Flow monitoring method, device and system

A traffic monitoring and traffic monitoring technology, which is applied in the communication field, can solve problems such as incomplete application layer information and inability to monitor abnormal traffic behavior at the application layer, and achieve the effect of improving the monitoring effect

Active Publication Date: 2014-08-20
TENCENT TECH (SHENZHEN) CO LTD +1
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] During the research and practice of the prior art, the inventor of the present invention found that, for the four-layer protocol model, the appl

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow monitoring method, device and system
  • Flow monitoring method, device and system
  • Flow monitoring method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0030] Embodiment one,

[0031] Embodiments of the present invention will be described from the perspective of a flow monitoring device, which may be integrated in a monitoring server.

[0032] A traffic monitoring method, comprising: obtaining the data flow entering and leaving the server, and mirroring the data flow to obtain the mirrored data flow, distinguishing the mirrored data flow, obtaining the mirrored data flow and the mirrored data flow, according to the TCP protocol The mirrored out data flow and the mirrored inbound data flow are reorganized to obtain a reorganized data flow, and application layer traffic monitoring is performed on the reorganized data flow.

[0033] like figure 1 As shown, the specific flow of the flow monitoring method can be as follows:

[0034] 101. Obtain the data flow entering and leaving the server, and mirror the data flow to obtain the mirrored data flow.

[0035] Wherein, the data stream may carry information such as a Media Access C...

Example Embodiment

[0050] Embodiment two,

[0051] According to the method described in Embodiment 1, an example will be given below for further detailed description.

[0052] see Figure 2a and Figure 2b , the figure is the scenario application diagram of traffic monitoring. Based on this scenario, it can be seen that the operator network can exchange data with the server through the core switch. Among them, the server and the core switch may also include an intermediate layer, which will not be described in detail here. Before the data flows into and out of the core switch, a copy will be mirrored by the splitter switch and sent to the traffic monitoring device for traffic analysis and monitoring.

[0053] like Figure 2aAs shown, the traffic monitoring device may include a receiving module, a four-layer processing module, a seven-layer processing module, an analysis module and an alarm output module, as follows:

[0054] (1) receiving module;

[0055] The receiving module is used to obt...

Example Embodiment

[0087] Embodiment three,

[0088] In order to better implement the above method, the implementation of the present invention also provides a flow monitoring device, such as Figure 3a As shown, the flow monitoring device includes an acquisition unit 301, a distinction unit 302, a reorganization unit 303 and a first monitoring unit, as follows:

[0089] The acquiring unit 301 is configured to acquire data streams entering and leaving the server, and perform mirror mapping on the data streams to obtain mirrored data streams.

[0090] Wherein, the data flow may carry information such as a MAC address.

[0091] A distinguishing unit 302, configured to distinguish the mirrored data stream to obtain a mirrored data stream and a mirrored data stream;

[0092] For example, the distinguishing unit 302 may be specifically configured to distinguish the mirrored data flow according to the MAC address, to obtain the outgoing data flow and incoming data flow of the server.

[0093] The r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a flow monitoring method, device and system. The method includes the steps of firstly, obtaining data streams getting in and out of a server, and conducting image mapping on the data streams to obtain image data streams; secondly, distinguishing the image data streams to obtain image outlet data streams and image inlet data streams; thirdly, regrouping the image outlet data streams and the image inlet data streams according to the TCP protocol to obtain regrouped data streams; fourthly, conducting application layer flow monitoring on the regrouped data streams. Thus, the aim of monitoring application layer flow is achieved, and the monitoring effect is greatly improved.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to a flow monitoring method, device and system. Background technique [0002] At present, the industry generally adopts the method of overall traffic mirroring analysis to monitor abnormal traffic, which can judge whether there is abnormal traffic behavior according to the traffic aggregation of the destination Internet Protocol (IP, Internet Protocol). Before the flow enters the core switch, a copy of the data flow is mirrored to the traffic analysis system. The traffic analysis system analyzes the incoming data flow (that is, the incoming traffic) packet by packet, and performs aggregate statistics on the incoming data flow according to the protocol type. If the traffic exceeds the threshold, an alarm will be output. [0003] During the research and practice of the prior art, the inventor of the present invention found that, for the four-layer protocol model, the applicati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26
Inventor 闫帅帅施晖
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap