CN1599354A - Method of real-time analysing and detecting data transmitted by internet - Google Patents
Method of real-time analysing and detecting data transmitted by internet Download PDFInfo
- Publication number
- CN1599354A CN1599354A CNA2004100095243A CN200410009524A CN1599354A CN 1599354 A CN1599354 A CN 1599354A CN A2004100095243 A CNA2004100095243 A CN A2004100095243A CN 200410009524 A CN200410009524 A CN 200410009524A CN 1599354 A CN1599354 A CN 1599354A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- server
- client
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000004458 analytical method Methods 0.000 claims abstract description 25
- 230000005540 biological transmission Effects 0.000 claims abstract description 25
- 238000001914 filtration Methods 0.000 claims abstract description 13
- 238000012360 testing method Methods 0.000 claims abstract description 7
- 238000004891 communication Methods 0.000 claims description 10
- 230000003139 buffering effect Effects 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 3
- 230000008878 coupling Effects 0.000 claims description 2
- 238000010168 coupling process Methods 0.000 claims description 2
- 238000005859 coupling reaction Methods 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 claims description 2
- 239000003795 chemical substances by application Substances 0.000 abstract description 4
- 230000008676 import Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 6
- 230000000875 corresponding effect Effects 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000009467 reduction Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008521 reorganization Effects 0.000 description 3
- 230000002596 correlated effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 241001062472 Stokellia anisodon Species 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention discloses a method for timely analyzing and testing Internet transmission data which can realize monitor, analysis and filtration to specific network transmission data. This invention utilizes the series working mode of network devices for serial access on special buffer store the communicated line for buffer-store, filter analyzing and an end data and transmitting from another network data messages between the customer and agent server, agent server and the server end. The invention adopts the following steps: 1. setting up a serial access relation at the physical layer and its both end of the network, 2. setting up a shake-hand relation at the link layer and its both end devices 3. realizing the buffer storage, filtration and analysis at the transmission layer and applied layer.
Description
Technical field
The present invention relates in the computer network communication field, a kind of method that solves the network agent server problem, the method of the data of acting server is passed through in the analysis, filtration, the parsing that relate in particular to a kind of real-time, and the present invention can effectively solve data through reformed situation behind the acting server.
Background technology
Along with the develop rapidly of network application, also day increases to continue the Internet user.In order to carry out Network Transmission as much as possible efficiently, a large amount of acting servers have occurred, acting server has effectively been accelerated transmission of Information, but its potential disturbance factor is also following, many data are behind the acting server agency, can cause information-leakage, more serious even by malicious modification, the result causes user's privacy to be divulged a secret, even also may bring enormous economic loss, in order to solve this situation, data can effectively be carried out the high speed transmission of information by acting server, and effectively whether analysis detecting data can divulge a secret behind the acting server agency, or malicious modification.
Chinese patent application CN1403954 discloses a kind of content server of acting on behalf of, by determining that the request message from user terminal is that register requirement or content requests respond this message.If this message is register requirement, acts on behalf of content server and just user terminal is mapped to registration content server in the memory.If this message is the content requests from the server requests content, if content server is registered in memory, to act on behalf of content server and just ask it that content-data is sent to user terminal, user terminal is mapped to the registration content server.If user terminal is not mapped to the requested service device, the server of authorized user access request and notify its this situation not just.But by this agent way, still exist potential data behind acting server agency, cause information-leakage even, user's privacy phenomenon such as divulge a secret by malicious modification.
Summary of the invention
The present invention exists in order to solve in the above-mentioned prior art, and data cause information-leakage after acting server transmits, even by problems such as malicious modification, transmission can not be changed later through acting server to make data.
The method that the purpose of this invention is to provide a kind of real-time analyzing and testing Internet transmission data is smelt the spy mode by the line type that this method is set up, can realize to the data of particular network transmission monitor, analyze, operation such as filtration.Utilize the working method of network equipment serial connection, cache client and acting server, the network data message that acting server is communicated by letter with server end promptly in whole communication framework, has only an equipment that has two network interface cards to carry out processing, the transmission of related data message.
For achieving the above object, the present invention by the following technical solutions: serial inserts on specific circuit, and an end data is received buffer memory, filter analysis, sends from the other end then.Method of the present invention specifically may further comprise the steps:
(1) sets up serial interface at the physical layer of network and two ends and go into relation;
(2) all set up the basic relation of shaking hands in the link layer and the terminal device of network;
(3) realize the operations such as buffer memory, filtration, analysis of network data in the transport layer of network, application layer:
(a) receive cache module: receive data cached bag, and send and confirm bag.
As receiving a packet from network interface A, judge legitimacy earlier, if not, then abandon; If then continue.Then send one and confirm bag, then data are sent into to filter and replaced module.
(b) filter analysis module:, carry out filter analysis to the data that buffer memory gets off.
(c) sending module: the data block behind the filter analysis is packaged, and send.Only receive and confirm that bag just is sent completely.Handle simultaneously and retransmit.
(d) the particular protocol data are wrapped signature analysis, obtain its characteristic information after, be saved in the buffering area, be used as characteristic information coupling, detect data and whether be changed
Set up serial interface at the physical layer of network and two ends and go into relation, may further comprise the steps:
(1) blocks respectively and be connected in client and acting server, the physical connection circuit of acting server and server;
(2) two network interface cards that will have the control appliance of two network interface cards are set up normal physical connection with client and server end respectively.
At the link layer of network, set up the basic relation of shaking hands with client, server end; When connecting with client, the local terminal representative is the server of client pre-connection; When connecting with server end, the local terminal representative is user's (client);
(3) data after data are acted on behalf of through acting server are saved in the buffering area and initial data is carried out Data Matching, the transmission of back with regard to truncated data of finding to change.
In the transport layer of network, the proper communication mode of the manner maintenance simultaneously and client, server;
Described communication mode has following two kinds:
(1) client active request:
After serial transmission line was set up, client and server end just can realize that proper network communicates to connect; When client need be with a certain server communication, the network interface that is connected with client received user's request, then enters the data message access module, data message head and message content that record connects; Import it into cache mode, simultaneously, relevant sending module sends the solicited message of response by the network interface specified server in heading that is connected with server;
(2) call answering of server:
After the request that client sends, server can send corresponding response message, imports into by the network interface that is connected with server.Then enter access module this moment again, also the data message head and the message content of record connection; Import it into cache mode again, simultaneously, relevant sending module is by the response message of the client transmission response request of network interface appointment in heading of being connected with client;
Twice communication is success all, and then request is once finished with the transmission of replying, and adopts connection-oriented communication mode, transmission is guaranteed, after data enter cache mode, also can realize filtration, replacement, analysis, operations such as reduction simultaneously to the network data message.
Utilization of the present invention is being set up between client and the acting server on the basis of serial link, to will go filtration, buffer memory at the network data message that transmits on the internet, can realize monitoring and control that the network message that client sends, receives is correlated with, network configuration is simple, economical and practical.
Description of drawings
Below in conjunction with accompanying drawing the present invention is illustrated in further detail:
Fig. 1 is the solution process schematic diagram according to technical scheme of the present invention;
Fig. 2 is the processing procedure schematic diagram according to crucial filter analysis data pack protocol of the present invention;
Most preferred embodiment is described in detail
Below with reference to accompanying drawing of the present invention, more detailed description goes out most preferred embodiment of the present invention.
Be illustrated in figure 1 as the solution process schematic diagram according to technical scheme of the present invention, be the detection and the analysis of data messages behind the realization data message process acting server 2 of real-time, the present invention adopts following steps:
1. set up serial interface respectively at the physical layer of network and two ends and go into relation.
In whole network system, there is a separate equipment to be connected with server end 3 with user side 1 by different network interface 8 respectively; Client 1 and and after acting server 2 connects, the request that realizes receiving, send data message operation after treatment, and the network interface 8 that is connected with server 3 is responsible for and the communicating by letter of server 3, realize user's request message that transmission is treated.
Set up serial interface at the physical layer of network and two ends and go into relation, specifically may further comprise the steps:
(1) blocks respectively and be connected in client 1 and acting server 2, the physical connection circuit of acting server 2 and server 3;
(2) two network interface cards that will have the control appliance of two network interface cards are set up normal physical connection with client 1 and server end 3 respectively through data filter 4.
At the link layer of network, set up the basic relation of shaking hands with client 1, server end 3; When connecting with client, the local terminal representative is the server 3 of client 1 pre-connection; When connecting with server end 3, the local terminal representative is user's (client 1);
(3) data after data are acted on behalf of through acting server 2 are saved in the buffering area, carry out Data Matching with initial data by data comparator 5, if find to change through the data before and after the acting server, with regard to the transmission of truncated data, and log in the heart 6 hereof; If the Data Matching success then sends to data server 3.
2. all set up the basic relation of shaking hands in the link layer and the terminal device of network.
