CN102137022B - Method for identifying information of data packet, crawler engine and network system - Google Patents

Method for identifying information of data packet, crawler engine and network system Download PDF

Info

Publication number
CN102137022B
CN102137022B CN 201110082236 CN201110082236A CN102137022B CN 102137022 B CN102137022 B CN 102137022B CN 201110082236 CN201110082236 CN 201110082236 CN 201110082236 A CN201110082236 A CN 201110082236A CN 102137022 B CN102137022 B CN 102137022B
Authority
CN
China
Prior art keywords
application protocol
network entity
information
query source
reptile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 201110082236
Other languages
Chinese (zh)
Other versions
CN102137022A (en
Inventor
何有树
唐华新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Innovation Polymerization LLC
Gw Partnership Co ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 201110082236 priority Critical patent/CN102137022B/en
Publication of CN102137022A publication Critical patent/CN102137022A/en
Application granted granted Critical
Publication of CN102137022B publication Critical patent/CN102137022B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a method for identifying the information of a data packet, a crawler engine and a network system. The method for identifying the information of the data packet comprises the following steps of: establishing a corresponding relation between an application protocol and the information of a network entity using the application protocol by utilizing a crawler program of the application protocol; and sending identifying information including the corresponding relation to deep packet inspection (DPI) equipment to enable the DPI equipment to identify the application protocol to which the data packet belongs by utilizing the corresponding relation, wherein the information of the network entity using the application protocol includes the address of the network entity using the application protocol and transport layer protocol identification used by the network entity using the application protocol. By adopting the technical scheme provided by the embodiment of the invention, the recognition time and the performance cost of the DIP equipment can be reduced during identification of a code stream.

