CN101465763A - Method for monitoring and analyzing user terminal network appliance flux - Google Patents
Method for monitoring and analyzing user terminal network appliance flux Download PDFInfo
- Publication number
- CN101465763A CN101465763A CNA2008102049074A CN200810204907A CN101465763A CN 101465763 A CN101465763 A CN 101465763A CN A2008102049074 A CNA2008102049074 A CN A2008102049074A CN 200810204907 A CN200810204907 A CN 200810204907A CN 101465763 A CN101465763 A CN 101465763A
- Authority
- CN
- China
- Prior art keywords
- traffic
- flow
- monitoring
- network equipment
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to traffic monitoring and analyzing method for user side network equipment; the method includes that: an equipment network administration protocol character string is added to user network equipment; router rapid switching buffer mechanism is enabled on port of the network equipment; network nodes are added to a traffic analyzing server according to IP address of the network equipment; then three-way handshake protocol is performed through preset UDP port and authentication key; when the three-way handshake is successful, the traffic analyzing server creates a session with the monitored client to start scanning the port of the monitored client; router interface traffic is regularly stored in a database; the traffic analyzing server scans the client once at time interval of T1 and stores traffic once at the time interval of T2; an internet information service website is established; the monitoring of user network equipment traffic and the traffic protocol analyzing result are obtained through a general browser. The invention has the advantages that users can monitor the equipments completely and detect the fault of router earlier.
Description
Technical field
The present invention relates to provide a kind of systems approach of monitoring and data-flow analysis, relate in particular to the method for user terminal network appliance traffic monitoring and analysis for the client network device interface.
Background technology
In enterprise's routine work, Email, ERP, key business system assignment bandwidth such as SAP are unreasonable, and download is uploaded in instant messaging, it is too high that the occupied bandwidth occupancy is used in web page browsings etc., the limited bandwidth of enterprise is not reasonably used, and for enterprise's bandwidth resources, is great waste; And the user can not monitor the fault of router very early to the not comprehensively monitoring of equipment of oneself, and this will produce potential safety hazard.
Summary of the invention
Purpose of the present invention is exactly in order to overcome the defective that above-mentioned prior art exists, a kind of user terminal network appliance traffic monitoring of highly effective and the method for analysis to be provided.
Purpose of the present invention can be achieved through the following technical solutions: the method for user terminal network appliance traffic monitoring and analysis is characterized in that this method comprises:
(1) on user self network equipment, adds equipment network management protocol character string, and enable route quick exchange caching mechanism under the interface, derive sensory perceptual system by traffic sources and derive source port information stream, output to flow analysis servers analysis by default tcp port;
(2) on flow analysis servers, network node is added in ip address according to equipment, carry out the three-way handshake agreement by default udp port and authenticate key then, the client device of success back flow analysis servers and monitoring begins to set up session, begin to scan its port, and add cpu, internal memory, the interface processor of these ports and the network equipment, information such as buffering area;
(3) router interface flow scheduled store is in lane database, and flow analysis servers every time T 1 scanning client is once stored a flow every time T 2;
(4) set up internet information service website, obtain the monitoring of user network equipment flow and the protocal analysis result of flow by general browser.
Described T1 is 120 seconds, and T2 is 9 minutes.
Compared with prior art, advantage of the present invention is:
(1) user has had more comprehensively monitoring to oneself equipment, and the fault that monitors router that can be more early reaches and solves fault in advance;
(2) can be detailed more to the discrepancy of internet data flow of oneself, thereby help more reasonably to be Email, ERP, key business system assignment bandwidth such as SAP, and some instant messagings, upload download, web page browsings etc. are used and are distributed lower bandwidth usage, and to BT, the data flow of some P2P softwares such as electric donkey is taked to abandon, thereby the bandwidth that enterprise is limited is reasonably used, for enterprise has saved cost;
(3) can monitor distributed denial of service attack in advance, because know that by this supervisory control system which port produces abnormal flow and comes into plain view;
(4) the health health check-up of routing device monitors the healthy behaviour in service of equipment in advance so that before equipment is out of order i.e. exchange device more, thereby reach the high availability of network, alleviated the IT engineer's of enterprise routine work burden.
Description of drawings
Fig. 1 is the schematic diagram of user terminal network appliance traffic monitoring of the present invention and analytical system;
1-traffic monitoring and analysis system server, 2-customer rs router, 3-client's fire compartment wall, 4-customer switch.
Embodiment
The present invention will be further described below in conjunction with specific embodiment.
As shown in Figure 1, performing step of the present invention is as follows:
(1) user needs the interpolation equipment network management protocol character string (network equipment of which manufacturers produce no matter on self network equipment, the network management protocol of all following a standard is the snmp agreement, so that the telemanagement of equipment), and enable route quick exchange caching mechanism under the interface, derive sensory perceptual system by traffic sources and derive source port information stream, output to this server by specific tcp port and analyze;
(2) on flow analysis servers, network node is added in ip address according to equipment, carry out the three-way handshake agreement by specific udp port and authenticate key then, the client device of success back server and monitoring begins to set up session, begin to scan its port, and add cpu, internal memory, the interface processor of these ports and the network equipment, information such as buffering area;
(3) router interface flow scheduled store is in lane database, and server every 120 seconds scanning clients was once stored a flow in 9 minutes, and these times also can be changed as required;
(4) set up internet information service website, can open the flow analysis station system at global any old place, launch the menu information that gets off of equipment, select network flow analysis system module menu by general browser.All information output on the browser, and information comes into plain view, thereby has reached the monitoring of user network equipment flow and the protocal analysis result of flow.
Interface monitoring and analytical method
1, interface data flow monitoring method: have in comprising: circuit delay, the cpu load factor, memory usage, core buffer overflows record, route platform details, the flow of each physical interface, device log.The corresponding number of the account of each user;
2, network flow analysis method: promptly the iostream to user self network equipment carries out network analysis, thereby draws data flow from where coming, to where going.Comprise: TCP/UDP/ICMP/VPN flow, intenret end-to-end communication flow, application layer traffic-the, promptly tell the flow of web page browsing, the flow of file transfer, flow of vpn data encryption or the like, domain name system is resolved flow, visits which national and regional domain name or the like.
Embodiment 1
One to two high-end server, be configured to, two four nuclear Xeon 2.8GHz, 8G DDR, 2 * 146G SCSI hard disk, windows2003server, database adopts the SQL SERVER2000+SP4 service packs of Microsoft, and monitoring and analysis software adopt the Orion System Manager and the flow analysis submodule Netflow Analysis module of U.S. solarwind company;
Be integrated into the internet information service system;
User side configuration of routers network monitoring agreement character string and flow buffering mechanism realize that command code is as follows
Snmp-server?community?xxxxx?ro
This interface of Interface fastethernet0/0----is for connecting the internet interface
Ip?address?x.x.x.x?255.255.255.x
Ip?route-cache?flow
Ip?flow-export?source?fa0/0
Ip?flow-export?version?5
Ip?flow-export?destination?202.136.220.21?2055
The distributing user number of the account, the user can be from landing http Anywhere: // 202.136.220.21 website, the login account that the input service provider distributes enters and carries out daily monitoring and management.
Claims (2)
1. the method for user terminal network appliance traffic monitoring and analysis is characterized in that, this method comprises:
(1) on user self network equipment, adds equipment network management protocol character string, and enable route quick exchange caching mechanism under the interface, derive sensory perceptual system by traffic sources and derive source port information stream, output to flow analysis servers analysis by default tcp port;
(2) on flow analysis servers, network node is added in ip address according to equipment, carry out the three-way handshake agreement by default udp port and authenticate key then, the client device of success back flow analysis servers and monitoring begins to set up session, begin to scan its port, and add cpu, internal memory, the interface processor of these ports and the network equipment, information such as buffering area;
(3) router interface flow scheduled store is in lane database, and flow analysis servers every time T 1 scanning client is once stored a flow every time T 2;
(4) set up intemet information service website, obtain the monitoring of user network equipment flow and the protocal analysis result of flow by general browser.
