CN102497298A - Network audit equipment and method based on flow statistic network card - Google Patents
Network audit equipment and method based on flow statistic network card Download PDFInfo
- Publication number
- CN102497298A CN102497298A CN2011104270913A CN201110427091A CN102497298A CN 102497298 A CN102497298 A CN 102497298A CN 2011104270913 A CN2011104270913 A CN 2011104270913A CN 201110427091 A CN201110427091 A CN 201110427091A CN 102497298 A CN102497298 A CN 102497298A
- Authority
- CN
- China
- Prior art keywords
- module
- network
- audit
- interface card
- traffic statistics
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides network audit equipment and a method based on a flow statistic network card. Flow statistical equipment is composed of the network statistic network card and network audit software, and a hardware chip of the flow statistic network card is provided with two modules namely a message classification module and a message statistic module; and a base flow statistical result is read by the software through a hardware register, and the data needing content analysis is uploaded to the software. Compared with the prior art, the equipment and the method provided by the invention have the beneficial effect of improving the performances of the audit equipment.
Description
Technical field
The invention belongs to the network data processing field, be specifically related to a kind of network audit equipment and method based on the traffic statistics network interface card.
Background technology
Network auditing system equipment is meant the equipment that IDS etc. audits to network traffics and content, and this kind equipment need be discerned the content of various types of message characteristics and Network Transmission in the network traffics, statistics and analysis.General express network audit equipment comprises two parts function, and a part is basic traffic statistics, and such as the flow counting of certain port, ip, agreement, another part is the analysis to the network data content.Wherein, the data that the former processing procedure simple fixation, but need to handle all data, latter's complex disposal process but need are handled are less.In the applied environment of express network, network audit requires very high to equipment performance.
The patent No. " CN200610124026.2 " denomination of invention is " a kind of method and system of network flow statistic "; A kind of statistical method of network traffics is disclosed; Comprise: network traffics are subscribed to equipment and are sent sip subscribe message to network flow statistic equipment, and network traffics pull subscription; Network flow statistic equipment carries out network flow statistic according to the said sip subscribe message that receives; Network flow statistic equipment returns to network traffics through the SIP notification message with the network flow statistic result and subscribes to equipment.The invention also discloses a kind of network flow statistic system.Adopt the present invention, make soft switch and sip server can obtain the flow information of sip terminal and WMG easily, thereby make operator for the user corresponding service measures to be provided according to the packet and the signaling traffic of statistics.
The patent No. " CN201110055849.5 " denomination of invention is " a kind of network traffics are confirmed method, device and the network equipment "; Disclose a kind of networking flow and confirmed method, device and the network equipment, in order to solve the problem that prior art can't accurate and effective definite network traffics.This method is gathered data forwarding speed constantly through obtaining each interface in the measurement period at each; And this data forwarding speed that will obtain is saved in the memory space; According to each data forwarding speed of preserving in the memory space, confirm the network traffics of this interface.Each gathers the data forwarding speed of this interface constantly in the measurement period owing to obtain in embodiments of the present invention; According to each data forwarding speed of obtaining; Confirm the network traffics of this interface; Therefore can effectively avoid the short-term burst data, to confirming the influence of network traffics accuracy, thereby improve the accuracy of the network traffics of confirming.
But said system realizes that by network audit software and common hardware common hardware in software, is undertaken the basic traffic statistics and the analysis of data content to all flow collections by software.Because the work of bare flow statistics is that each message all needs, so on express network, the traffic statistics that software is realized need consume a large amount of computational resources, efficient is lower.
Summary of the invention
The present invention overcomes the prior art deficiency, realizes network audit equipment based on the traffic statistics network interface card of special use, improves the efficient of network audit equipment.
The invention provides a kind of network audit equipment based on the traffic statistics network interface card, it comprises network audit software module and traffic statistics network interface card module, and this traffic statistics network interface card module comprises message classification module and counting messages module.
Network audit equipment based on the traffic statistics network interface card provided by the invention, its network audit software module comprises content analysis module and traffic statistics module.
Network audit equipment based on the traffic statistics network interface card provided by the invention, the message classification module of its traffic statistics network interface card module is uploaded to the content analysis module in the network audit software module with the flow that needs carry out content analysis.
Network audit equipment based on the traffic statistics network interface card provided by the invention, its network audit software module comprises the statistic registers module, is used for the data that the stored messages statistical module uploads and passes to the traffic statistics module.
Network audit equipment based on the traffic statistics network interface card provided by the invention, its message classification module is handled message classification according to characteristics such as network interface card ip, port, agreement, length.
Network audit equipment based on the traffic statistics network interface card provided by the invention, its counting messages module are added up according to message characteristic and are upgraded the statistic registers module that can read in the network audit software module.
The present invention also provides a kind of network audit method based on the traffic statistics network interface card, on the hardware chip of said traffic statistics network interface card, realizes message classification and counting messages.
Network audit method based on the traffic statistics network interface card provided by the invention; After input flow rate arrives said traffic statistics network interface card; Handle message classification according to characteristics such as network interface card ip, port, agreement, length; The flow that need carry out content analysis is uploaded to software, needs the data of basic statistics information to pass to the counting messages module.
Network audit method based on the traffic statistics network interface card provided by the invention, said according to message characteristic, in hardware, carry out counting messages, and the statistic registers that can read of update software.
Network audit method based on the traffic statistics network interface card provided by the invention; Network audit software need carry out the network traffics of content analysis from the acquisition of said traffic statistics network interface card; Read the flow statistical information from hardware register simultaneously, software combines to realize comprehensive network audit to both.
The present invention is based on special-purpose traffic statistics network interface card and realize network audit equipment; The traffic statistics network interface card is the hardware network interface card of custom-made; Can in hardware, realize basic classification and statistics to input flow rate; The bare flow statistics supplies software to read through hardware register, and the data that need carry out content analysis just are uploaded to software.
Compared with prior art, beneficial effect of the present invention is: the present invention can promote the performance of network auditing system equipment.
Description of drawings
Fig. 1 is a structural representation of the present invention.
Embodiment
Fig. 1 is a structural representation of the present invention; Comprise network audit software module and traffic statistics network interface card module; This traffic statistics network interface card module comprises message classification module and counting messages module and its network audit software module comprises content analysis module and traffic statistics module and statistic registers module, is used for the data that the stored messages statistical module uploads and passes to the traffic statistics module.
Wherein the message classification module of traffic statistics network interface card module is handled message classification according to characteristics such as network interface card ip, port, agreement, length, and the flow that needs is carried out content analysis is uploaded to the content analysis module in the network audit software module.Wherein the counting messages module is added up according to message characteristic and is upgraded the statistic registers module that can read in the network audit software module.
Implementation method of the present invention and process are following:
(1) realizes message classification and two modules of counting messages on the traffic statistics network interface card hardware chip.
(2) after input flow rate arrives the traffic statistics network interface card; The message classification module is handled message classification according to characteristics such as network interface card ip, port, agreement, length; The flow that need carry out content analysis is uploaded to software, needs the data of basic statistics information to pass to the counting messages module.
(3) the counting messages module is added up in hardware according to message characteristic, and the statistic registers that can read of update software.
(4) content analysis module of the network audit software network traffics that need carry out content analysis from the network interface card acquisition, the traffic statistics module reads the flow statistical information from hardware register, and software combines to realize comprehensive network audit to both.
The present invention is on express network, can promote the performance of network auditing system equipment.
Above embodiment is only in order to technical scheme of the present invention to be described but not to its restriction; Although the present invention has been carried out detailed explanation with reference to the foregoing description; The those of ordinary skill in said field is to be understood that: still can specific embodiments of the invention make amendment or replacement on an equal basis; And do not break away from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (10)
1. network audit equipment based on the traffic statistics network interface card, it comprises network audit software module and traffic statistics network interface card module, it is characterized in that traffic statistics network interface card module comprises message classification module and counting messages module.
2. audit equipment according to claim 1 is characterized in that, the network audit software module comprises content analysis module and traffic statistics module.
3. according to the described audit equipment of claim 1-2, it is characterized in that the message classification module of traffic statistics network interface card module is uploaded to the content analysis module in the network audit software module with the flow that needs carry out content analysis.
4. according to the described audit equipment of claim 1-3, it is characterized in that the network audit software module comprises the statistic registers module, be used for the data that the stored messages statistical module uploads and pass to the traffic statistics module.
5. according to the described audit equipment of claim 1-4, it is characterized in that the message classification module is handled message classification according to characteristics such as network interface card ip, port, agreement, length.
6. according to the described audit equipment of claim 1-5, it is characterized in that the counting messages module is added up according to message characteristic and upgraded the statistic registers module that can read in the network audit software module.
7. the network audit method based on the traffic statistics network interface card is characterized in that, on the hardware chip of said traffic statistics network interface card, realizes message classification and counting messages.
8. auditing method according to claim 7; It is characterized in that; After input flow rate arrives said traffic statistics network interface card; Handle message classification according to characteristics such as network interface card ip, port, agreement, length, the flow that need carry out content analysis is uploaded to software, needs the data of basic statistics information to pass to the counting messages module.
9. according to the described auditing method of claim 7-8, it is characterized in that, said according to message characteristic, in hardware, carry out counting messages, and the statistic registers that can read of update software.
10. according to the described auditing method of claim 7-9; It is characterized in that; The network traffics that network audit software need carry out content analysis from the acquisition of said traffic statistics network interface card read the flow statistical information from hardware register simultaneously, and software combines to realize comprehensive network audit to both.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110427091.3A CN102497298B (en) | 2011-12-19 | 2011-12-19 | Network audit equipment and method based on flow statistic network card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110427091.3A CN102497298B (en) | 2011-12-19 | 2011-12-19 | Network audit equipment and method based on flow statistic network card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102497298A true CN102497298A (en) | 2012-06-13 |
| CN102497298B CN102497298B (en) | 2015-04-01 |
Family
ID=46189086
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110427091.3A Active CN102497298B (en) | 2011-12-19 | 2011-12-19 | Network audit equipment and method based on flow statistic network card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102497298B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102904730A (en) * | 2012-10-26 | 2013-01-30 | 曙光信息产业(北京)有限公司 | Intelligent acceleration network card capable of filtering and picking traffic according to protocol, port and IP address |
| CN102904729A (en) * | 2012-10-26 | 2013-01-30 | 曙光信息产业(北京)有限公司 | Intelligent boost network card supporting multiple applications according to protocol and port shunt |
| CN105978706A (en) * | 2016-04-14 | 2016-09-28 | 丽水市睿鼎知识产权咨询有限公司 | Network traffic linkage auditing equipment and method |
| CN106656647A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Real-time flow monitoring method and real-time flow monitoring device |
| CN106937268A (en) * | 2017-05-16 | 2017-07-07 | 青岛宇硕云联信息科技有限公司 | A kind of flow control system and method |
| CN112508513A (en) * | 2020-11-27 | 2021-03-16 | 中国大唐集团科学技术研究院有限公司 | Network centralized control auditing method and centralized control auditing center for industrial control system of unmanned hydropower station |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349328A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Easy-to-expand network invasion detecting and safety auditing system |
| CN101257399A (en) * | 2007-12-29 | 2008-09-03 | 中国移动通信集团四川有限公司 | Service system united safe platform |
| CN101459523A (en) * | 2007-12-12 | 2009-06-17 | 浪潮乐金数字移动通信有限公司 | On-line traffic statistical method and device based on mobile communication terminal |
| US7735140B2 (en) * | 2004-06-08 | 2010-06-08 | Cisco Technology, Inc. | Method and apparatus providing unified compliant network audit |
| US7826377B2 (en) * | 2006-06-16 | 2010-11-02 | Ixia | Memory access optimization and communications statistics computation |
| CN102195868A (en) * | 2010-12-17 | 2011-09-21 | 曙光信息产业(北京)有限公司 | Method and device for dynamically classifying network messages at high efficiency |
-
2011
- 2011-12-19 CN CN201110427091.3A patent/CN102497298B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349328A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Easy-to-expand network invasion detecting and safety auditing system |
| US7735140B2 (en) * | 2004-06-08 | 2010-06-08 | Cisco Technology, Inc. | Method and apparatus providing unified compliant network audit |
| US7826377B2 (en) * | 2006-06-16 | 2010-11-02 | Ixia | Memory access optimization and communications statistics computation |
| CN101459523A (en) * | 2007-12-12 | 2009-06-17 | 浪潮乐金数字移动通信有限公司 | On-line traffic statistical method and device based on mobile communication terminal |
| CN101257399A (en) * | 2007-12-29 | 2008-09-03 | 中国移动通信集团四川有限公司 | Service system united safe platform |
| CN102195868A (en) * | 2010-12-17 | 2011-09-21 | 曙光信息产业(北京)有限公司 | Method and device for dynamically classifying network messages at high efficiency |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102904730A (en) * | 2012-10-26 | 2013-01-30 | 曙光信息产业(北京)有限公司 | Intelligent acceleration network card capable of filtering and picking traffic according to protocol, port and IP address |
| CN102904729A (en) * | 2012-10-26 | 2013-01-30 | 曙光信息产业(北京)有限公司 | Intelligent boost network card supporting multiple applications according to protocol and port shunt |
| CN102904729B (en) * | 2012-10-26 | 2018-05-01 | 曙光信息产业(北京)有限公司 | The intelligent acceleration network card of more applications is supported according to agreement, port shunt |
| CN106656647A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Real-time flow monitoring method and real-time flow monitoring device |
| CN105978706A (en) * | 2016-04-14 | 2016-09-28 | 丽水市睿鼎知识产权咨询有限公司 | Network traffic linkage auditing equipment and method |
| CN106937268A (en) * | 2017-05-16 | 2017-07-07 | 青岛宇硕云联信息科技有限公司 | A kind of flow control system and method |
| CN106937268B (en) * | 2017-05-16 | 2020-05-22 | 青岛宇硕云联信息科技有限公司 | Flow control system and method |
| CN112508513A (en) * | 2020-11-27 | 2021-03-16 | 中国大唐集团科学技术研究院有限公司 | Network centralized control auditing method and centralized control auditing center for industrial control system of unmanned hydropower station |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102497298B (en) | 2015-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102497298A (en) | Network audit equipment and method based on flow statistic network card | |
| CN109391500B (en) | Configuration management method, device and equipment | |
| MX2010002214A (en) | Digital broadcasting system and method of processing data in digital broadcasting system. | |
| WO2012106861A1 (en) | Terminal distribution information acquisition method, data acquisition device and communication system | |
| CN101836393A (en) | Method and system for multicast statistic collection | |
| CN103532955B (en) | Embedded multi-protocol mobile network data acquisition probe equipment | |
| CN108809752B (en) | Adaptive monitoring method and device for network traffic, NPB (network provider node B) equipment and medium | |
| CN106899987A (en) | The method and device calibrated to the data traffic of mobile terminal | |
| US8139606B2 (en) | Methods and systems for providing switched broadband | |
| CN111885549A (en) | Information acquisition method and device, storage medium and electronic device | |
| CN101355585B (en) | System and method for protecting information of distributed architecture data communication equipment | |
| CN103188611B (en) | Method, device and system for multicast communication of Internet of Things | |
| CN101552735A (en) | Pluggable information bus device based on subscribing mode and realizing method thereof | |
| CN103200585B (en) | Signaling traffic subsystem, extension counter treatment system and method | |
| CN202998135U (en) | Voice quality analysis system used for mobile communication network | |
| WO2022152230A1 (en) | Information flow identification method, network chip, and network device | |
| CN103067280A (en) | Method and device of message processing | |
| CN101098287B (en) | Apparatus and method for implementing IPV6 multicast filtering on EPON using hardware extended mode | |
| CN2912126Y (en) | Device for realizing IPV6 cluster broadcast filtration in EPON network by means of hardware loop | |
| US20200329391A1 (en) | System and method for load balancing of network packets received from a mme with smart filtering | |
| CN105656804B (en) | Message processing method and device | |
| US10812601B2 (en) | Method and system for signaling and radio connection optimization over a cellular network | |
| CN100464594C (en) | Short message filter method | |
| CN113746654A (en) | IPv6 address management and flow analysis method and device | |
| KR101283465B1 (en) | High-speed IP Flow Mediation Apparatus using Network Processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160120 Address after: 124000 Panjin, Liaoning Province, coastal economic zone in the coastal area of the crown building, building 3018, room 3, Liaoning Patentee after: Dawning Information System (Liaoning) Co.,Ltd. Address before: 100084 Beijing Haidian District City Mill Street No. 64 Patentee before: Dawning Information Industry (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220722 Address after: 124000 room 3018, floor 3, Hongguan building, Liaobin coastal economic zone, Panjin City, Liaoning Province Patentee after: Dawning Information System (Liaoning) Co.,Ltd. Patentee after: DAWNING INFORMATION INDUSTRY Co.,Ltd. Address before: 124000 room 3018, 3 / F, Hongguan building, Liaobin coastal economic zone, Panjin, Liaoning Province Patentee before: Dawning Information System (Liaoning) Co.,Ltd. |