System, method and device for monitoring network data

Abstract

The invention discloses a system, a method and a device for monitoring network data, and relates to the technical field of computers. One specific embodiment of the method comprises the steps of processing to-be-monitored network mirror image data according to a self-defined transmission protocol by utilizing a data acquisition and analysis tool, reducing the resource overhead of system cache andmirror image data transmission by combining the data and adjusting the data transmission frequency, improving the system stability and the data monitoring efficiency, and improving the user experience. Multiple connections based on a transmission control protocol are combined and processed, so that the mirror image data transmission efficiency is improved. By restoring the mirror image data containing the self-defined transmission protocol into the data format of the standard transmission control protocol and establishing the virtual connection based on the application layer protocol, the mirror image data can be compatible with a third-party network application layer for analysis and application, and the flexibility of monitoring the network mirror image data is improved.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a system, method and device for monitoring network data. Background technique [0002] In today's Internet era, data security and information security have become issues that enterprises must pay attention to. Usually, the solution for data traffic monitoring is to bypass and mirror the network traffic that needs to be analyzed to the network security monitoring equipment on the backbone network of the enterprise. This can ensure that the normal business traffic of users will not be affected, and at the same time, the network security monitoring equipment can analyze the network data traffic of the bypass mirror in time, and feed back the risk of data traffic to the network administrator; the solution for security products to analyze the traffic of the bypass mirror is usually It is mainly implemented in the form of a traditional Linux-based kernel module (kernel-module), that ...

AI Technical Summary

Problems solved by technology

[0004] When the traffic of the image data to be monitored is large, the method of monitoring the network data using the kernel module (kernel-module) is to obtain all the bypass image data without processing, so it is necessary to apply for a large amount of space in the kernel to cache the unprocessed data data, the kernel memory usage rate may be too high, resulting in system stability problems caused by excessive resource consumption, which affects the efficiency of monitoring mirror data; and mirror data is mainly transmitted based on the transmission control protocol, so in the kernel module for To judge the validity of the data, it is necessary to process multiple connections of the data, which increases the complexity of mirror data processing; because the kernel module runs on the Linux system, the portability is poor, which in turn increases the complexity of monitoring mirror data

Images