Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A TCP stream length connection data analysis method

A technology for connecting data and analysis methods, applied to electrical components, transmission systems, etc., can solve problems such as flow data loss

Active Publication Date: 2019-06-21
全知科技(杭州)有限责任公司
View PDF7 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, most of the protocol analysis connection technologies on the mirrored traffic need or be based on a complete TCP session connection. For the transmission data on the established connection, it is generally ignored and no longer processed, resulting in the loss of the currently established connection traffic data.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be further described below.

[0017] Application layer protocols all have a certain message format, and there are generally no obvious characteristics among multiple message formats in a long connection. Taking the HTTP protocol as an example, the message format is divided into three parts: the first line, the header (Header), and the body (Body). These three parts are separated by CRLF (carriage return and line feed), and there are multiple lines (CRLF separated) inside the header (Header) part, in the form of Key-Value.

[0018] The message format is the same for both the client and the server, which are the first line of the HTTP request and the first line of the HTTP response. The format of the first line of an HTTP request is method, path, and version, separated by spaces. The format of the first line of an HTTP response is version number, status code, and status text, separated by spaces.

[0019] According to the location and characte...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a TCP stream long connection data analysis method. For the established TCP connection data stream, sending the TCP connection data stream to the server; establishing a sessionaccording to the quaternion information; caching few TCP data, the content is detected by data packet boundary and port number information; the characteristics of a known protocol are matched; analyzing a protocol message, distinguishing a connection direction according to content, an IP address and port information analyzed by the protocol, completely analyzing the protocol message, distinguishing a boundary of a message body, adding simulated handshake connection information in an existing communication analysis process, keeping a TCP standard communication protocol in a compatible manner, and continuously analyzing subsequent effective data. According to the invention, protocol identification, analysis and effective data reduction are carried out on data with established connection in traffic, and complete session behaviors of an application layer protocol are restored in network traffic data for an information source for behavior audit and risk discovery; information sources associated with a data flow are discovered through the data flow on an unknown system service.

Description

technical field [0001] The invention belongs to the field of network connection analysis, in particular to a method for analyzing TCP flow long connection data. Background technique [0002] The common network communication process is that the TCP client initiates a network connection, connects to the server, performs data communication on a specific protocol, and closes the connection after completion. There will be a large number of such connection initiation and closing operations for the server-oriented terminal. For system services with large traffic, usually a single server cannot complete the task, but multiple servers provide services equally through proxy. Establish TCP long-term connections in time, and respond to customer requests and provide services on this connection. The effective time of these long-term connections can range from minutes to hours or days. At present, most of the protocol analysis connection technologies on the mirrored traffic need or be bas...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
Inventor 梁永喜
Owner 全知科技(杭州)有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com