Description

Be provided for method, reptile engine and the network system of the information of recognition data bag
Technical field
The present invention relates to communication technical field, particularly a kind of method, reptile engine and network system that is provided for the information of recognition data bag.
Background technology
To be DPI equipment identify concrete application protocol under this code stream by the characteristic character in code stream or characteristic behavior to deep-packet detection (Deep Packet Inspection, DPI) technology.Follow-uply can carry out various upper-layer service according to recognition result, such as charging, flow-control operation etc.The network design position of DPI equipment is the same with gateway, all code streams of all users that gateway is administered all need the equipment through DPI, it is up to a million or more that number of users may reach, but needing to guarantee to cause because of code stream identification the delay of bit stream and subsequent treatment.
Can identify code stream in order to make DPI equipment, the concrete character feature that needs some application protocol code streams of off-line analysis, generate knowledge base according to analysis result, knowledge base is loaded on DPI equipment, the concrete application protocol under the code stream that follow-up this knowledge base of DPI equipment utilization is determined to receive.
Prior art has following problem:
After in network, certain application protocol upgrades, the concrete character feature that needs the code stream of this application protocol after off-line analysis upgrades, and generate new knowledge base, only have and new knowledge base is loaded into the code stream of this application protocol just can be identified after DPI equipment, like this in generating new knowledge base and new knowledge base being loaded into the process of DPI equipment, just can not identify the code stream of this application protocol, increase the time of identification; And DPI equipment need to first be deciphered for the code stream of some encryptions in the identifying of code stream, and then identifies according to characteristic character or characteristic behavior in the code stream after deciphering, needs like this to consume a large amount of performance cost.
Summary of the invention
The embodiment of the present invention provides a kind of method, reptile engine and network system that is provided for the information of recognition data bag, flows through DPI recognition of devices time and performance cost in journey to reduce in identification code.
In view of this, the embodiment of the present invention provides:
A kind of method that is provided for the information of recognition data bag comprises:
Utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Send the identifying information that comprises described corresponding relation to deep-packet detection DPI equipment, make the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: to use the address of the network entity of described application protocol to identify with the transport layer protocol that the network entity that uses described application protocol uses.
A kind of web crawlers comprises:
Set up the unit, be used for utilizing the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Transmitting element is used for sending to DPI equipment the identifying information that comprises described corresponding relation, makes the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: to use the address of the network entity of described application protocol to identify with the transport layer protocol that the network entity that uses described application protocol uses.
A kind of network system comprises: above-mentioned web crawlers and deep-packet detection DPI equipment, wherein, DPI equipment is used for receiving the described identifying information that described web crawlers sends, and utilizes the affiliated application protocol of described corresponding relation recognition data bag.
Utilize the reptile program of application protocol to set up this application protocol in the embodiment of the present invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduced performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, the time of having reduced code stream identification.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, the below will do to introduce simply to the accompanying drawing of required use in embodiment, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 be one embodiment of the invention provide be provided for the method flow diagram of the information of recognition data bag to DPI equipment;
Fig. 2 A be another embodiment of the present invention provide be provided for the method flow diagram of the information of recognition data bag to DPI equipment;
Fig. 2 B is the schematic diagram that reptile engine that another embodiment of the present invention provides obtains Peer information;
Fig. 3 be further embodiment of this invention provide be provided for the method flow diagram of the information of recognition data bag to DPI equipment;
Fig. 4 is the method flow diagram of application protocol under the DPI device identification data bag that provides of the embodiment of the present invention;
Fig. 5 is the schematic diagram of the identification application protocol that provides of the embodiment of the present invention;
Fig. 6 be application protocol that the embodiment of the present invention provides when being the non-DHT agreement of Bittorent the reptile engine obtain the method flow diagram of Peer information;
Fig. 7 be application protocol that the embodiment of the present invention provides when being Bittorent DHT agreement the reptile engine obtain the method flow diagram of Peer information;
Fig. 8 is the shared schematic diagram of a kind of identifying information that the embodiment of the present invention provides;
Fig. 9 is the shared schematic diagram of another kind of identifying information that the embodiment of the present invention provides;
Figure 10 is a kind of web crawlers structure chart that the embodiment of the present invention provides;
Figure 11 is the another kind of web crawlers structure chart that the embodiment of the present invention provides;
Figure 12 is another web crawlers structure chart that the embodiment of the present invention provides;
Figure 13 is a kind of network architecture figure that the embodiment of the present invention provides;
Figure 14 is the another kind of network architecture figure that the embodiment of the present invention provides.
Embodiment
Consult Fig. 1, the embodiment of the present invention provides a kind of method that is provided for the information of recognition data bag to DPI, and it comprises:
101, utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use.
Wherein, the executive agent of this embodiment can be the reptile engine, and this reptile engine can be positioned on DPI equipment, also can be positioned at the self-existent equipment of DPI equipment on, do not affect realization of the present invention.
Wherein, the information of described network entity comprises: the transport layer protocol sign that the address of described network entity and described network entity use.The address of described network entity comprises: IP address and the port numbers of network entity; Perhaps, the address of described network entity comprises: the domain name of described network entity.Wherein, described application protocol and use the corresponding relation of the network entity information of described application protocol can be specifically: the sign of application protocol and use the corresponding relation of the network entity information of described application protocol.Wherein, the sign of application protocol can be the title of ID or the application protocol of application protocol.
Concrete, each network entity in network can adopt different application protocols, also can adopt identical application protocol by a plurality of network entities, the corresponding reptile program of each application protocol, the reptile program that different application protocols is corresponding different, the reptile program of concrete application protocol can have: BT program, eDonkey program, QQ program etc.
This step can realize by following dual mode:
First kind of way: the reptile program of the application protocol in reptile engine sequence call reptile collection of programs sends probe request message to the network entity in network, survey successful response message until receive the expression that described network entity returns, set up the corresponding relation of the information of application protocol that the probe request message of corresponding response message uses and described network entity.
Wherein, the reptile program that multiple application protocol is arranged in the reptile collection of programs, such as BT program, eDonkey program, QQ program etc., the reptile program of each application protocol of reptile engine sequence call is surveyed to the network entity in network, whether uses this application protocol to survey this network entity.If this network entity uses certain application protocol, network entity can represent to survey successful response message to the reptile engine feedback after receiving the probe request message that reptile program that the reptile engine utilizes this application protocol sends.
Preferably, adopt in the situation of this implementation, before this step, can also comprise: the information of the network entity of the needs identification application protocol that reptile engine reception DPI equipment sends; Wherein, the described network entity that need to identify application protocol is the network entity that DPI equipment fails to identify application protocol used.In this step, in reptile engine sequence call reptile collection of programs, the reptile program of application protocol sends probe request message to this network entity that need to identify application protocol, until receive the successful response message of expression detection that this network entity that need to identify application protocol returns.
The second way comprises the steps:
A, definite network entity as query source; Wherein, this network entity as query source uses described application protocol.
B, utilize the reptile program of application protocol to obtain the information of the network entity related with this query source from this query source; Wherein, the network entity related with this query source is for using this application protocol and having the network entity of same asset with this query source.
Wherein, the network entity that has a same asset with this query source can be to share the network entity of same file with this query source.Such as, download the network entity of identical file with this query source, perhaps, this query source is being uploaded a file, downloads the network entity of this document that this query source uploads.
C, do not do query source in will the network entity related with query source network entity as the query source of upgrading, when not reaching the poll-final condition, return to execution in step B, the query source in this moment described step B is the query source of described renewal; When reaching the poll-final condition, set up the corresponding relation of described application protocol and the information of the network entity that uses described application protocol.Wherein, use the network entity of described application protocol to comprise: the network entity as query source in steps A, and the network entity that gets in step B.
Wherein, the poll-final condition can be that the network entity number that gets has reached predetermined number, perhaps timer expiry, and the time (namely carrying out the time of above-mentioned steps A, B and C) of namely carrying out query manipulation has surpassed predetermined time.
Wherein, in steps A as the network entity of query source can be the network entity of this application protocol of use of being scheduled to; Can be also the network entity that extracts from the seed file of specific resources and use this application protocol, perhaps, that track and the network entity that use this application protocol of the tracker Tracker that extracts from the seed file of specific resources; The reptile program trial that can be also the application protocol in reptile engine sequence call reptile collection of programs sends probe request message to certain network entity in network, until receive the successful response message of expression detection that this network entity returns, after determining the application protocol that probe request message that should response message is used is the application protocol that uses of this network entity, with this network entity as query source; It can be also DPI equipment notice reptile engine, concrete, after DPI equipment receives certain packet, can utilize deep packet inspection technical to determine application protocol under this packet, set up the mapping relations of the source of this packet and/or destination and this application protocol identification and send to the reptile engine; The reptile engine is according to the mapping relations that DPI equipment sends, and determines that the corresponding network entity of application protocol identification in described mapping relations is the network entity as query source.Wherein, DPI equipment utilization deep packet inspection technical determines that the application protocol under this packet is specifically as follows: DPI equipment utilization feature RM, behavior RM, heuristic RM or related RM are identified the application protocol under this packet.Wherein, adopt the specific implementation of feature RM, behavior RM, heuristic RM or related RM recognition data bag type of service with reference to existing scheme, not repeat them here.
Wherein, the application protocol reptile program of applicable this mode is the application protocol reptile program that is applicable to point-to-point, such as: BT program, eDonkey program etc.
102, send to DPI equipment the identifying information that comprises described corresponding relation, make the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag.
Wherein, described identifying information also comprises: the aging suggestion time of described corresponding relation, make this DPI equipment after the aging suggestion time of this corresponding relation arrives, control this corresponding relation invalid, such as, directly with this corresponding relation deletion etc., make after the aging suggestion time of this corresponding relation arrives, DPI equipment can not be again according to the application protocol under this corresponding relation specified data bag.
Wherein, the network entity in the embodiment of the present invention can be peer-to-peer network entity (Peer), can be also other network entity, does not affect realization of the present invention.
Utilize the reptile program of application protocol to set up the sign of this application protocol in the embodiment of the present invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduced performance cost, DPI equipment has reduced the time of code stream identification also without the concrete character feature of the code stream of this application protocol of off-line analysis.
In order to make technique scheme of the present invention clearer, (peer-to-peer network entity) is example to following embodiment take network entity as peer, the method that is provided for the information of recognition data bag to DPI provided by the invention is described in detail, and it specifically comprises:
Reptile engine in 201A, DPI equipment determines that the peer-to-peer network entity as query source is Peer1, utilizes the reptile program of application protocol to send inquiry request message to Peer1.
In this embodiment, the reptile engine is preserved the promising reptile program of developing without application protocol, when needs access Peer, determine peer-to-peer network entity as query source according to predetermined information, call the reptile program of application protocol, send query requests to this query source.Wherein, predetermined information can be the corresponding specifically information of the query source of application protocol of being scheduled to, such as, the query source that can be scheduled to corresponding this agreement of Bittorent_DHT is Peer1, predetermined information can be address information and the applied transport layer protocol of this Peer1 of this Peer1.
Optionally, the information that also can report according to the identification engine of DPI equipment of the reptile engine in DPI equipment is determined the peer-to-peer network entity as query source.Concrete, after identification engine in DPI equipment receives certain packet, utilize deep packet inspection technical to determine the application protocol that this packet is affiliated, set up the mapping relations of the source of this packet and/or destination and this application protocol identification and send to the reptile engine, the reptile engine with the corresponding source of this application protocol identification and/or destination in these mapping relations as query source.
202A, Peer1 send query response message to the reptile engine, and it comprises: the information of the Peer related with Peer1.
Wherein, the information of the Peer related with Peer1 comprises: with the address information of the related Peer of Peer1 and the transport layer protocol that uses with the related Peer of Peer1, wherein, the address information of this Peer can comprise IP address and port numbers, perhaps comprises domain name etc.
Wherein, the Peer related with Peer1 be for using this application protocol and have the Peer of same asset with this Peer1, such as having identical media resource, concrete as, with this Peer1 at the Peer that downloads same film.In this embodiment, the supposition Peer related with Peer1 is Peer2 and Peer3.
Reptile engine in 203A, DPI equipment as query source, utilizes the reptile program of this application protocol to send inquiry request message to Peer2 Peer2.
204A, Peer2 send query response message to the reptile engine, and it comprises: the information of the Peer related with Peer2, wherein, the Peer related with Peer2 is for using this application protocol and having the Peer of same asset with this Peer2.
205A, reptile engine as query source, utilize the reptile program of this application protocol to send inquiry request message to Peer3 Peer3.
206A, Peer3 send query response message to the reptile engine, and it comprises: the information of the Peer related with Peer3, wherein, the Peer related with Peer3 is for using this application protocol and having the Peer of same asset with this Peer3.
Need to prove, step 203A and step 204A are that order is carried out, and step 205A and step 206A are that order is carried out, but the sequencing on not having between step 203A-step 204A and step 205A-step 206A to carry out, also can carry out side by side, not affect realization of the present invention.
Reptile engine in 207A, DPI equipment judges whether to reach the poll-final condition, if not, and execution in step 208A, if so, execution in step 210A.
Wherein, judging whether to reach the poll-final condition can be whether the number that judges the Peer of this application protocol of use that inquires satisfies predetermined number, judges perhaps whether timer is overtime, and namely whether the query manipulation time has reached predetermined time.
Before this step, the reptile engine is when the query response message that returns according to each query source, when determining in the Peer of this application protocol of use of each query source feedback, the node of repetition to be arranged, remove the Peer that repeats in the Peer of this application protocol of use of each query source feedback, above-mentioned " Peer of this application protocol of use that inquires " that judges do not comprise the Peer of this repetition.
Wherein, this step be from each Peer related with Peer2 and with related each Peer of Peer3 remove the Peer of repetition.Wherein, in the Peer of this application protocol of use that this step also can be fed back each query source, invalid Peer removes, and wherein invalid Peer can be the current node that is in malfunction.
After the Peer that reptile engine in 208A, DPI equipment repeats in the Peer of this application protocol of use that removes each query source feedback, as the query source of upgrading, utilize the reptile program of this application protocol to send inquiry request message to the query source of upgrading remaining Peer.
This embodiment supposition Peer related with Peer2 is Peer4, Peer5 and Peer6, and the Peer related with Peer3 is Peer5, Peer6, and the query source in step 208 is Peer4, Peer5 and Peer6.
Reptile engine in 209A, DPI equipment can receive the query response message for this inquiry request message, and it comprises the information of the Peer related with the query source of above-mentioned renewal, returns to execution in step 207A.
Wherein, the information of the Peer related with the query source of above-mentioned renewal is: use this application protocol and have the address of Peer of same asset and the transport layer protocol that this Peer uses with the query source of above-mentioned renewal.
Reptile engine in 210A, DPI equipment reports identifying information to the identification engine in DPI equipment, and this identifying information comprises: use the information of Peer of this application protocol and the corresponding relation of application protocol identification.
Wherein, use the information of the Peer of this application protocol to comprise: to use the address of Peer of this application protocol and the transport layer protocol that uses the Peer of this application protocol to use.
Wherein, can also preserve the corresponding aging suggestion time of each application protocol on reptile engine in DPI equipment, so, in this step, the reptile engine can also comprise to this identifying information that the identification engine reports: the aging suggestion time, when aging aging this corresponding relation of suggestion time representation is.Change after suggestion time arrives at this, this uses the corresponding relation of the information of Peer of this application protocol and this application protocol identification no longer valid.
Identification engine in 211A, DPI equipment receives and preserves the identifying information that the reptile engine sends.
Fig. 2 B shows the schematic diagram that the corresponding reptile engine of above-mentioned Fig. 2 A illustrated embodiment obtains Peer information, wherein, suppose that Peer1 is the query source of being scheduled to, " 1 " expression phase I query manipulation in Fig. 2 B, namely inquire about Peer1, the resulting Peer related with Peer1 of inquiry Peer1 is Peer2 and Peer3; " 2 " expression second stage query manipulation is namely inquired about Peer2 and Peer3, and wherein, the resulting Peer related with Peer2 of inquiry Peer2 is Peer4, Peer5 and Peer6, and the resulting Peer related with Peer3 of inquiry Peer3 is Peer4 and Peer5; " 3 " expression phase III query manipulation is namely inquired about Peer4, Peer5 and Peer6.
Optionally, the reptile engine is Peer that is virtually reality like reality, after the information that gets certain Peer from inquiry response, this reptile engine just can be simulated this Peer, initiatively the information with this Peer offers other Peer, also can be after receiving the association requests of other Peer, the information of this Peer is offered other Peer.
utilize the reptile program of application protocol in the embodiment of the present invention, get the Peer information that is associated with this query source from the network entity as query source, and then the query source that the conduct that will get is upgraded is obtained the Peer information that is associated with the query source of upgrading again, in this way, get the Peer information of using this application protocol in network, with the sign of this application protocol with use the corresponding relation of the Peer information of this application protocol to send to identification engine in DPI equipment, make the identification engine in DPI equipment utilize the affiliated application protocol of this corresponding relation recognition data bag, like this, DPI equipment does not just need decrypted data packet, reduce performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, reduced the time of code stream identification.
Consult Fig. 3, following embodiment is that the another kind that the embodiment of the present invention provides is provided for the method for the information of recognition data bag to DPI, and the method specifically comprises:
301, after the identification engine in DPI equipment receives packet, the local application protocol identification of preserving of inquiry and the corresponding relation of network entity information, if according to the corresponding relation of preserving, can not determine the corresponding application protocol identification of network entity corresponding to this packet, the reptile engine in the DPI equipment sends network entity information corresponding to this packet, wherein, the corresponding network entity of this packet is the network entity that needs the identification application protocol.
Wherein, the corresponding network entity of this packet can be source and/or the destination of this packet.
Optionally, identification engine in DPI equipment also can be according to the corresponding relation of preserving, after can not determine the corresponding application protocol identification of network entity corresponding to this packet, can adopt deep packet inspection technical to identify the affiliated application protocol of this packet, namely identify according to the characteristic character in this packet or characteristic behavior etc., if can not successfully identify in the given time the application protocol under this packet, the reptile engine in the DPI equipment sends network entity information corresponding to this packet.
302, the network entity that in the reptile engine sequence call reptile collection of programs in DPI equipment, the reptile program of application protocol is identified application protocol to needs sends probe request message, until receive the successful response message of expression detection that this network entity returns.
Such as, the BT program that reptile engine in DPI equipment can call in the reptile collection of programs is identified the network entity transmission probe request message of application protocol to needs, if receive the successful response message of expression detection that this network entity that need to identify application protocol sends, carry out follow-up 303; If do not receive the successful response message of expression detection that this network entity that need to identify application protocol sends, continue to call the QQ program to the network entity transmission probe request message of needs identification application protocol, until receive the successful response message of expression detection that this network entity that need to identify application protocol sends.
303, the reptile engine in DPI equipment is set up the corresponding relation of sign with the information of the network entity that needs the identification application protocol of the application protocol that the probe request message of corresponding response message uses.
Continuous above-mentioned example, if when calling the QQ program and sending probe request message to the network entity of needs identification application protocol, successful response message is surveyed in the expression that the network entity that receiving needs the identification application protocol sends, set up the corresponding relation of QQ program identification and the information of the network entity that needs the identification application protocol, namely set up QQ program identification and the address of the network entity that needs the identification application protocol and the corresponding relation of transport layer protocol sign that it uses.
304, the reptile engine in DPI equipment sends identifying information to the identification engine in DPI equipment, and this identifying information comprises this corresponding relation, and is optional, can also comprise the aging suggestion time of this corresponding relation in this identifying information.
the network entity that in the embodiment of the present invention, in sequence call reptile collection of programs, the reptile program of application protocol is identified application protocol to needs sends probe request message, until receive the successful response message of expression detection that this network entity returns, set up the corresponding relation of the application protocol identification that this network entity information and the probe request message of corresponding response message use and send to DPI equipment, make the identification engine in DPI equipment utilize the affiliated application protocol of this corresponding relation recognition data bag, like this, DPI equipment does not just need decrypted data packet, reduced performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, reduced the time of code stream identification.
Fig. 4 shows the method for application protocol under a kind of DPI device identification data bag that the embodiment of the present invention provides, wherein, the network entity in this embodiment can be Peer (peer-to-peer network entity) it comprise:
401, the identification engine in DPI equipment receives packet, carries five-tuple in this packet.
This five-tuple comprises: the port numbers of the IP address of source network entity, the IP address of purpose network entity, source network entity, the port numbers of purpose network entity and transport layer protocol sign.
Wherein, source network entity is to send the network entity of this packet, and the purpose network entity is the network entity that receives this packet.
402, the identification engine in DPI equipment according to the corresponding relation of having preserved, is determined the application protocol that this packet uses.
Wherein, the corresponding relation of having preserved comprises: the sign of application protocol and use the corresponding relation of information of the network entity of this application protocol, wherein, use the information of the network entity of this application protocol to comprise: the address of using the network entity of this application protocol, with the transport layer protocol sign that this network entity uses, the address of network entity comprises IP address and the port numbers of this network entity.
Concrete, this step compares the information of five-tuple and network entity, if it is identical that the transport layer protocol in the information of network entity sign and transport layer protocol in five-tuple identify represented transport layer protocol, and, if IP address and the port numbers of the source network entity in the address of network entity and five-tuple are identical, perhaps IP address and the port numbers with the purpose network entity is identical, determines that the application protocol that this packet uses is the corresponding application protocol of this network entity in this corresponding relation.
Need to prove, if it is not identical that the transport layer protocol in the information of network entity sign and transport layer protocol in five-tuple identify represented transport layer protocol, perhaps, if the source network entity in the address of network entity and five-tuple is not identical with IP address and the port numbers of purpose network entity, can identify the application protocol that this packet is suitable for according to the characteristic character in packet or characteristic behavior, concrete how identification according to the characteristic character in packet or characteristic behavior is general knowledge known in this field, do not repeat them here.
In order to make technique scheme clearer, following giving an actual example describes: the corresponding relation that supposition identification engine has been set up is:
TCP?192.168.0.1:5566<-->Bittorent_DATA?1800;
UDP?192.168.0.1:5566<-->Bittorent_DHT_Control?1801;
UDP?192.168.0.16:5566<-->Bittorent_DHT_Control?1801;
TCP?192.168.0.16:5566<-->Bittorent_DATA?1800;
Wherein, TCP and UDP are the title of transport layer protocol; Bittorent_DATA, DHT_Control are respectively the title of application protocol, and 1800,1801 are respectively the ID of application protocol.
Suppose that the transport layer protocol that the network entity that carries in the packet that receives uses is Transmission Control Protocol, source network entity IP address is 192.168.0.16, and port numbers is 5566; Identify engine according to the corresponding relation set up, finding the ID that application protocol name corresponding to this network entity be called Bittorent_DATA, application protocol is 1800.
Need to prove, above-mentioned identification engine and reptile engine can be deployed on same equipment, namely on DPI equipment, also can be deployed on different equipment, namely identify engine and are deployed on DPI equipment, and the reptile engine is deployed on different equipment.When identification engine and reptile engine were deployed on different equipment, both can be arranged in consolidated network, also can be deployed in different networks.Can dispose identification engine and reptile engine according to some particularity demands, such as, because the identification engine can be deployed on DPI equipment, and DPI equipment also has the function of deciphering to encrypted packets, if DPI is deployed in the machine room of operator, may collect the sensitive information of some operators, therefore some operator does not allow the DPI equipment external network of access operator privately, prevent the outside reveal sensitive information of DPI equipment, in this case, if DPI equipment wants to collect the information of reptile engine, just need to be deployed in the external network of operator.
Need to prove, the agreements such as Bittorent can be subdivided into a plurality of sub-protocols, such as the non-DHT of Bittorent (Distributed Hash Table, distributed hashtable) agreement and Bittorent DHT agreement.Following two embodiment are non-DHT (the Distributed Hash Table take application protocol as Bittorent respectively, distributed hashtable) agreement, with Bittorent DHT agreement be example, describe respectively the reptile engine and obtain Peer information and report the process of identifying information to the identification engine.
Consult Fig. 6, this embodiment take application protocol as Bittorent non-DHT agreement, network entity describe the reptile engine as Peer (map network entity) as example and obtain Peer information and report the process of identifying information to the identification engine, search for Peer information based on specific resources in this embodiment, specific resources can be predetermined configurations, also can obtain from other equipment, wherein, obtain Peer information and to identification engine report the process of identifying information specifically to comprise:
601, the reptile engine utilizes the reptile program of application protocol, creates searching request, utilizes this searching request search specific resources, searches the seed file of this specific resources.
Wherein, specific resources can be video resource, such as film foundation great cause, can be also audio resource, does not affect realization of the present invention.
602, the reptile engine extracts Tracker information and Peer information by resolving seed file, and Peer information is write the Peer list.
Wherein, the Peer information of extracting in this step is the information of the Peer of this application protocol of use.Concrete, Peer information comprises: the transport layer protocol sign that the address of Peer and this Peer use.
603, the reptile engine utilizes the reptile program creation query requests of application protocol, according to the Tracker information of extracting, send query requests to corresponding Tracker, Tracker returns to inquiry response to the reptile engine, and it comprises: use this application protocol and the address of the Peer that tracked by this Tracker and the transport layer protocol sign that this Peer is used.
Optionally, in this step, the reptile engine can also judge the validity of the inquiry response that receives, when inquiry response is effective, and execution in step 605, otherwise process ends.Wherein, the reptile engine judges that the concrete mode of the validity of the inquiry response that receives can be: the message format of the inquiry response that passes through to receive judges whether this inquiry response is effective; Can be also to judge by the content in received inquiry response whether this inquiry response is effective; Can be also that interaction flow according to query requests and inquiry response judges whether this inquiry response is effective, can also judge by other means whether this inquiry response is effective, do not affect realization of the present invention.
604, the reptile engine with the Peer that extracts in step 602 as query source, utilize the reptile program creation query requests of application protocol, send query requests to the Peer as query source, this Peer returns to inquiry response to the reptile engine, and it comprises: the address of the Peer related with this Peer and the transport layer protocol that uses thereof.
Wherein, the Peer related with this Peer is for using this application protocol and having the Peer of same asset with this Peer.
Optionally, in this step, the reptile engine can also judge the validity of the inquiry response that receives, and when inquiry response was effective, the address of follow-up Peer that again will be related with this Peer and the transport layer protocol that uses write the Peer list.Wherein, identical in the concrete mode of the validity of the inquiry response that reptile engine judgement receives and step 603 do not repeat them here.
605, the reptile engine removes in step 603, step 604 information of the Peer that repeats and the information of invalid Peer, and remaining Peer information is write the Peer list.
606, the reptile engine judges whether the quantity of the Peer that writes in the Peer list has reached threshold value, if so, carries out 608, if not, carries out 607;
607, the reptile engine as the query source of upgrading, returns to above-mentioned remaining Peer (being effective Peer) to execution in step 604, utilizes the reptile program creation query requests of application protocol, sends query requests to the query source of upgrading.
608, the reptile engine sends identifying information to the identification engine, and identifying information comprises: the Peer information in the Peer list, the sign of application protocol and aging suggestion time.
Wherein, the Peer information in the Peer list comprises: the transport layer protocol sign that the address of Peer and this Peer use.
Wherein, the step of this step and front can realize in same thread, also can realize in different threads or process, does not affect realization of the present invention.
Consult Fig. 7, this embodiment take application protocol as Bittorent DHT agreement, network entity describe as Peer (map network entity) as example the reptile engine obtain Peer information and to identification engine report the process of identifying information to comprise:
701, the reptile engine utilizes the reptile program creation query requests of application protocol, sends query requests to known Peer, and this Peer returns to inquiry response to the reptile engine, and it comprises: the information of the Peer related with this Peer.
Wherein, the Peer related with this Peer is: use this application protocol and have the Peer of same asset with this Peer; The information of the Peer related with this Peer comprises: with the address of the related Peer of this Peer and the transport layer protocol sign used with the related Peer of this Peer.
Wherein, in this step, known Peer is predetermined Peer, carry in the query response message that perhaps receives effectively and be not the Peer of query source.Wherein, predetermined Peer is the Peer of the query source of this Bittorent DHT agreement of conduct of being scheduled to.
Optionally, after the reptile engine receives inquiry response, can judge the validity of inquiry response, when this inquiry response was effective, wherein, the mode description corresponding to above-described embodiment of the validity of judgement inquiry response was identical, does not repeat them here.When this inquiry response is effective, then carry out subsequent step.
702, the reptile engine removes the information of Peer invalid in step 701, and remaining effective Peer address information is write the Peer list.
703, the reptile engine judges whether the quantity of the Peer that writes in the Peer list has reached threshold value, if so, carries out 705, if not, carries out 704.
704, the reptile engine with in the Peer of inquiry response feedback effectively and the Peer that did not do query source as the query source of upgrading, return to execution in step 701 and utilize the reptile program creation query requests of application protocol, send query requests to the query source of upgrading.
705, the reptile engine sends identifying information to the identification engine, and identifying information comprises: the Peer information in the Peer list, the sign of application protocol and aging suggestion time.
Wherein, the step of this step and front can realize in same thread, also can realize in different threads or process, does not affect realization of the present invention.
Optionally, after the identification engine gets identifying information, it can be shared to other identification engines uses, wherein, identifying information comprises: the corresponding relation of the information of the network entity of the sign of application protocol and this application protocol of use, this identifying information can also comprise: the aging suggestion time of this corresponding relation.Concrete, following two kinds of sharing modes can be arranged:
1, the identification engine in each DPI equipment reports information sharing control centre with identifying information, obtains this identifying information for the identification engine in other DPI equipment from this information sharing control centre, as shown in Figure 8.
2, the identification engine in each DPI equipment is announced identifying information each other, as shown in Figure 9.
Wherein, the identification engine in DPI equipment can obtain identifying information in the following way: first kind of way: the identifying information that the reptile engine sends to the identification engine, described in the various embodiments described above; The second way: the identification engine in DPI equipment identifies according to the characteristic character in packet or characteristic behavior the application protocol that this packet is suitable for, record identifying information, it comprises: the sign of this application protocol and transmission and/or receive the corresponding relation of information of the network entity of this packet.Optionally, this identifying information can also comprise: the aging suggestion time.
Consult Figure 10, the embodiment of the present invention provides a kind of web crawlers, and it comprises:
Set up unit 50, be used for utilizing the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Transmitting element 60 is used for sending to DPI equipment the identifying information that comprises described corresponding relation, makes the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag; Wherein, use the network entity information of described application protocol to comprise: to use the address of the network entity of described application protocol to identify with the transport layer protocol that the network entity that uses described application protocol uses.
Wherein,, do not repeat them here referring to the associated description under embodiment of the method step 101 for the description of information of network entity etc.
Utilize the reptile program of application protocol to set up this application protocol in the embodiment of the present invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduce performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, the time of having reduced code stream identification.
Consult Figure 11, in one embodiment, set up unit 50 and specifically comprise: query source determining unit 51 is used for definite network entity as query source; Wherein, described network entity as query source uses described application protocol; Query unit 52 is used for utilizing the reptile program of application protocol to obtain the information of the network entity related with described query source from described query source; Wherein, the network entity related with described query source is for using described application protocol and having the network entity of same asset with described query source; With query source updating block 53, be used for when not reaching the poll-final condition, do not do the network entity of query source in network entity that will be related with described query source as the query source of upgrading, the query source of described renewal is sent to described query unit, trigger described query unit and utilize the reptile program of application protocol to obtain the information of the network entity related with the query source of described renewal from the network entity as the query source of upgrading; Corresponding relation is set up unit 54, be used for when reach the poll-final condition, set up the definite corresponding relation as the information of the network entity of query source of the information of the network entity that described application protocol and described query unit get and described query source determining unit.Concrete, query source determining unit 51, be used for the mapping relations according to the network entity Information and application protocol-identifier of DPI equipment transmission, determine that the corresponding network entity of application protocol identification in described mapping relations is the network entity as query source, wherein, described DPI equipment is the mapping relations of utilizing the definite network entity Information and application protocol-identifier of deep packet inspection technical.Perhaps, query source determining unit 51 determines that extract and network entity that use this application protocol is the network entity as query source from the seed file of specific resources; Perhaps, query source determining unit 51 determines that track and the network entity that use this application protocol of the tracker Tracker that extracts from the seed file of specific resources is the network entity as query source.
This execution mode utilizes the reptile program of application protocol by order, get the Peer information that is associated with this query source from query source, and then the query source that the conduct that will get is upgraded again, obtain again the Peer information that is associated with the query source of upgrading, in this way, get the Peer information of using this application protocol in network, with this application protocol with use the corresponding relation of the Peer information of this application protocol to send to identification engine in DPI equipment, make identification engine in DPI equipment utilize application protocol under this corresponding relation recognition data bag.
Consult Figure 12, in another embodiment, setting up unit 50 specifically comprises: call unit 56, the reptile program that is used for sequence call reptile collection of programs application protocol sends probe request message to the network entity in network, until receive the successful response message of expression detection that described network entity returns; Corresponding relation is set up unit 57, is used for setting up the corresponding relation of the information of application protocol that the probe request message of corresponding response message uses and described network entity.In this mode, this web crawlers also comprises: receiving element 61, and the needs that are used for the transmission of reception DPI equipment are identified the information of the network entity of application protocol; Call unit 56, reptile program for sequence call reptile collection of programs application protocol sends probe request message to the described network entity that need to identify application protocol, until receive the successful response message of expression detection that the described network entity that need to identify application protocol returns.The network entity that this execution mode is identified application protocol by the reptile program of application protocol in sequence call reptile collection of programs to needs sends probe request message, until receive the successful response message of expression detection that this network entity returns, set up the corresponding relation of the application protocol that this network entity information and the probe request message of corresponding response message use and send to DPI equipment, making identification engine in DPI equipment utilize application protocol under this corresponding relation recognition data bag.
In this embodiment, the network entity of identifying application protocol to needs by the reptile program of application protocol in sequence call reptile collection of programs sends probe request message, until receive the successful response message of expression detection that this network entity returns, set up the corresponding relation of the application protocol that this network entity information and the probe request message of corresponding response message use and send to DPI equipment, making identification engine in DPI equipment utilize application protocol under this corresponding relation recognition data bag.
Consult Figure 13, the embodiment of the present invention provides a kind of network system, it is characterized in that, comprising: web crawlers 70 and DPI equipment, wherein,
Web crawlers 70 for the reptile program of utilizing application protocol, is set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use; Wherein,, do not repeat them here referring to the associated description under embodiment of the method step 101 for the description of information of network entity etc.
DPI equipment 80 is used for receiving the described identifying information that described reptile engine sends, and utilizes the affiliated application protocol of described corresponding relation recognition data bag.
Wherein, web crawlers 70 can be integrated on DPI equipment 80.The structure of web crawlers 70, does not repeat them here with embodiment illustrated in fig. 12 similar to above-mentioned Figure 10, Figure 11.
In order to realize sharing of above-mentioned identifying information, in one embodiment, this network system also comprises: information sharing control centre 90, wherein,
DPI equipment 70 also is used for the described identifying information that described web crawlers sends is sent to information sharing control centre 90.Information sharing control centre 90 be used for to receive the identifying information that DPI equipment 70 sends, and obtains described identifying information for other DPI equipment except described DPI equipment 70 in network from described information sharing control centre 90.Optionally, DPI equipment 70 can also send to the identifying information that obtains by deep packet inspection technical information sharing control centre, wherein, the identifying information that obtains by deep packet inspection technical comprises: the corresponding relation of application protocol under the source of packet and/or the address of destination and the transport layer protocol that uses and this packet, optionally, it can also comprise: the aging suggestion time of this corresponding relation.
In another embodiment, described DPI equipment 70 also is used for the described identifying information that described web crawlers sends is sent to network other DPI equipment except described DPI equipment.
Utilize the reptile program of application protocol to set up this application protocol in the embodiment of the present invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduce performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, the time of having reduced code stream identification.
Wherein, above-mentioned DPI equipment can be used for network system shown in Figure 14, wherein, DPI equipment can exist with GGSN (Gateway GPRS Support Node, Gateway GPRS Support Node) is independent, also can be integrated on an equipment with GGSN, not affect realization of the present invention.In figure, GGSN is by SGSN (Serving GPRS Support Node, Serving GPRS Support Node) with GPRS (General Packet Radio Service, the general packet radio service technology)/UMTS (Universal Mobile Telecommunications System, universal mobile telecommunications system) connect, DPI equipment is connected with Internet by fire compartment wall, and Peer is arranged in GPRS/UMTS or Internet.
One of ordinary skill in the art will appreciate that all or part of step that realizes in above-described embodiment method is to come the relevant hardware of instruction to complete by program, described program can be stored in a kind of computer-readable recording medium, read-only memory for example, disk or CD etc.
The above method from the information of recognition data bag to DPI, web crawlers and the network system that are provided for that the embodiment of the present invention is provided is described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (11)

1. a method that is provided for the information of recognition data bag, is characterized in that, comprising:
Utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Send the identifying information that comprises described corresponding relation to deep-packet detection DPI equipment, make the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: to use the address of the network entity of described application protocol to identify with the transport layer protocol that the network entity that uses described application protocol uses; The described reptile program of utilizing application protocol, the corresponding relation of setting up described application protocol and the information of the network entity that uses described application protocol comprises:
A, definite network entity as query source; Wherein, described network entity as query source uses described application protocol;
B, utilize the reptile program of application protocol to obtain the information of the network entity related with described query source from described query source; Wherein, the network entity related with described query source is for using described application protocol and having the network entity of same asset with described query source;
C, will be related with described query source network entity in do not make query source network entity as the query source of upgrading, when not reaching the poll-final condition, return to execution in step B, at this moment, the query source in described step B is the query source of described renewal; When reaching the poll-final condition, set up the corresponding relation of described application protocol and the information of the network entity that uses described application protocol.
2. method according to claim 1, is characterized in that, described definite query source comprises:
The mapping relations of the network entity Information and application protocol-identifier that sends according to DPI equipment determine that the corresponding network entity of application protocol identification in described mapping relations is the network entity as query source.
3. method according to claim 1, is characterized in that, the described reptile program of utilizing application protocol, and the corresponding relation of setting up described application protocol and the information of the network entity that uses described application protocol comprises:
In sequence call reptile collection of programs, the reptile program of application protocol sends probe request message to network entity, survey successful response message until receive the expression that described network entity returns, set up the corresponding relation of the information of application protocol that the probe request message of corresponding response message uses and described network entity.
4. method according to claim 3, is characterized in that, before the reptile program of application protocol sent probe request message to network entity in sequence call reptile collection of programs, the method also comprised:
The needs that receive the transmission of DPI equipment are identified the information of the network entity of application protocol;
In described sequence call reptile collection of programs, the reptile program of application protocol comprises to network entity transmission probe request message:
In sequence call reptile collection of programs, the reptile program of application protocol sends probe request message to the described network entity of identification application protocol that needs.
5. a web crawlers that is provided for the information of recognition data bag, is characterized in that, comprising:
Set up the unit, be used for utilizing the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Transmitting element is used for sending to DPI equipment the identifying information that comprises described corresponding relation, makes the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: to use the address of the network entity of described application protocol to identify with the transport layer protocol that the network entity that uses described application protocol uses;
The described unit of setting up comprises:
The query source determining unit is used for definite network entity as query source; Wherein, described network entity as query source uses described application protocol;
Query unit is used for utilizing the reptile program of application protocol to obtain the information of the network entity related with described query source from described query source; Wherein, the network entity related with described query source is for using described application protocol and having the network entity of same asset with described query source;
The query source updating block, be used for when not reaching the poll-final condition, do not do the network entity of query source in network entity that will be related with described query source as the query source of upgrading, the query source of described renewal is sent to described query unit, trigger described query unit and utilize the reptile program of application protocol to obtain the information of the network entity related with the query source of described renewal from the network entity as the query source of upgrading;
Corresponding relation is set up the unit, is used for when reach the poll-final condition, sets up the definite corresponding relation as the information of the network entity of query source of the information of the network entity that described application protocol and described query unit get and described query source determining unit.
6. web crawlers according to claim 5, is characterized in that,
Described query source determining unit is used for the mapping relations of the network entity Information and application protocol-identifier that sends according to DPI equipment, determines that the corresponding network entity of application protocol identification in described mapping relations is the network entity as query source.
7. web crawlers according to claim 5, is characterized in that,
The described unit of setting up comprises:
Call unit, the reptile program that is used for sequence call reptile collection of programs application protocol sends probe request message to the network entity in network, until receive the successful response message of expression detection that described network entity returns;
Corresponding relation is set up the unit, is used for setting up the corresponding relation of the information of application protocol that the probe request message of corresponding response message uses and described network entity.
8. web crawlers according to claim 7, is characterized in that,
Also comprise:
Receiving element, the needs that are used for the transmission of reception DPI equipment are identified the information of the network entity of application protocol;
Described call unit, reptile program for sequence call reptile collection of programs application protocol sends probe request message to the described network entity that need to identify application protocol, until receive the successful response message of expression detection that the described network entity that need to identify application protocol returns.
9. a network system that is provided for the information of recognition data bag, is characterized in that, comprising: the described web crawlers of claim 5-8 any one and deep-packet detection DPI equipment, wherein,
DPI equipment is used for receiving the described identifying information that described web crawlers sends, and utilizes the affiliated application protocol of described corresponding relation recognition data bag.
10. network system according to claim 9, is characterized in that,
Described DPI equipment also is used for the described identifying information that described web crawlers sends is sent to information sharing control centre, obtains described identifying information for other DPI equipment except described DPI equipment in network from described information sharing control centre;
Perhaps, described DPI equipment also is used for the described identifying information that described web crawlers sends is sent to network other DPI equipment except described DPI equipment.
11. network system according to claim 9 is characterized in that,
Described identifying information also comprises: the aging suggestion time of described corresponding relation;
Described DPI equipment also is used for controlling described corresponding relation invalid when the described aging suggestion time arrives.
CN 201110082236 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system Expired - Fee Related CN102137022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110082236 CN102137022B (en) 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110082236 CN102137022B (en) 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system

