Network security monitoring method based on bypass monitoring and software packet capturing technology

A network security and bypass monitoring technology, applied in electrical components, transmission systems, etc., can solve the problems of low detection rate and slow detection speed of automatic alarm and disconnection, so as to reduce potential virus and Trojan attacks, protect security, and improve Discover the effect of speed

Inactive Publication Date: 2015-05-06
STATE GRID CORP OF CHINA +3
View PDF3 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the PC terminal finds the above alarm information, it will contact the server to send the alarm and violation information to the server, and the server w

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security monitoring method based on bypass monitoring and software packet capturing technology
  • Network security monitoring method based on bypass monitoring and software packet capturing technology
  • Network security monitoring method based on bypass monitoring and software packet capturing technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific embodiments.

[0028] see figure 1 , the present invention regularly analyzes all data packets arriving at the security protection server in the network by setting a bypass monitor on the switch on the same network segment as the network security service monitoring software server, and analyzes whether the designated client PC terminal and the security monitoring server are There is login, request or heartbeat data, so as to determine whether the corresponding security protection software is installed on the client PC terminal.

[0029] The principle of the present invention is to mirror on the switch port of the network where the security server is located, set up bypass monitoring, use the JAVA programming language to analyze these network data packets, obtain...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network security monitoring method based on bypass monitoring and software packet capturing technology. The method comprises the steps of (1) setting bypass monitor to an exchange at the same network section with a network security protection server; (2) configuring a source server IP of which the network packet is to be monitored and a data sending port; (3) setting the length of packet capturing time and packet capturing interval; (4) capturing and caching a network data packet, analyzing, and acquiring a source IP list in the data packet through a regular expression; (5) recording the source IP address to form a known IP address library; (6) finding out a new terminal accessed to the network through a network sniffing tool; (7) comparing the source IP list with all PC server lists in the LAN, and determining whether the corresponding security protection software is installed to a client PC terminal. With the adoption of the method, the rate and speed of finding the PC terminal without being provided with the security protection software are improved, and attack from the potential virus and Trojan caused by accessing the PC terminal without being equipped with the security protection software into the network can be reduced.

Description

technical field [0001] The invention belongs to the technical field of computer local area network security management, and in particular relates to a network security monitoring method based on bypass monitoring and software packet capture technology. Background technique [0002] Bypass listening monitoring is to copy the export data to the port connected to the monitoring host through the function of the shared HUB or mirror switch itself, so as to achieve the purpose of monitoring. Bypass monitoring has little impact on network speed, and the management effect is also excellent. Representatives who adopt this monitoring method include LaneCat. winpcap is a set of tools for network packet capture, applicable to 32 / 64-bit operating system platforms to analyze network packets, including core packet filtering, a dungeon dynamic link library and a high-level system function library, And an API that can be used to directly access packets. Libpcap is a network packet capture...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/30
Inventor 王传君崔恒志徐晓海梅沁郭波李萌卢海阳郑海雁官国飞陈玉权宋庆武
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap