[go: up one dir, main page]

TWI664841B - Network packet side recording device capable of transmitting across networks and data processing method thereof - Google Patents

Network packet side recording device capable of transmitting across networks and data processing method thereof Download PDF

Info

Publication number
TWI664841B
TWI664841B TW107108719A TW107108719A TWI664841B TW I664841 B TWI664841 B TW I664841B TW 107108719 A TW107108719 A TW 107108719A TW 107108719 A TW107108719 A TW 107108719A TW I664841 B TWI664841 B TW I664841B
Authority
TW
Taiwan
Prior art keywords
network
compression
packet
data
compressed file
Prior art date
Application number
TW107108719A
Other languages
Chinese (zh)
Other versions
TW201939929A (en
Inventor
莊文全
Original Assignee
庫柏資訊軟體股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 庫柏資訊軟體股份有限公司 filed Critical 庫柏資訊軟體股份有限公司
Priority to TW107108719A priority Critical patent/TWI664841B/en
Application granted granted Critical
Publication of TWI664841B publication Critical patent/TWI664841B/en
Publication of TW201939929A publication Critical patent/TW201939929A/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本發明係一種可跨網傳送的網路封包側錄裝置及其資料處理方法,主要係由一網路傳輸裝置具有一組以上的網路側錄介面與一組網路傳送介面所組成,並分別與側錄標的網路設備、網際網路連結,該網路側錄介面組對側錄到的封包資料將進行處理以產生加密壓縮檔,並將處理後的加密壓縮檔傳送至遠端設備或環境進行分析;藉由將該網路傳輸裝置架設在一乙太網路之內,進行即時性的封包側錄與壓縮加密處理,並利用網路傳送介面傳送至網際網路,突破現有側錄設備傳送距離限制(指在Intranet中),具有長距離、跨網域且提升封包獲取的便利性,達到即時封包彙整分析的目的。The invention relates to a network packet recording device capable of transmitting across networks and a data processing method thereof, which are mainly composed of a network transmission device having more than one network recording interface and a group of network transmission interfaces. It is connected to the network equipment and Internet of the side recording target. The network side recording interface group will process the packet data recorded to generate the encrypted compressed file, and send the processed encrypted compressed file to the remote device or environment. Analyze; by setting up the network transmission device within an Ethernet network, perform real-time packet recording and compression encryption processing, and use the network transmission interface to transmit to the Internet, breaking through existing recording equipment Transmission distance limitation (referred to in the intranet), has long distance, cross-domain, and improves the convenience of packet acquisition, and achieves the purpose of real-time packet aggregation analysis.

Description

可跨網傳送的網路封包側錄裝置及其資料處理方法Network packet side recording device capable of transmitting across networks and data processing method thereof

本發明係關於一種網路裝置及其資料處理方法,尤指一種可跨網傳送的網路封包側錄裝置及其資料處理方法。The invention relates to a network device and a data processing method thereof, and more particularly to a network packet recording device and a data processing method capable of transmitting across a network.

在目前的現有技術中,為要獲取網路封包(即封包側錄)並進行網路分析,當進行網路封包擷取時,所使用的網路技術架構通常是SPAN(Switch Port Analysis)與TAP(Test Access Point),但SPAN、TAP僅侷限在Intranet(internal Internet)中,但是科技日新月異,如今網路環境除了Intranet之外還有各種雲端環境,特別是當有大數據分析需求時,需要跨越多個網域或跨雲端來進行的網路封包擷取,再傳送到網路設備做分析,但現有技術收集網路封包後,都僅侷限在intranet內,如此方式存在無法長距離、跨網域、不即時、對資料之彙整分析效率不佳之問題。In the current prior art, in order to obtain network packets (ie, packet recording) and perform network analysis, the network technology architecture used when performing network packet capture is usually SPAN (Switch Port Analysis) and TAP (Test Access Point), but SPAN and TAP are limited to the intranet (internal Internet), but the technology is changing rapidly. Nowadays, the network environment has various cloud environments besides the intranet, especially when there is a need for big data analysis. Network packet capture across multiple domains or clouds is sent to network devices for analysis. However, after collecting network packets in the prior art, they are limited to the intranet. Domain, not real-time, inefficient analysis of data aggregation.

另一方面,目前常用的SPAN網路技術架構,無法精確的確定尺度,也無法監測被過濾的不規則之錯誤資料包,有封包獲取的資料不準確之問題;而TAP網路技術架構是目前較流行的一種網路資料獲取方案,但僅侷限在Intranet中使用,而且一次僅能看一條鏈路;如圖6所示,為一種已知的TAP網路技術架構,主要係由一裝置本體80透過一組網路埠81與乙太網路(Ethernet)連結,以側錄經過一接送端之封包流量,再將側錄複製封包由一組側錄埠82傳送到一網路的分析設備90。On the other hand, the current commonly used SPAN network technology architecture cannot accurately determine the scale, nor can it monitor filtered irregular error packets, and there is a problem of inaccurate data obtained by the packets. The TAP network technology architecture is currently A more popular network data acquisition scheme, but it is limited to use in the intranet and can only see one link at a time; as shown in Figure 6, it is a known TAP network technology architecture, which is mainly composed of a device body 80 is connected to Ethernet through a group of network ports 81 to record the packet traffic passing through a pick-up terminal, and then send the copied packets to a network analysis device through a group of port 82 90.

由上述可知,現有技術中的網路封包擷取與傳送的方式,不論是軟體或硬體的方式,都僅侷限在intranet內,無法做到將擷取的網路封包透過網際網路(internet)傳送到遠端設備,故存在有無法長距離、跨網域、封包獲取的資料不準確、不即時、對資料之彙整分析效率不佳等問題,對於現今有大數據分析需求而言有所不足,因此就現有技術而言確實有待提出更佳解決方案的必要性。From the above, it can be known that the methods for capturing and transmitting network packets in the prior art, whether it is software or hardware, are limited to the intranet, and the captured network packets cannot be transmitted through the Internet. ) To remote devices, so there are problems such as the inability to obtain long-distance, cross-domain, inaccurate, inaccurate, and inefficient data integration analysis of data, which is a problem for current big data analysis needs. Insufficient, so the need for a better solution is indeed to be proposed in terms of the prior art.

有鑑於上述現有技術之不足,本發明的主要目的係提供一種可跨網傳送的網路封包側錄裝置及其資料處理方法,其利用一網路傳輸裝置將接收到的網路資料流量進行資料整理,再將整理過的資料透過網際網路傳送到遠端分析,具有長距離、跨網域且提升封包獲取的方便性,以達到即時封包彙整分析的目的。In view of the above-mentioned shortcomings of the prior art, the main object of the present invention is to provide a network packet skimming device and a data processing method that can be transmitted across the network. Organize, and then send the collated data to remote analysis through the Internet. It has long distance, cross-domain, and improves the convenience of packet acquisition to achieve the purpose of real-time packet aggregation analysis.

為達成上述目的所採取的主要技術手段係令前述可跨網傳送的網路封包側錄裝置的資料處理方法,主要係由一網路傳輸裝置提供一發送端、一接送端,並由該網路傳輸裝置執行以下步驟: 接收側錄到的封包資料流量; 將該些資料加以處理; 將該些處理後的資料透過網際網路(Internet)傳送至一遠端進行分析。The main technical means adopted to achieve the above purpose is to make the data processing method of the aforementioned network packet skimming device that can be transmitted across the network, mainly by a network transmission device providing a sending end, a pick-up terminal, and the network The transmission device executes the following steps: receiving the packet data traffic recorded on the side; processing the data; and transmitting the processed data to a remote end through the Internet for analysis.

根據上述方法,該網路傳輸裝置對接收側錄到的封包資料進行資料處理,再將該些處理後的資料傳送至遠端進行分析,藉由將該網路傳輸裝置架設在該乙太網路之間進行即時性的封包資料處理,具有長距離、跨網域且提升封包獲取的方便性,達到即時封包彙整分析的目的。According to the above method, the network transmission device performs data processing on the packet data recorded on the receiving side, and then transmits the processed data to the remote end for analysis, and the network transmission device is set up on the Ethernet. Real-time packet data processing between roads has long distances, cross-domains, and improves the convenience of packet acquisition, achieving the purpose of real-time packet aggregation analysis.

為達成前述目的所採取的又一技術手段係令前述可跨網傳送的網路封包側錄裝置包括: 一組以上的網路側錄介面,具有一發送端與一接送端,經過該接送端之封包資料將被側錄,並同時轉送封包資料至發送端; 一網路傳輸裝置,係連接該組網路側錄介面,將側錄到的封包資料進行處理;該網路傳輸裝置進一步包括一壓縮模組及一傳輸模組,該壓縮模組將該些封包進行一壓縮處理程序以及加密處理,以產生一個以上的加密壓縮檔,並且由該傳輸模組傳送該加密壓縮檔; 一組網路傳送介面,係連接該網路傳輸裝置的傳輸模組,將該加密壓縮檔傳送至一遠端的分析設備進行分析。Another technical means adopted to achieve the foregoing purpose is to make the aforementioned network packet recording device capable of transmitting across the network include: more than one network recording interface, having a sending end and a pick-up terminal, and passing through the pick-up terminal The packet data will be skimmed, and the packet data will be forwarded to the sender at the same time; a network transmission device is connected to the group of network side recording interfaces to process the sidelined packet data; the network transmission device further includes a compression Module and a transmission module, the compression module performs a compression process and encryption processing on the packets to generate more than one encrypted compression file, and the transmission compression module transmits the encrypted compression file; a group of networks The transmission interface is a transmission module connected to the network transmission device, and transmits the encrypted compressed file to a remote analysis device for analysis.

根據上述構造,藉由將該網路傳輸裝置架設在任一乙太網路之內,進行即時性的封包側錄與壓縮加密處理,並利用該組網路傳送介面傳送至網際網路,突破現有側錄設備傳送距離限制(指在Intranet中),具有長距離、跨網域且提升封包獲取的方便性,達到即時封包彙整分析的目的。According to the above structure, by setting up the network transmission device in any Ethernet network, it performs real-time packet recording and compression and encryption processing, and uses this set of network transmission interfaces to transmit to the Internet, breaking through the existing The transmission distance limitation of the side recording device (referred to in the intranet) has long distance, cross-domain and improves the convenience of packet acquisition, and achieves the purpose of real-time packet aggregation analysis.

關於本發明可跨網傳送的網路封包側錄裝置之較佳實施例,請參考圖1、2、3所示,其主要係由一網路傳輸裝置10透過一組以上的網路側錄介面11與與側錄標的網路設備連結,該網路傳輸裝置10進一步包括一壓縮模組12連接一傳輸模組13,該傳輸模組13連接一組網路傳送介面14,該網路傳輸裝置10透過該組網路傳送介面14連結網際網路;於本實施例中,該組網路傳送介面14係指一網路(Internet)傳輸埠,該網路傳輸埠可由一1GB/10GB網路Port或一4G LTE USB行動網卡所構成。For a preferred embodiment of a network packet recording device capable of being transmitted across networks of the present invention, please refer to FIGS. 1, 2, and 3, which are mainly transmitted by a network transmission device 10 through more than one network recording interface. 11 is connected with the network equipment of the side recording target. The network transmission device 10 further includes a compression module 12 connected to a transmission module 13. The transmission module 13 is connected to a group of network transmission interfaces 14. The network transmission device 10 is connected to the Internet through the network transmission interface 14; in this embodiment, the network transmission interface 14 refers to an Internet transmission port, and the network transmission port may be a 1GB / 10GB network Port or a 4G LTE USB mobile network card.

本實施例中該組網路側錄介面11提供一接送端、一發送端;該組網路側錄介面11經過該接送端之封包資料將被側錄,並同時轉送封包資料至發送端,該網路傳輸裝置10的該壓縮模組12將該些封包加以處理,於本較佳實施例中係進行一壓縮處理程序與加密處理,以產生一個以上的加密壓縮檔,並且由該傳輸模組13、該組網路傳送介面14將該些處理後的資料(如該些加密壓縮檔)透過網際網路(Internet)傳送至一遠端的分析設備20進行分析;藉由將該網路傳輸裝置10架設在任一乙太網路之內,進行即時性的封包側錄與壓縮加密處理,並利用該組網路傳送介面11傳送至網際網路,突破現有側錄設備傳送距離限制(指在Intranet中),具有長距離、跨網域且提升封包獲取的便利性,以達到即時封包彙整分析的目的。In this embodiment, the group of network side recording interfaces 11 provides a pick-up terminal and a sending terminal; the packet data of the group of network side recording interfaces 11 passing through the pick-up terminal will be skimmed, and the packet data will be forwarded to the sending side at the same time. The compression module 12 of the transmission device 10 processes the packets. In the preferred embodiment, a compression process and an encryption process are performed to generate more than one encrypted compressed file, and the transmission module 13 The network transmission interface 14 transmits the processed data (such as the encrypted compressed files) to a remote analysis device 20 for analysis through the Internet; by transmitting the network transmission device 10 are set up in any Ethernet network to perform real-time packet recording and compression encryption, and use this group of network transmission interface 11 to transmit to the Internet, breaking the transmission distance limitation of existing recording equipment (referring to the intranet Medium), with long distance, cross-domain, and improve the convenience of packet acquisition, to achieve the purpose of real-time packet aggregation analysis.

於本較實施例中該壓縮處理程序的特性為具有高度共同性、高壓縮率,於本較實施例中該壓縮處理程序具有一壓縮率,該壓縮率可為”1:10”;進一步的,於本較佳實施例中該加密壓縮檔的格式包括一gzip格式、一bz2格式、一zip格式或一tar格式。The characteristics of the compression processing program in this comparative embodiment are highly common and high compression ratio. In this comparative embodiment, the compression processing program has a compression ratio, and the compression ratio may be "1:10"; further In the preferred embodiment, the format of the encrypted compressed file includes a gzip format, a bz2 format, a zip format, or a tar format.

於本較實施例中該壓縮模組12可進一步提供一加密處理程序及一標記處理程序;其中,該加密處理程序主要係將該加密壓縮檔進行加密處理,該標記處理程序主要係將該加密壓縮檔進行標記處理,對該加密壓縮檔賦予一標記資訊(Tag);於本較實施例中該加密處理程序包括一RSA加密演算法、一ADS加密演算法或一ISA加密演算法。In this comparative embodiment, the compression module 12 may further provide an encryption processing program and a tag processing program. The encryption processing program is mainly used to encrypt the encrypted compressed file, and the tag processing program is mainly used to encrypt the encrypted file. The compressed file is subjected to tag processing, and a tag (Tag) is assigned to the encrypted compressed file. In this comparative embodiment, the encryption processing program includes an RSA encryption algorithm, an ADS encryption algorithm, or an ISA encryption algorithm.

本發明藉由該網路傳輸裝置10透過該壓縮模組12將該些封包進行壓縮處理以產生該加密壓縮檔,並由該傳輸模組13傳送該加密壓縮檔,再由該組網路傳送介面14將處理後的該加密壓縮檔透過網際網路傳送至該分析設備20進行分析,確實能夠達到兼具跨網域、提升封包獲取的準確性以及即時性封包彙整分析的目的。In the present invention, the network transmission device 10 compresses the packets through the compression module 12 to generate the encrypted compression file, and the transmission compression module 13 transmits the encrypted compression file, which is then transmitted by the network. The interface 14 sends the processed compressed compressed file to the analysis device 20 for analysis through the Internet, which can indeed achieve the goals of cross-domain, improving the accuracy of packet acquisition, and real-time packet aggregation analysis.

根據本發明之上述較佳實施例的內容,可進一步歸納出一可跨網傳送的網路封包側錄裝置的資料處理方法,請參考圖2所示,其係由該網路傳輸裝置10提供該接送端及該發送端,並由該網路傳輸裝置10執行以下步驟: 接收該接送端側錄到的封包資料流量(S10),並進行側錄複製; 將該些已側錄複製後的資料加以處理,於本較實施例中係進行一壓縮處理程序以及加密處理,以產生一個以上的加密壓縮檔(S11);於本較實施例中該壓縮處理程序的特性為具有高度共同性、高壓縮率,在Internet傳送時能降低頻寬的負載,於本較實施例中該壓縮處理程序具有一壓縮率,該壓縮率可為”1:10”;進一步的,於本較佳實施例中該加密壓縮檔的格式包括一gzip格式、一bz2格式、一zip格式或一tar格式; 將該些加密壓縮檔透過網際網路(Internet)傳送至一遠端進行分析(S12)。According to the content of the above-mentioned preferred embodiment of the present invention, a data processing method of a network packet recording device that can be transmitted across the network can be further summarized. Please refer to FIG. 2, which is provided by the network transmission device 10 The pick-up terminal and the send-end, and the network transmission device 10 perform the following steps: receive the packet data traffic recorded by the pick-up terminal (S10), and perform a copy of the record; copy the copied records The data is processed. In this comparative embodiment, a compression processing program and encryption processing are performed to generate more than one encrypted compressed file (S11); in this comparative embodiment, the characteristics of the compression processing program are highly common, High compression rate, which can reduce the bandwidth load during Internet transmission. In this comparative embodiment, the compression processing program has a compression rate, which can be "1:10"; further, in the preferred embodiment The format of the encrypted compressed file includes a gzip format, a bz2 format, a zip format, or a tar format; the encrypted compressed files are transmitted to a remote end for analysis through the Internet (S1) 2).

進一步的,當上述步驟執行至「將該些已側錄複製後的資料進行一壓縮處理程序以及加密處理,以產生一個以上的加密壓縮檔(S11)」之步驟,請參考圖3所示,該方法更包括以下次步驟: 將該加密壓縮檔進行加密處理及/或標記處理(S110);於本較佳實施例中,當上述次步驟執行「將該加密壓縮檔進行加密處理」,則該加密的方式包括一RSA加密演算法、一ADS加密演算法或一ISA加密演算法;當上述次步驟執行「將該加密壓縮檔進行標記處理」,則對該加密壓縮檔賦予一標記資訊(Tag),用於紀錄來源,以避免該加密壓縮檔在傳遞過程時,發生傳輸中斷之情形。Further, when the above steps are performed to the step of "performing a compression processing procedure and encryption processing on the copied data, to generate more than one encrypted compressed file (S11)", please refer to FIG. 3, The method further includes the following steps: performing encryption processing and / or marking processing on the encrypted compressed file (S110); in the preferred embodiment, when the foregoing step performs "encrypting the encrypted compressed file", then The encryption method includes an RSA encryption algorithm, an ADS encryption algorithm, or an ISA encryption algorithm; when the above-mentioned step is performed "mark the encrypted compressed file", a tag information is given to the encrypted compressed file ( Tag) is used to record the source to avoid transmission interruption of the encrypted compressed file during transmission.

藉由本發明之較佳實施例的上述方法,該網路傳輸裝置10對接收到的多數資料進行壓縮處理以及加密處理,以產生多數加密壓縮檔,再將該些加密壓縮檔透過網際網路傳送至遠端進行分析,藉由將該網路傳輸裝置10架設在該乙太網路之間進行即時性的封包資料處理,相較於現有網路技術架構通中所常見的SPAN(Switch Port Analysis)與TAP(Test Access Point)而言,TAP雖能獲取100%網路封包,但其侷限在只能監控Intranet(internal Internet)的環境中,無法跨網域或跨雲端進行網路封包的擷取,亦無法進行即時性的網路封包之彙整分析,而本發明不僅能夠跨網域做100%網路封包擷取,還具有最即時性的網路封包之彙整分析能力。With the above method of a preferred embodiment of the present invention, the network transmission device 10 performs compression processing and encryption processing on most of the received data to generate most encrypted compressed files, and then transmits the encrypted compressed files through the Internet. Perform remote packet analysis by setting up the network transmission device 10 between the Ethernet networks for real-time packet data processing, compared with the SPAN (Switch Port Analysis) commonly used in existing network technology architectures. ) As far as TAP (Test Access Point) is concerned, although TAP can obtain 100% network packets, it is limited to an environment that can only monitor the intranet (internal Internet), and cannot capture network packets across domains or clouds. It is also impossible to perform real-time aggregate analysis of network packets. The present invention can not only perform 100% network packet capture across network domains, but also has the most real-time aggregate analysis capability of network packets.

10‧‧‧網路傳輸裝置10‧‧‧ Network Transmission Device

11‧‧‧網路側錄介面11‧‧‧Network recording interface

12‧‧‧壓縮模組12‧‧‧ Compression Module

13‧‧‧傳輸模組13‧‧‧Transmission Module

14‧‧‧網路傳送介面14‧‧‧ Network Delivery Interface

20‧‧‧分析設備20‧‧‧analysis equipment

圖1 係本發明之較佳實施例的系統架構方塊圖。 圖2 係本發明之較佳實施例的又一系統架構方塊圖。 圖3 係本發明之較佳實施例的另一系統架構方塊圖。 圖4係本發明之較佳實施例的資料處理方法流程圖。 圖5 係本發明之較佳實施例的加密程序流程圖。 圖6 為一種已知的TAP網路技術架構。FIG. 1 is a block diagram of a system architecture according to a preferred embodiment of the present invention. FIG. 2 is a block diagram of another system architecture according to a preferred embodiment of the present invention. FIG. 3 is a block diagram of another system architecture according to a preferred embodiment of the present invention. FIG. 4 is a flowchart of a data processing method according to a preferred embodiment of the present invention. FIG. 5 is a flowchart of an encryption program according to a preferred embodiment of the present invention. Figure 6 shows a known TAP network technology architecture.

Claims (6)

一種可跨網傳送的網路封包側錄裝置的資料處理方法,主要係由一網路傳輸裝置提供一接送端、一發送端,並由該網路傳輸裝置執行以下步驟:接收側錄到的封包資料流量;將該些資料加以處理;將該些處理後的資料透過網際網路傳送至一遠端進行分析;當上述步驟執行至「將該些資料加以處理」之步驟,該方法更包括以下次步驟:將該些資料進行一壓縮處理程序以及加密處理,以產生一個以上的加密壓縮檔,該壓縮處理程序具有一壓縮率,該加密壓縮檔具有一格式;當上述步驟執行至「將該些資料進行一壓縮處理程序以及加密處理,以產生一個以上的加密壓縮檔」之步驟,該方法更包括以下又一次步驟:將該加密壓縮檔進行加密處理及/或標記處理。A data processing method for a network packet skimming device that can be transmitted across networks. A network transmission device mainly provides a pick-up terminal and a sending end, and the network transmission device performs the following steps: Packet data traffic; processing the data; transmitting the processed data to a remote end for analysis via the Internet; when the above steps are performed to the step of "processing the data", the method further includes The following steps: the data is subjected to a compression processing program and encryption processing to generate more than one encrypted compressed file, the compression processing program has a compression rate, and the encrypted compressed file has a format; when the above steps are performed until "the The data is subjected to a compression process and an encryption process to generate more than one encrypted compressed file. The method further includes the following step: encrypting and / or marking the encrypted compressed file. 如請求項1所述之可跨網傳送的網路封包側錄裝置的資料處理方法,上述加密的方式包括一RSA加密演算法、一ADS加密演算法或一ISA加密演算法;當上述次步驟執行「將該加密壓縮檔進行標記處理」,則對該加密壓縮檔賦予一標記資訊。The data processing method for a network packet skimming device that can be transmitted across the network as described in claim 1, the above encryption method includes an RSA encryption algorithm, an ADS encryption algorithm, or an ISA encryption algorithm; Executing the "tag processing of the encrypted compressed file", a tag information is given to the encrypted compressed file. 一種可跨網傳送的網路封包側錄裝置,其包括:一組以上的網路側錄介面,具有一發送端與一接送端,經過該接送端之封包資料將被側錄,並同時轉送封包資料至發送端;一網路傳輸裝置,係連接該組網路側錄介面,將側錄到的封包資料進行處理;該網路傳輸裝置進一步包括一壓縮模組及一傳輸模組,該壓縮模組將該些封包進行一壓縮處理程序以及加密處理,以產生一個以上的加密壓縮檔,並且由該傳輸模組傳送該加密壓縮檔,其中該壓縮模組進一步提供一標記處理程序,係對該加密壓縮檔賦予一標記資訊;一組網路傳送介面,係連接該網路傳輸裝置的傳輸模組,將該加密壓縮檔傳送至一遠端的分析設備進行分析。A network packet recording device capable of transmitting across networks, comprising: a set of more than one network recording interface, having a sending end and a pick-up terminal, and packet data passing through the pick-up terminal will be skimmed and forwarded at the same time Data to the sending end; a network transmission device is connected to the network side recording interface to process the packet data recorded on the side; the network transmission device further includes a compression module and a transmission module, the compression module The group performs a compression processing procedure and encryption processing on the packets to generate more than one encrypted compression file, and transmits the encrypted compression file by the transmission module, wherein the compression module further provides a label processing program, The encrypted compressed file is given a tag information; a set of network transmission interface is a transmission module connected to the network transmission device, and the encrypted compressed file is transmitted to a remote analysis device for analysis. 如請求項3所述之可跨網傳送的網路封包側錄裝置,其中該加密壓縮檔的格式包括一gzip格式、一bz2格式、一zip格式或一tar格式。The network packet recording device according to claim 3, wherein the format of the encrypted compressed file includes a gzip format, a bz2 format, a zip format, or a tar format. 如請求項3所述之可跨網傳送的網路封包側錄裝置,其中該壓縮處理程序具有一壓縮率。The network packet skimming device as described in claim 3, wherein the compression processing program has a compression rate. 如請求項3所述之可跨網傳送的網路封包側錄裝置,其中該壓縮模組進一步提供一加密處理程序,其包括一RSA加密演算法、一ADS加密演算法或一ISA加密演算法。The network packet recording device according to claim 3, wherein the compression module further provides an encryption processing program, which includes an RSA encryption algorithm, an ADS encryption algorithm, or an ISA encryption algorithm .
TW107108719A 2018-03-14 2018-03-14 Network packet side recording device capable of transmitting across networks and data processing method thereof TWI664841B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107108719A TWI664841B (en) 2018-03-14 2018-03-14 Network packet side recording device capable of transmitting across networks and data processing method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107108719A TWI664841B (en) 2018-03-14 2018-03-14 Network packet side recording device capable of transmitting across networks and data processing method thereof

Publications (2)

Publication Number Publication Date
TWI664841B true TWI664841B (en) 2019-07-01
TW201939929A TW201939929A (en) 2019-10-01

Family

ID=68049802

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107108719A TWI664841B (en) 2018-03-14 2018-03-14 Network packet side recording device capable of transmitting across networks and data processing method thereof

Country Status (1)

Country Link
TW (1) TWI664841B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090185678A1 (en) * 2002-10-31 2009-07-23 Brocade Communications Systems, Inc. Method and apparatus for compression of data on storage units using devices inside a storage area network fabric
US20140188976A1 (en) * 2007-03-12 2014-07-03 Citrix Systems, Inc. Systems and methods of using the refresh button to determine freshness policy
US20160020966A1 (en) * 2012-06-27 2016-01-21 Juniper Networks, Inc. Dynamic remote packet capture
US20160380878A1 (en) * 2006-08-22 2016-12-29 Centurylink Intellectual Property Llc System and Method of Routing Calls on a Packet Network
US20170249242A1 (en) * 2009-05-18 2017-08-31 Longitude Enterprise Flash S.A.R.L. Apparatus, system, and method to increase data integrity in a redundant storage system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090185678A1 (en) * 2002-10-31 2009-07-23 Brocade Communications Systems, Inc. Method and apparatus for compression of data on storage units using devices inside a storage area network fabric
US20160380878A1 (en) * 2006-08-22 2016-12-29 Centurylink Intellectual Property Llc System and Method of Routing Calls on a Packet Network
US20140188976A1 (en) * 2007-03-12 2014-07-03 Citrix Systems, Inc. Systems and methods of using the refresh button to determine freshness policy
US20170249242A1 (en) * 2009-05-18 2017-08-31 Longitude Enterprise Flash S.A.R.L. Apparatus, system, and method to increase data integrity in a redundant storage system
US20160020966A1 (en) * 2012-06-27 2016-01-21 Juniper Networks, Inc. Dynamic remote packet capture

Also Published As

Publication number Publication date
TW201939929A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
CN106716951B (en) Method and device for optimizing tunnel traffic
US10785680B2 (en) Methods and apparatus for optimizing tunneled traffic
US8954525B2 (en) Method and apparatus of performing remote computer file exchange
CN108156056A (en) Network quality measuring method and its device
EP2219323A1 (en) Real-time network data analysing system
CN109600318B (en) Method for monitoring application program in SDN and SDN controller
CN109391627B (en) A method for identifying TLS protocol encrypted transmission of YouTube DASH video
CN107667510A (en) Detection of Malware and Malicious Apps
JP2007184799A (en) Packet communication device
CN103259699B (en) Method of testing, system and client and service end
CN112601072A (en) Method and device for evaluating video service quality
JP5938015B2 (en) Chunk download completion determination device, chunk download completion determination method, and program
TWI664841B (en) Network packet side recording device capable of transmitting across networks and data processing method thereof
CN110838949A (en) Network flow log recording method and device
CN113315678A (en) Encrypted TCP (Transmission control protocol) traffic acquisition method and device
CN111385241B (en) Method, device and system for repairing lost packet of multimedia data and readable storage medium
CN111917690A (en) Network packet logging device capable of transmitting across networks and data processing method thereof
CN108076070B (en) FASP (fast open shortest Path protocol) blocking method, device and analysis system
CN101980481B (en) Method for realizing session replication and tracking during security terminal emulation protocol monitoring
CN103095529A (en) Method and device for detecting engine device, firewall and network transmission file
JP2013243534A (en) Delay time evaluation device and method for evaluating delay time
EP3580892B1 (en) Transport layer monitoring and performance assessment for ott services
CN105991581B (en) Protocol recognition method and device
CN110620766A (en) Method for extracting TLS data block in encrypted network flow
CN116170340B (en) A network security testing and evaluation method