Publications (2)

Publication Number Publication Date
CN102137022A CN102137022A (en) 2011-07-27
CN102137022B true CN102137022B (en) 2013-11-06

Family

ID=44296681

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110082236 Expired - Fee Related CN102137022B (en) 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system

Country Status (1)

Country Link
CN (1) CN102137022B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567513B (en) * 2011-12-27 2014-09-17 北京神州绿盟信息安全科技股份有限公司 Method and equipment for collecting phishing websites
CN104408195B (en) * 2014-12-15 2017-12-19 北京国双科技有限公司 The determination methods and device of crawlers working condition
CN108200586B (en) * 2016-12-08 2021-03-23 中国电信股份有限公司 Method and system for mobile network aware data association
CN106941459A (en) * 2017-05-02 2017-07-11 武汉绿色网络信息服务有限责任公司 The processing method and system of HTTP downlink traffics in asymmetric routed environment
WO2019075608A1 (en) * 2017-10-16 2019-04-25 Oppo广东移动通信有限公司 Method and device for identifying encrypted data stream, storage medium, and system
CN111371655B (en) * 2020-04-07 2022-02-25 中移雄安信息通信科技有限公司 Deep packet inspection method, DPI device, transit device, system and storage medium
CN113765728B (en) * 2020-06-04 2023-07-14 深信服科技股份有限公司 Network detection method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534248A (en) * 2009-04-14 2009-09-16 华为技术有限公司 Deep packet identification method, system and business board
CN101582897A (en) * 2009-06-02 2009-11-18 中兴通讯股份有限公司 Deep packet inspection method and device
CN101621504A (en) * 2008-06-30 2010-01-06 中兴通讯股份有限公司 Deep packet inspection method and system
CN101714952A (en) * 2009-12-22 2010-05-26 北京邮电大学 Method and device for identifying traffic of access network
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8264965B2 (en) * 2008-03-21 2012-09-11 Alcatel Lucent In-band DPI application awareness propagation enhancements

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621504A (en) * 2008-06-30 2010-01-06 中兴通讯股份有限公司 Deep packet inspection method and system
CN101534248A (en) * 2009-04-14 2009-09-16 华为技术有限公司 Deep packet identification method, system and business board
CN101582897A (en) * 2009-06-02 2009-11-18 中兴通讯股份有限公司 Deep packet inspection method and device
CN101714952A (en) * 2009-12-22 2010-05-26 北京邮电大学 Method and device for identifying traffic of access network
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
简光垚.《基于启发式识别的深层数据包检测P2P流的研究与实现》.《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑2009年第03期》.2009,全文. *

Also Published As

Publication number Publication date
CN102137022A (en) 2011-07-27

Similar Documents

Publication Publication Date Title
CN102137022B (en) Method for identifying information of data packet, crawler engine and network system
JP5889445B2 (en) Method and apparatus for identifying an application associated with an IP flow using DNS data
US9871850B1 (en) Enhanced browsing using CDN routing capabilities
KR20120137726A (en) A transmission node and a receiver node of a contents centric network and a communination method thereof
WO2017066359A1 (en) Determining direction of network sessions
CN103888928A (en) Business strategy control method and system
US8341285B2 (en) Method and system for transferring files
JP5847185B2 (en) Content sharing method and apparatus using group change information in content-centric network environment
CN102640467A (en) Enhanced anycast for edge server selection
CN104333567A (en) Web caching with security as a service
CN103781055A (en) Data downloading method and associated device
CN105471748A (en) Application shunting method and device
CN108207012B (en) Flow control method, device, terminal and system
WO2021003798A1 (en) Method and system for implementing domain name access accelration
CN113726873B (en) Block chain-based file processing method, system, device and storage medium
CN103595808B (en) A kind of file update information method for pushing and device
CN103200231A (en) Strategy control method and system
CN114390044A (en) File uploading method, system, device and storage medium
CN102164150B (en) Method, device, server and system for delivering strategies
CN103746768A (en) Data packet identification method and equipment thereof
CN108200110A (en) A kind of data processing method, apparatus and system
Zavodovski et al. edisco: Discovering edge nodes along the path
CN108011801A (en) Method, unit and the system of data transfer
CN110278558A (en) The exchange method and wlan system of message
CN109639788A (en) Cross-domain name joint debugging method and system for voice dialogue platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20180507

Address after: California, USA

Patentee after: Global innovation polymerization LLC

Address before: London, England

Patentee before: GW partnership Co.,Ltd.

Effective date of registration: 20180507

Address after: London, England

Patentee after: GW partnership Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20131106