Data are transmitted in the TCP/IP of standard standard, with the communication class of client 1, server 3 like the C/S model.When connecting with acting server 2, the local terminal representative is the server 3 of client 1 pre-connection; When connecting with server end 3, the local terminal representative is a client 1.For the The data that sends real-time filtration and analysis, obtain the characteristic information for a moment of the data message that sent, be saved in buffering area relatively, analyze reduction.
3. in the transport layer of network, buffer memory, filtration, the analysis that application layer realizes network data, operations such as reduction.
Figure 2 shows that processing procedure schematic diagram according to crucial filter analysis data pack protocol of the present invention, in order to realize operations such as supervision to the network data message, after passing through each network interface 8 receiving data packets, the present invention handles corresponding network data message according to mode as shown in Figure 2.Concrete steps are described as follows:
(1) validity checking:
After network interface 8 collects a frame data message, judge the Frame whether satisfy the associative operation demand, as the judgement of mistake bag etc.; If it is undesirable then abandon.
(2) send the affirmation bag:
Transmission is to the response message of legal data message, so that client 1 (or server end 3) confirms that the data message opposite end of response is to have received.
(3) check the affirmation reply data:
Check the message of confirming reply data, remove the corresponding data message in the re-transmit queue; Import the data that receive into filtration and replace module.
(4) filter replacement:
To import the data message that filters the replacement module into and carry out buffer memory, search the part that needs replacement, replace accordingly; Simultaneously, can realize operation such as interpolation, deletion to the data message content;
(5) decompose reorganization:
When a connection transmission is finished, the data cached content of having handled to be decomposed, reorganization is to the format specification that satisfies TCP/IP protocol suite.Import the data message after the reorganization into the data transmit queue.
(6) data filter
Be used for filtration checking, for following analysis module is carried Useful Information to the network message data.
(7) data analysis
The user is to the analysis of network message data, and the reduction of agreement is to be finished by Analysis server 7, carries out corresponding protocol identification, analyzes according to the particular port or the condition code 9 of some agreements.
(8) preservation information
Data message after being used for agreement finished carries out hold function, user friendly inquiry and retrieval.These data messages are kept in the file site 6.
(9) sending mode
From outgoing queue, take out and wait to give out a contract for a project, be sent to server end 3 (or client 1), and will send bag adding re-transmit queue by corresponding network interface 8.
Utilization of the present invention is being set up between client and the server on the basis of serial link, to will go filtration, buffer memory at the network data message that transmits on the internet, can realize monitoring and control that the network message that client sends, receives is correlated with, network configuration is simple, economical and practical.
Use method of the present invention can under internet network environment, realize monitoring, the analysis of the network data message of real-time, functions such as reduction.In addition,, be implemented in various network environment and use, have very strong autgmentability by changing different network interfaces.Well behaved internet data exchange, the safety problem of circulation safeguarded.Also there is management that very practical effect is also arranged for small-sized enterprise.
Although disclose most preferred embodiment of the present invention and accompanying drawing for the purpose of illustration, it will be appreciated by those skilled in the art that: without departing from the spirit and scope of the invention and the appended claims, various replacements, variation and modification all are possible.Therefore, the present invention should not be limited to most preferred embodiment and the disclosed content of accompanying drawing.
Claims (4)
1. the method for real-time analyzing and testing Internet transmission data, serial inserts on given line, and an end data is received buffer memory, filter analysis, sends from the other end then, specifically may further comprise the steps:
(1) sets up serial interface at the physical layer of network and two ends and go into relation;
(2) all set up the basic relation of shaking hands in the link layer and the terminal device of network;
(3) at the transport layer of network, buffer memory, filtration, the analysis operation that application layer realizes network data:
(a) receive data cached bag, and send and confirm bag;
(b) data that buffer memory is got off are carried out filter analysis;
(c) data block behind the filter analysis is packaged, and send, have only receipts
To confirming that bag just is sent completely, handle simultaneously and retransmit;
(d) the particular protocol data are wrapped signature analysis, obtain its characteristic information after,
Be saved in the buffering area, be used as the characteristic information coupling, detect data and whether be changed.
2. the method for real-time analyzing and testing Internet transmission data according to claim 1 is characterized in that: set up serial interface at the physical layer of network and two ends and go into relation, may further comprise the steps:
(1) blocks respectively and be connected in client and acting server, the physical connection circuit of acting server and server;
(2) two network interface cards that will have the control appliance of two network interface cards are set up normal physical connection with client and server end respectively;
(3) data after data are acted on behalf of through acting server are saved in the buffering area and initial data is carried out Data Matching, the transmission of back with regard to truncated data of finding to change.
3. the method for real-time analyzing and testing Internet transmission data according to claim 2 is characterized in that: in the transport layer of network, and the proper communication mode of maintenance simultaneously and client, server.
