Unlock instant, AI-driven research and patent intelligence for your innovation.

Traffic drainage first packet identification method, device and apparatus and medium

An identification method and first packet technology, applied in the field of data network, can solve problems such as large misidentification and misidentification, and achieve the effect of ensuring timeliness and improving effective first packet identification.

Inactive Publication Date: 2018-06-15
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] For C / S (client / server) applications, only the destination IP (Internet Protocol, the protocol for interconnection between networks) in the five-tuple information is extracted for the first packet identification. If the server has other applications, it will Lead to misidentification; for P2P applications, different users may have different source ports, and only extract the source port in the quintuple for first packet identification, the probability of misidentification is relatively high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Traffic drainage first packet identification method, device and apparatus and medium
  • Traffic drainage first packet identification method, device and apparatus and medium
  • Traffic drainage first packet identification method, device and apparatus and medium

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0109] Example 1: Identification of the first packet of IMAP (Internet Mail Access Protocol) traffic

[0110] After the first packet of unknown traffic enters the first packet identification module, its port is obtained as 143. By matching the first packet identification rule base, the port rule is hit, and it is determined to be IMAP traffic, which realizes the unknown traffic in the first packet identification module. Identification, so that the corresponding link output can be selected for the traffic according to the traffic diversion rules. The following is an example of a fixed port rule:

[0111] -Layer4Tcp-ProtocolID 99-RuleID 1-RuleTypePort

[0112] -Port 143

[0113] The application corresponding to the output ProtocolID is an IMAP protocol application;

[0114] in,

[0115] Layer4: the protocol adopted by the fourth layer;

[0116] ProtocolID: The protocol ID output after this rule is hit, that is, the application to which it belongs;

[0117] RuleID:: The ID ...

example 2

[0119] Example 2: Traffic of 163 mailboxes

[0120] Identify the first packet of the traffic accessing the 163 mailbox. When extracting the characteristics of the first packet, you will find that this flow is carried on the HTTP protocol. Then you can extract the domain name information of this traffic for DNS analysis, so it will extract The five-tuple information + domain name information of this traffic is matched in the first packet identification rule base. Therefore, the feature of the first packet of the first packet of data is: five-tuple + information required by the rule.

example 3

[0121] Example 3: Identification of the first packet of FTP (File Transfer Protocol) data traffic

[0122] When extracting the characteristics of the first packet, the unknown traffic fails to match successfully in the first packet data rule base, then the traffic enters the DPI identification module for DPI in-depth identification, and obtains the information of the application to which the traffic belongs (including: Group information, DPI identifies the application protocol ID and hit rule ID), sends the information to the first packet identification module, and the first packet identification module matches the information in the first packet identification rule base according to the information returned by the DPI identification module. The rules matched by the packet identification rule base will analyze and extract the five-tuples of the traffic using the method of in-depth analysis, and then update the extracted five-tuple information and the application ID to the assoc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a traffic drainage first packet identification method, device and apparatus and a medium. The method comprises the steps of extracting an appointed first packet characteristicfrom first packet data when the first packet data of application traffic is received; matching a first packet identification rule in a pre-configured first packet identification rule base by taking the first packet characteristic as a matching condition, wherein the first packet identification rule base comprises a fixed port identification rule and / or a DNS analysis identification rule; and identifying the first packet data according to the matched first packet identification rule when the matching is successful. According to the method, the device and the apparatus and the medium, the application traffic drainage timeliness can be ensured.

Description

technical field [0001] The invention relates to the field of data networks, in particular to a first packet identification method, device, equipment and medium for traffic diversion. Background technique [0002] At present, Internet users have limited server and export bandwidth resources, and the link stability and real-time performance are not high. Therefore, users often rent several higher-quality links from China Telecom or China Unicom for important services with high real-time performance and high stability. Lease ordinary links for unimportant services to improve work efficiency and network resource utilization. In this scenario, users need to use the traffic diversion function to divert traffic to the appropriate link according to the application type and user policy to achieve the goal. To divert business traffic, it is first necessary to identify the application to which the traffic belongs in the first packet. Only when the application to which the traffic belo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26
CPCH04L43/026H04L43/028
Inventor 薛智慧张新潘季明吴秀虹辛易思
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com