Unlock instant, AI-driven research and patent intelligence for your innovation.

Message flow monitoring method and system and electronic equipment

A traffic monitoring and message technology, applied in the field of computer networks, can solve problems such as business impact, single function, and induced attacks, and achieve the effects of reducing interference, improving real-time performance, and reducing deployment costs

Active Publication Date: 2020-07-03
华云数据有限公司
View PDF8 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The applicant pointed out that the above-mentioned existing technology only judges whether it is a network attack by the number of traffic network messages appearing within a set period of time, and only has the effect of detecting traffic attacks; at the same time, the protected network is connected to the Internet link Deploying network traffic analyzers in series will interfere with message traffic to a certain extent, and thus have a certain impact on the services of normal access users; in addition, the above-mentioned existing technologies also have the risk of being induced attacks; finally, in There is also the limitation of single function in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Message flow monitoring method and system and electronic equipment
  • Message flow monitoring method and system and electronic equipment
  • Message flow monitoring method and system and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] ginseng figure 1 and figure 2 A specific implementation manner of a message traffic monitoring method disclosed in the present invention.

[0054] The message flow monitoring method disclosed in this embodiment includes:

[0055] Firstly, step S1 is executed, and the switch 10 configured to perform the mirroring function guides the packet flow to the destination port of the switch 10 . The "destination port" is also called "observation port". The monitoring device can be used to observe and analyze the packets copied to the observation port to realize network monitoring and troubleshooting. The destination port is located on at least one first network card 31 that loads the service, and the first network card 31 is configured in a promiscuous mode (Promiscuous Mode). The first network card 31 is a physical network card. The purpose of configuring the first network card 31 as promiscuous mode is to receive all the data packets forwarded by the first network card 31 ...

Embodiment 2

[0135] recombine figure 2 As shown, this embodiment serves as a further optimization scheme for the packet traffic monitoring method disclosed in Embodiment 1. Compared with the packet traffic forwarding monitoring method disclosed in Embodiment 1, the main difference is that the method disclosed in this embodiment In the message traffic forwarding monitoring method, after step S3 is executed, it further includes: blocking the IP address corresponding to the message meeting the set alarm threshold after notifying the outside of the message meeting the set alarm threshold.

[0136] The operation of shielding the message is performed by the Internet service provider (ISP) or the server 30 sends the BGP routing information of blocking the IP address to the core router 20 . More specifically, when it is necessary to block the external network IP address corresponding to a message that needs to be shielded, the blocking method is to send a blocking instruction for blocking the IP ...

Embodiment 3

[0143] combine image 3 and Figure 4 As shown, this embodiment discloses a specific implementation manner of a packet flow monitoring system 200 .

[0144] A message flow monitoring system 200 disclosed in this embodiment includes:

[0145] A switch 10, a core router 20 and a server 30. The switch 10 is configured to perform a mirroring function and guide packet traffic to a destination port of the switch 10 . The server 30 configures at least one first network card 31 that establishes a message forwarding link with the switch, and at least one second network card 32 that establishes a message forwarding link with the core router 20, a message grabbing unit 37, an analysis unit 38 and Report generation unit 39 .

[0146]Packets capture traffic to form a traffic table. The server 30 is logically located in a computer (PC), a data center (IDC), or a distributed computer cluster. The packet capture tool is selected from the TcpDump module or supports Ethernet, IPv4, IPv6, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a message flow monitoring method, a message flow monitoring system and electronic equipment. The method comprises the following steps: a switch configured to execute a mirroringfunction guides message flow to a destination port of the switch; acquiring message flow based on the packet capture tool to form a flow table; and sequencing forwarding indexes formed by the messages in the flow table in the north-south direction, performing external notification on the messages conforming to a set alarm threshold, running the message flow monitoring method in a server, and storing the forwarding indexes in a work directory in a configuration file form. According to the message flow monitoring method and system and the electronic equipment disclosed by the invention, the deployment cost of monitoring and early warning the flow formed in the message forwarding process is reduced, so that the real-time performance of monitoring the flow is improved; and meanwhile, the interference on normal traffic in the traffic monitoring process is reduced, and the IP address corresponding to network attack and abnormal access can be blocked.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to a message network flow monitoring method, system and electronic equipment. Background technique [0002] With the rapid and continuous development of the cloud computing era, more and more enterprises and units will apply cloud computing. The characteristics of cloud computing itself are that resources can be reused, especially in the repeated use of network resources. Network packets are concentrated in each device. Firewalls are essential for data centers, and each security vendor has its own systems and methods. For small-cost data centers, low-cost network processing solutions have become the mainstream. [0003] However, for a small data center or a single host service, the cost of the firewall is high, and the firewall is a hardware device with a failure rate, and the failure will greatly affect the running business. At the same time, manual analysis of network ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1441
Inventor 陈颖
Owner 华云数据有限公司