4. the method for real-time analyzing and testing Internet transmission data according to claim 3 is characterized in that: described communication mode has following two kinds:
(1) client active request;
(2) call answering of server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2004100095243A CN1599354A (en) | 2004-09-08 | 2004-09-08 | Method of real-time analysing and detecting data transmitted by internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2004100095243A CN1599354A (en) | 2004-09-08 | 2004-09-08 | Method of real-time analysing and detecting data transmitted by internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1599354A true CN1599354A (en) | 2005-03-23 |
Family
ID=34662522
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2004100095243A Pending CN1599354A (en) | 2004-09-08 | 2004-09-08 | Method of real-time analysing and detecting data transmitted by internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1599354A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100435514C (en) * | 2006-03-10 | 2008-11-19 | 中国科学院软件研究所 | Ethernet driver level bottom layer filtering method and system |
| CN100464521C (en) * | 2007-04-30 | 2009-02-25 | 国电南京自动化股份有限公司 | Dynamic data transmission method of what you see is what you see and what you need is what you need |
| CN101141244B (en) * | 2006-09-08 | 2010-05-26 | 飞塔公司 | Network enciphered data virus detection and elimination system and proxy server and method |
| CN1976259B (en) * | 2006-11-20 | 2011-04-20 | 中网信息技术有限公司 | Directive non-feedback optical fiber one-way transmitting physical isolating method and one-way transmitting system therefor |
| CN102377473A (en) * | 2010-08-23 | 2012-03-14 | 熊猫电子集团有限公司 | Network control center of satellite mobile communication network |
-
2004
- 2004-09-08 CN CNA2004100095243A patent/CN1599354A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100435514C (en) * | 2006-03-10 | 2008-11-19 | 中国科学院软件研究所 | Ethernet driver level bottom layer filtering method and system |
| CN101141244B (en) * | 2006-09-08 | 2010-05-26 | 飞塔公司 | Network enciphered data virus detection and elimination system and proxy server and method |
| CN1976259B (en) * | 2006-11-20 | 2011-04-20 | 中网信息技术有限公司 | Directive non-feedback optical fiber one-way transmitting physical isolating method and one-way transmitting system therefor |
| CN100464521C (en) * | 2007-04-30 | 2009-02-25 | 国电南京自动化股份有限公司 | Dynamic data transmission method of what you see is what you see and what you need is what you need |
| CN102377473A (en) * | 2010-08-23 | 2012-03-14 | 熊猫电子集团有限公司 | Network control center of satellite mobile communication network |
| CN102377473B (en) * | 2010-08-23 | 2014-02-19 | 熊猫电子集团有限公司 | Network control center of satellite mobile communication network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1305271C (en) | Network safety isolating and information exchanging system and method based on proxy mapping | |
| CN101068229A (en) | Content filtering gateway realizing method based on network filter | |
| US9609078B2 (en) | HTTP proxy | |
| CN1697404A (en) | System and method for detecting network worm in interactive mode | |
| CN101060495A (en) | Message processing method, system and equipment | |
| CN1175621C (en) | A Method for Detecting and Monitoring Malicious User Host Attacks | |
| CN100576819C (en) | Flow Analysis Method Based on Linux Kernel | |
| CN1906890A (en) | Method and apparatus for supporting transactions | |
| CN110381174A (en) | It is a kind of based on the high speed domain name analytic method statelessly scanned | |
| CN1599354A (en) | Method of real-time analysing and detecting data transmitted by internet | |
| CN101582880B (en) | Method and system for filtering messages based on audited object | |
| CN1291567C (en) | A high-performance multi-service network security processing equipment | |
| Xing et al. | Research on the defense against ARP spoofing attacks based on Winpcap | |
| CN101035026A (en) | Network management system and its communication method | |
| CN1361609A (en) | Network data exchange method and system | |
| CN1741473A (en) | A network data packet availability deciding method and system | |
| US20050172324A1 (en) | Method and system for embedding messages within HTTP | |
| CN1571368A (en) | A network signalling test method | |
| CN1430373A (en) | Network isolating card | |
| CN115118459A (en) | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous | |
| CN1881938A (en) | Method and system for preventing and detecting proxy | |
| CN1992595A (en) | Terminal and related method for detecting maliciously attempted data in a computer network | |
| CN1592223A (en) | Device for preventing computer virus into inside network and realizing method thereof | |
| CN1263266C (en) | Method and apparatus for real time replacing internet data | |
| CN1144148C (en) | Centralized information exchange method and realizing module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |