信息。若是抓取的数据量太多,则可能会导致储存或传输不便甚至是失败,并且过多的数据只会使得使用者在进行分析时的效率变低,而并不能显著的提升分析结果的准确性。因而,根据具体的需求设置预设抓包时长后,抓包时会将抓包时长与预设抓包时长进行比对,通过比对结果确定继续抓包或者停止抓包,从而可以精确的控制端口抓取的数据量。The amount of data acquired by the packet capture increases as the packet capture time increases, and the amount of data that needs to be fetched is adjusted according to different conditions. If the amount of data captured is too small, the purpose of data monitoring or network security may result in the inability to obtain accurate information due to insufficient data. If the amount of data captured is too large, it may cause inconvenience or even failure of storage or transmission, and too much data will only make the user less efficient in the analysis, and can not significantly improve the accuracy of the analysis results. Sex. Therefore, after the preset packet capture time is set according to the specific requirements, the packet capture duration is compared with the preset capture packet duration, and the comparison result is determined to continue to capture the packet or stop the packet capture, thereby accurately controlling The amount of data fetched by the port.
在一个实施例中,如图3所示,在步骤S34,当抓包时长大于或等于预设抓包时长时,则停止抓包的步骤之后包括:步骤S341。In an embodiment, as shown in FIG. 3, in step S34, when the packet capture duration is greater than or equal to the preset packet capture duration, the step of stopping the packet capture includes: step S341.
在步骤S341,停止抓包后将所述抓包获取的报文储存在预设本地路径中。In step S341, after the packet capture is stopped, the packet acquired by the packet capture is stored in a preset local path.
在抓包结束后,将获取到的端口数据(即抓包获取的报文)储存在本地,储存路径为预设的本地路径。After the packet capture is complete, the obtained port data (that is, the packet obtained by the packet capture) is stored locally, and the storage path is a preset local path.
抓包结束后,获取的报文需要指定一个储存的本地路径,从而将报文储存在本地中。储存在本地可以使技术人员能够更好的在本地使用抓取的报文。技术人员在需要时则能够按照指定的路径获取到本地储存的报文,从而实现对本地数据的分析等工作。After the packet capture is complete, the obtained packet needs to be assigned a stored local path to store the packet locally. Stored locally allows technicians to better use locally captured messages. The technician can obtain the locally stored message according to the specified path when needed, thereby realizing the analysis of the local data.
在一个实施例中,在步骤S34,当抓包时长大于或等于预设抓包 时长时,则停止抓包的步骤还包括:步骤S342。In an embodiment, in step S34, when the packet capture duration is greater than or equal to the preset packet capture duration, the step of stopping the packet capture further includes: step S342.
在步骤S342,停止抓包后将所述抓包获取的报文通过网络发送到预设的远端地址。In step S342, after the packet capture is stopped, the packet obtained by the packet capture is sent to the preset remote address through the network.
具体地,除了将抓取的报文储存在指定本地路径之外,还可以设置将抓取的报文发送至远端地址,从而实现技术人员的对网络数据的远程监控与分析。Specifically, in addition to storing the captured message in the specified local path, the captured message can be sent to the remote address, thereby implementing remote monitoring and analysis of the network data by the technician.
在网络监控或者网络安全领域中,一般而言会设置少量的管理员设备对于整个网络中的设备进行监控与管理。技术人员通过管理员设备能够统一对网络中所有设备进行管理,但是管理员设备需要获取到网络中其他设备的抓包数据。为了能够使管理员获取到整个网络中需要进行监控的设备端口数据,则需要通过对设备的端口进行抓包,并且在抓包后将获取到的端口数据发送至远端地址(远端地址即管理员的计算机地址),从而实现远程监控等计算机操作。根据本公开的网卡镜像抓包方法除了能够将抓包数据储存在本地之外,还能够设置将抓包数据通过网络发送至远端的地址。这样,技术人员能够通过管理员设备统一对网络中的设备进行管理。In the field of network monitoring or network security, a small number of administrator devices are generally set to monitor and manage devices in the entire network. The administrator can manage all the devices on the network through the administrator device. However, the administrator device needs to obtain packet capture data from other devices on the network. To enable the administrator to obtain the port data of the device that needs to be monitored on the entire network, you need to capture the port of the device and send the obtained port data to the remote address after the packet is captured. The administrator's computer address), thus enabling computer operations such as remote monitoring. According to the NIC image capture method of the present disclosure, in addition to being able to store the captured data locally, it is also possible to set an address for transmitting the packet data to the remote end through the network. In this way, the technician can uniformly manage the devices in the network through the administrator device.
本公开还提供一种终端。所述终端包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的网卡镜像抓包程序,所述网卡镜像抓包程序被所述处理器执行时实现如上所述的网卡镜像抓包方法步骤。The present disclosure also provides a terminal. The terminal includes: a memory, a processor, and a network card image capture program stored on the memory and operable on the processor, where the network card image capture program is implemented by the processor, as described above The steps of the NIC image capture method.
在所述处理器上运行的网卡镜像抓包程序被执行时所实现的方法可参照本公开网卡镜像抓包方法各个实施例,在此不再赘述。For the method for implementing the NIC image capture program running on the processor, reference may be made to the embodiments of the NIC image capture method of the present disclosure, and details are not described herein again.
此外本公开实施例还提出一种计算机可读存储介质。Further, embodiments of the present disclosure also propose a computer readable storage medium.
本公开计算机可读存储介质上存储有网卡镜像抓包程序,所述网卡镜像抓包程序被处理器执行时实现如上所述的网卡镜像抓包方法的步骤。The network readable storage medium of the present disclosure stores a network card image capture program, and the network card image capture program is executed by the processor to implement the steps of the network card image capture method as described above.
在所述处理器上运行的网卡镜像抓包程序被执行时所实现的方法可参照本公开网卡镜像抓包方法各个实施例,在此不再赘述。For the method for implementing the NIC image capture program running on the processor, reference may be made to the embodiments of the NIC image capture method of the present disclosure, and details are not described herein again.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过 程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is to be understood that the term "comprises", "comprising", or any other variants thereof, is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a series of elements includes those elements. It also includes other elements that are not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional elements in the process, method, article, or device that comprises the element.
上述本公开实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present disclosure are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本公开的技术方案本质部分或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机、计算机、服务器、空调器、或者网络设备等)执行本公开各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform. Based on such understanding, the essential part of the technical solution of the present disclosure or the part contributing to the prior art can be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present disclosure.
上面结合附图对本公开的实施例进行了描述,但是本公开并不局限于上述的具体实施方式。上述的具体实施方式仅仅是示意性的,而不是限制性的。本领域的普通技术人员在本公开的启示下,在不脱离本公开宗旨和权利要求所保护的范围情况下,还可做出很多形式,这些均属于本公开的保护之内。The embodiments of the present disclosure have been described above with reference to the accompanying drawings, but the present disclosure is not limited to the specific embodiments described above. The above detailed description is merely illustrative and not restrictive. Numerous forms of the invention may be made without departing from the scope of the disclosure and the scope of the invention.

Claims (10)

  1. 一种网卡镜像抓包方法,包括以下步骤:A NIC image capture method includes the following steps:
    配置映射模块,并将待抓包网卡与镜像端口进行与所述映射模块的关联配置;The mapping module is configured, and the network card to be captured and the mirrored port are associated with the mapping module.
    通过映射模块在镜像端口中生成待抓包网卡的镜像;以及Generating an image of the network card to be captured in the mirrored port by using the mapping module;
    对镜像端口中的镜像进行抓包,获取镜像端口的报文。Capture the mirrored port and obtain the mirrored port.
  2. 如权利要求1所述的网卡镜像抓包方法,其中,所述将待抓包网卡与镜像端口进行与所述映射模块的关联配置的步骤包括以下步骤:The NIC image capture method of claim 1, wherein the step of configuring the association between the network card to be captured and the mirrored port and the mapping module comprises the following steps:
    选定镜像端口,所述镜像端口为物理主机能够直接进行抓包的端口。A mirrored port is selected. The mirrored port is a port on which the physical host can directly capture packets.
  3. 如权利要求1所述的网卡镜像抓包方法,其中,所述通过映射模块在镜像端口中生成待抓包网卡的镜像的步骤包括以下步骤:The NIC image capture method of claim 1, wherein the step of generating a mirror image of the network card to be captured by the mapping module in the mirroring port comprises the following steps:
    获取待抓包网卡的报文,通过映射模块将报文映射至镜像端口。Obtain the packet of the NIC to be captured, and map the packet to the mirrored port through the mapping module.
  4. 如权利要求1所述的网卡镜像抓包方法,其中,所述对镜像端口中的镜像进行抓包,获取镜像端口的报文的步骤包括以下步骤:The NIC image capture method of claim 1, wherein the step of capturing the image of the mirrored port and obtaining the packet of the mirrored port comprises the following steps:
    在接收到抓包指令后,基于物理主机通过预设抓包工具对镜端口进行抓包。After receiving the packet capture command, the mirror port is captured by the default packet capture tool based on the physical host.
  5. 如权利要求4所述的网卡镜像抓包方法,其中,所述基于物理主机通过预设抓包工具对镜端口进行抓包的步骤之后包括以下步骤:The NIC image capture method according to claim 4, wherein the step of capturing the mirror port by using the preset packet capture tool after the step of the physical host includes the following steps:
    记录抓包时长,并与预设抓包时长进行比对,根据抓包时长与预设抓包时长的比对结果控制是否停止抓包。Record the length of the packet capture and compare it with the preset packet capture time. Control whether to stop capturing packets based on the comparison between the packet capture duration and the preset capture duration.
  6. 如权利要求5所述的网卡镜像抓包方法,其中,所述根据抓 包时长与预设抓包时长的比对结果控制是否停止抓包的步骤之后包括以下步骤:The NIC image capture method of claim 5, wherein the step of controlling whether to stop capturing packets according to the comparison result of the packet capture duration and the preset packet capture duration comprises the following steps:
    当抓包时长小于预设抓包时长时,则持续抓包;以及When the packet capture duration is less than the preset capture packet duration, the packet capture continues;
    当抓包时长大于或等于预设抓包时长时,则停止抓包。When the packet capture duration is greater than or equal to the preset capture packet duration, the packet capture is stopped.
  7. 如权利要求6所述的网卡镜像抓包方法,其中,所述当抓包时长大于或等于预设抓包时长时,则停止抓包的步骤包括以下步骤:The method for capturing a network card image capture method according to claim 6, wherein when the packet capture duration is greater than or equal to the preset capture packet duration, the step of stopping the capture packet includes the following steps:
    停止抓包后将所述抓包获取的报文储存在预设本地路径中。After the packet capture is stopped, the packet obtained by the packet capture is stored in the preset local path.
  8. 如权利要求6所述的网卡镜像抓包方法,其中,所述当抓包时长大于或等于预设抓包时长时,则停止抓包的步骤还包括以下步骤:The method for capturing a network card image capture method according to claim 6, wherein when the packet capture duration is greater than or equal to a preset capture packet duration, the step of stopping the capture packet further includes the following steps:
    停止抓包后将所述抓包获取的报文通过网络发送到预设的远端地址。After the packet is stopped, the packet obtained by the packet is sent to the preset remote address through the network.
  9. 一种终端,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的网卡镜像抓包程序,所述网卡镜像抓包程序被所述处理器执行时实现如权利要求1至8中任一项所述的网卡镜像抓包方法的步骤。A terminal includes: a memory, a processor, and a network card image capture program stored on the memory and operable on the processor, where the network card image capture program is implemented by the processor, such as a right The step of the network card image capture method according to any one of claims 1 to 8.
  10. 一种计算机可读存储介质,其中,所述计算机可读存储介质上存储有网卡镜像抓包程序,所述网卡镜像抓包程序被处理器执行时实现如权利要求1至8中任一项所述的网卡镜像抓包方法的步骤。A computer readable storage medium, wherein the computer readable storage medium stores a network card image capture program, and the network card image capture program is executed by the processor to implement any one of claims 1 to 8. The steps of the network card image capture method.
PCT/CN2018/106521 2017-09-19 2018-09-19 Network card image packet capture method, terminal, and readable storage medium WO2019057089A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710850154.3 2017-09-19
CN201710850154.3A CN109525509A (en) 2017-09-19 2017-09-19 Network interface card mirror image packet snapping method, terminal and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
WO2019057089A1 true WO2019057089A1 (en) 2019-03-28

Family

ID=65768524

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/106521 WO2019057089A1 (en) 2017-09-19 2018-09-19 Network card image packet capture method, terminal, and readable storage medium

Country Status (2)

Country Link
CN (1) CN109525509A (en)
WO (1) WO2019057089A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115002203A (en) * 2021-03-02 2022-09-02 京东科技信息技术有限公司 Data packet capturing method, device, equipment and computer readable medium

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311729A (en) * 2019-07-29 2021-02-02 南京南瑞继保工程技术有限公司 Online packet capturing method and system
CN110958152A (en) * 2019-10-13 2020-04-03 苏州浪潮智能科技有限公司 Method, system and equipment for monitoring virtual machine service network
CN111835663B (en) * 2020-07-16 2022-04-26 普强时代(珠海横琴)信息技术有限公司 Real-time call monitoring method based on network packet capturing analysis
CN112003927A (en) * 2020-08-21 2020-11-27 福州华纳信息科技有限公司 Network virtual number shaking method and system
CN113055225B (en) * 2021-02-08 2023-12-05 网宿科技股份有限公司 Network fault analysis data acquisition method, terminal and server
CN115914253A (en) * 2021-09-29 2023-04-04 中兴通讯股份有限公司 Network data packet capturing method, client and server
CN116155682A (en) * 2021-11-23 2023-05-23 中兴通讯股份有限公司 Data packet capturing method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055653A (en) * 2009-11-10 2011-05-11 中兴通讯股份有限公司 Packet sniffing method and device in high-speed interconnection system
CN105357151A (en) * 2015-11-19 2016-02-24 成都科来软件有限公司 DPDK-based packet capture and mirror image flow forwarding method
CN106330621A (en) * 2016-09-30 2017-01-11 深圳市吉祥腾达科技有限公司 Testing method for interchanger transmission signal performance and testing system
CN106375384A (en) * 2016-08-28 2017-02-01 北京瑞和云图科技有限公司 Management system of mirror network flow in virtual network environment and control method
US20170063695A1 (en) * 2015-05-22 2017-03-02 Los Alamos National Security, Llc. Full flow retrieval optimized packet capture
US20170251065A1 (en) * 2016-02-29 2017-08-31 Cisco Technology, Inc. System and Method for Data Plane Signaled Packet Capture in a Service Function Chaining Network

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2717515A1 (en) * 2012-06-30 2014-04-09 Huawei Technologies Co., Ltd. Virtual port monitoring method and device
JP6248763B2 (en) * 2014-03-31 2017-12-20 富士通株式会社 Capture point determination method, capture point determination system, and capture point determination program
CN105306388A (en) * 2015-11-06 2016-02-03 西安交大捷普网络科技有限公司 Port data mirroring implementation method based on netfilter framework
CN105808167B (en) * 2016-03-10 2018-12-21 深圳市杉岩数据技术有限公司 A kind of method, storage equipment and the system of the link clone based on SR-IOV
CN106254176B (en) * 2016-07-29 2019-09-24 浪潮(北京)电子信息产业有限公司 A kind of traffic mirroring method based on openvswitch
CN106961363A (en) * 2017-03-29 2017-07-18 云络动力(北京)科技有限公司 A kind of method and system for capturing virtual switch User space data plane data message
CN107294869A (en) * 2017-06-22 2017-10-24 郑州云海信息技术有限公司 A kind of method and system of Microsoft Loopback Adapter message crawl

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055653A (en) * 2009-11-10 2011-05-11 中兴通讯股份有限公司 Packet sniffing method and device in high-speed interconnection system
US20170063695A1 (en) * 2015-05-22 2017-03-02 Los Alamos National Security, Llc. Full flow retrieval optimized packet capture
CN105357151A (en) * 2015-11-19 2016-02-24 成都科来软件有限公司 DPDK-based packet capture and mirror image flow forwarding method
US20170251065A1 (en) * 2016-02-29 2017-08-31 Cisco Technology, Inc. System and Method for Data Plane Signaled Packet Capture in a Service Function Chaining Network
CN106375384A (en) * 2016-08-28 2017-02-01 北京瑞和云图科技有限公司 Management system of mirror network flow in virtual network environment and control method
CN106330621A (en) * 2016-09-30 2017-01-11 深圳市吉祥腾达科技有限公司 Testing method for interchanger transmission signal performance and testing system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115002203A (en) * 2021-03-02 2022-09-02 京东科技信息技术有限公司 Data packet capturing method, device, equipment and computer readable medium

Also Published As

Publication number Publication date
CN109525509A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
WO2019057089A1 (en) Network card image packet capture method, terminal, and readable storage medium
CN108509210B (en) System and method for automatically updating basic input output system
US11050683B2 (en) System for providing dialog content
CN107786794B (en) Electronic device and method for providing an image acquired by an image sensor to an application
US11574781B2 (en) Electronic kill and physical cover switch
WO2016101288A1 (en) Remote direct memory accessmethod, device and system
WO2019228344A1 (en) Resource configuration method and apparatus, and terminal and storage medium
KR20150072442A (en) Home gateway and intelligent terminal integrated system and communication method therefor
Haris et al. Evolution of android operating system: a review
WO2016036110A1 (en) Network access management method and electronic device for same
WO2021120976A2 (en) Load balance control method and server
WO2019178957A1 (en) Distributed system test method and device, computer device and storage medium
US11770458B1 (en) Systems for exchanging data using intermediate devices
US11010213B2 (en) Electronic device and method for providing event management service
US10284614B2 (en) Method for downloading contents of electronic device and electronic device thereof
CN110275787B (en) Online platform data transmission method, device, medium and electronic equipment
JP2013246817A (en) Remote card content management using synchronous server-side scripting
US10212215B2 (en) Apparatus and method for providing metadata with network traffic
CN112769876A (en) Method, device, equipment and medium for acquiring equipment channel information
CN104570967B (en) Long-range control method and system based on android system
US20150341827A1 (en) Method and electronic device for managing data flow
KR102089629B1 (en) Method for processing data and an electronic device thereof
CN116610508A (en) Heat dissipation test method and device, electronic equipment and storage medium
CN113391931B (en) Remote control method and device based on Bluetooth, computer equipment and storage medium
KR20190140664A (en) Electronic device and method for controlling function of relaying wireless lan connection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18857664

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 10/09/2020 )

122 Ep: pct application non-entry in european phase

Ref document number: 18857664

Country of ref document: EP

Kind code of ref document: A1