2. the method for user terminal network appliance traffic monitoring according to claim 1 and analysis is characterized in that, described T1 is 120 seconds, and T2 is 9 minutes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102049074A CN101465763A (en) | 2008-12-30 | 2008-12-30 | Method for monitoring and analyzing user terminal network appliance flux |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102049074A CN101465763A (en) | 2008-12-30 | 2008-12-30 | Method for monitoring and analyzing user terminal network appliance flux |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101465763A true CN101465763A (en) | 2009-06-24 |
Family
ID=40806138
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102049074A Pending CN101465763A (en) | 2008-12-30 | 2008-12-30 | Method for monitoring and analyzing user terminal network appliance flux |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101465763A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101984624A (en) * | 2010-11-03 | 2011-03-09 | 蓝汛网络科技(北京)有限公司 | Method and device for distributing network flow |
| CN102006203A (en) * | 2010-12-07 | 2011-04-06 | 苏州阔地网络科技有限公司 | Method for monitoring Flash network flow on webpage |
| CN102088479A (en) * | 2010-12-07 | 2011-06-08 | 苏州阔地网络科技有限公司 | Method for realizing multi-Flash network flow monitoring on webpage |
| WO2012088919A1 (en) * | 2010-12-31 | 2012-07-05 | 华为技术有限公司 | Method and device for monitoring service traffic |
| CN101841435B (en) * | 2010-01-18 | 2012-08-29 | 中国科学院计算机网络信息中心 | Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow |
| CN106937322A (en) * | 2015-12-29 | 2017-07-07 | 广州市动景计算机科技有限公司 | Flow consumes monitoring method and device |
| CN107171901A (en) * | 2017-07-26 | 2017-09-15 | 成都科来软件有限公司 | A kind of TCP flow trade shows method based on network packet flow |
| CN107667505A (en) * | 2015-06-05 | 2018-02-06 | 思科技术公司 | System for monitoring and managing data center |
| CN108494731A (en) * | 2018-02-08 | 2018-09-04 | 中国电子科技网络信息安全有限公司 | A kind of anti-network scanning method based on bidirectional identity authentication |
| US11902122B2 (en) | 2015-06-05 | 2024-02-13 | Cisco Technology, Inc. | Application monitoring prioritization |
-
2008
- 2008-12-30 CN CNA2008102049074A patent/CN101465763A/en active Pending
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841435B (en) * | 2010-01-18 | 2012-08-29 | 中国科学院计算机网络信息中心 | Method, apparatus and system for detecting abnormality of DNS (domain name system) query flow |
| CN101984624A (en) * | 2010-11-03 | 2011-03-09 | 蓝汛网络科技(北京)有限公司 | Method and device for distributing network flow |
| CN102006203A (en) * | 2010-12-07 | 2011-04-06 | 苏州阔地网络科技有限公司 | Method for monitoring Flash network flow on webpage |
| CN102088479A (en) * | 2010-12-07 | 2011-06-08 | 苏州阔地网络科技有限公司 | Method for realizing multi-Flash network flow monitoring on webpage |
| CN102006203B (en) * | 2010-12-07 | 2011-10-05 | 苏州阔地网络科技有限公司 | Method for monitoring Flash network flow on webpage |
| CN102088479B (en) * | 2010-12-07 | 2012-05-09 | 苏州阔地网络科技有限公司 | Method for realizing multi-Flash network flow monitoring on webpage |
| WO2012088919A1 (en) * | 2010-12-31 | 2012-07-05 | 华为技术有限公司 | Method and device for monitoring service traffic |
| US9172760B2 (en) | 2010-12-31 | 2015-10-27 | Huawei Technologies Co., Ltd. | Method and device for monitoring service usage amount |
| CN107667505B (en) * | 2015-06-05 | 2020-12-29 | 思科技术公司 | System and method for monitoring and managing data center |
| CN107667505A (en) * | 2015-06-05 | 2018-02-06 | 思科技术公司 | System for monitoring and managing data center |
| US11902122B2 (en) | 2015-06-05 | 2024-02-13 | Cisco Technology, Inc. | Application monitoring prioritization |
| US11902120B2 (en) | 2015-06-05 | 2024-02-13 | Cisco Technology, Inc. | Synthetic data for determining health of a network security system |
| US11924073B2 (en) | 2015-06-05 | 2024-03-05 | Cisco Technology, Inc. | System and method of assigning reputation scores to hosts |
| US11936663B2 (en) | 2015-06-05 | 2024-03-19 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
| US11968102B2 (en) | 2015-06-05 | 2024-04-23 | Cisco Technology, Inc. | System and method of detecting packet loss in a distributed sensor-collector architecture |
| CN106937322A (en) * | 2015-12-29 | 2017-07-07 | 广州市动景计算机科技有限公司 | Flow consumes monitoring method and device |
| CN107171901A (en) * | 2017-07-26 | 2017-09-15 | 成都科来软件有限公司 | A kind of TCP flow trade shows method based on network packet flow |
| CN108494731A (en) * | 2018-02-08 | 2018-09-04 | 中国电子科技网络信息安全有限公司 | A kind of anti-network scanning method based on bidirectional identity authentication |
| CN108494731B (en) * | 2018-02-08 | 2021-04-02 | 中国电子科技网络信息安全有限公司 | Anti-network scanning method based on bidirectional identity authentication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101465763A (en) | Method for monitoring and analyzing user terminal network appliance flux | |
| CN102132255B (en) | Systems and methods for load balancing via a plurality of virtual servers upon failover using metrics from a backup virtual server | |
| CN102301338B (en) | Systems and methods for health based spillover | |
| EP3611900B1 (en) | Device discovery for cloud-based network security gateways | |
| CN104009938A (en) | Method and system for long connections based on router level | |
| JP2018518862A (en) | System and method for providing virtual interfaces and advanced smart routing in a global virtual network (GVN) | |
| EP3051866B1 (en) | Method, device, and storage medium for deep packet inspection control | |
| US20070214265A1 (en) | Scalable captive portal redirect | |
| CN104010001B (en) | In mobile terminal, the method and system connecting communication is carried out in similar networking request | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| JP5865277B2 (en) | Authentication switch or network system | |
| CN103701928B (en) | It is applied to the method that load equalizer improves server and SSL gateway operational efficiency | |
| CN107222561A (en) | A kind of transport layer reverse proxy method | |
| CN110995715B (en) | Dialysis access method and system for intranet https service | |
| US11553058B1 (en) | Sticky sessions in a proxy infrastructure | |
| VanderSloot et al. | Running refraction networking for real | |
| CN104811439A (en) | Portal authentication method and device | |
| JP2012249138A (en) | Packet capture device and computer program | |
| CN105049543A (en) | P2P communication system and method crossing asymmetric NAT between intelligent routers | |
| CN102123305B (en) | Method and system for realizing network transmission troubleshooting | |
| CN105376096A (en) | Method and system for analyzing domain name, evaluating and feeding back data quality and optimizing data | |
| CN101409647A (en) | Method for monitoring and analyzing user router flux | |
| EP2723016A1 (en) | Communication control device, communication control method, and program | |
| US20150229734A1 (en) | Transparent internet cache and method for providing transparent internet cache | |
| Taniguchi et al. | Design and Evaluation of a Proxy‐Based Monitoring System for OpenFlow Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090624 |