CN103428295B - A kind of monitoring method and system of peer-to-peer network application - Google Patents
A kind of monitoring method and system of peer-to-peer network application Download PDFInfo
- Publication number
- CN103428295B CN103428295B CN201310381658.7A CN201310381658A CN103428295B CN 103428295 B CN103428295 B CN 103428295B CN 201310381658 A CN201310381658 A CN 201310381658A CN 103428295 B CN103428295 B CN 103428295B
- Authority
- CN
- China
- Prior art keywords
- application
- packet
- tcp
- node
- identified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 22
- 238000000034 method Methods 0.000 title claims abstract description 13
- 230000000903 blocking effect Effects 0.000 claims description 4
- 240000002853 Nelumbo nucifera Species 0.000 claims description 3
- 235000006508 Nelumbo nucifera Nutrition 0.000 claims description 3
- 235000006510 Nelumbo pentapetala Nutrition 0.000 claims description 3
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000006399 behavior Effects 0.000 description 17
- 230000005540 biological transmission Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
Abstract
The invention provides the monitoring method and system of a kind of peer-to-peer network application;Described method includes: utilize behavior characteristics to identify the Peer-to-Peer Network P2P node in described LAN;The TCP/UDP packet of the P2P node transmitting-receiving for being identified, utilizes behavior characteristics or load characteristic to identify the network packet of P2P application;According to predetermined policy, let pass or block the network packet that identified P2P applies.The present invention can effectively monitor the P2P application in LAN.
Description
Technical field
The present invention relates to areas of information technology, be specifically related to the monitoring of peer-to-peer network application in a kind of LAN
Method and system.
Background technology
At present, along with the fast development of network, P2P(peer-to-peer network) apply the master having become as the Internet
One of applying, the pattern of P2P also becomes the preferred mode of many new business, and P2P technology extensively should
For the fields such as file-sharing, Internet video, the networking telephone, resource-sharing and parallel transmission in a distributed manner
Feature, provided the user more resource, higher available bandwidth and more preferable service quality,
Meanwhile, P2P applies and brings problems with:
(1) P2P application alreadys more than Web application and occupies the network bandwidth of more than 50%, causes
Network congestion, have impact on user and surfs the Net experience;
(2) Internet resources are seized in P2P application so that other application in LAN cannot obtain due
Bandwidth, causing critical services cannot be guaranteed.
Summary of the invention
The technical problem to be solved in the present invention is how to effectively monitor the P2P application in LAN.
In order to solve the problems referred to above, the invention provides the monitoring method of a kind of peer-to-peer network application, including:
Behavior characteristics is utilized to identify the Peer-to-Peer Network P2P node in described LAN;
The TCP/UDP packet of the P2P node transmitting-receiving for being identified, utilizes behavior characteristics or load
Feature identification goes out the network packet of P2P application;
According to predetermined policy, let pass or block the network packet that identified P2P applies.
Alternatively, the described step utilizing behavior characteristics to identify the P2P node in described LAN includes:
For the one or more nodes in described LAN, each node in the time of statistics predetermined length
Connect into power or broadcast packet number;
The described power that connects into is met the first predetermined condition or described broadcast packet number meets the second predetermined bar
The node of part is identified as P2P node.
Alternatively, the TCP/UDP packet of the described P2P node transmitting-receiving for being identified, utilize row
It is characterized or load characteristic identifies the step of network packet of P2P application and includes:
Each TCP/UDP packet of the P2P node transmitting-receiving for being identified, records this TCP/UDP
The five-tuple of packet, calculates the entropy of front 32 bytes in this TCP/UDP data pack load;
When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if this TCP/UDP number
According to the loaded matching preassigned pattern of bag, then this TCP/UDP packet is the network packet of P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if recorded
In five-tuple, IP number of addresses and the ratio of port number are less than predetermined fractional threshold, then this TCP/UDP
Packet is the network packet of P2P application.
Alternatively, described entropy threshold value is 0.35, and described fractional threshold is 2.0.
Alternatively, described according to predetermined policy, let pass or block the network number that identified P2P applies
Include according to the step of bag:
Calculate the flow of the network packet of P2P application in described LAN, and this LAN gateway
Total flow;
When described total flow is more than first flow threshold value, or the flow of the network packet of described P2P application
During more than second flow threshold value, block the network packet of the P2P application identified.
Present invention also offers the monitoring system of a kind of peer-to-peer network application, including:
Node identification module, for utilizing behavior characteristics to identify the P2P node in described LAN;
Application recognition module, for the TCP/UDP packet of the P2P node transmitting-receiving for being identified,
Behavior characteristics or load characteristic is utilized to identify the network packet of P2P application;
Application controls module, for according to predetermined policy, lets pass or blocks identified P2P application
Network packet.
Alternatively, described node identification module utilizes the P2P joint that behavior characteristics identifies in described LAN
Point refers to:
Described node identification module, for the one or more nodes in described LAN, adds up predetermined length
Time in each node connect into power or broadcast packet number;Connect into power by described to meet first pre-
The node that fixed condition or described broadcast packet number meet the second predetermined condition is identified as P2P node.
Alternatively, the TCP/UDP of the described application recognition module P2P node transmitting-receiving for being identified
Packet, the network packet utilizing behavior characteristics or load characteristic to identify P2P application refers to:
Each TCP/UDP packet of the described application recognition module P2P node transmitting-receiving for being identified,
Record the five-tuple of this TCP/UDP packet, calculate front 32 bytes in this TCP/UDP data pack load
Entropy;When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if this TCP/UDP
The loaded matching preassigned pattern of packet, then this TCP/UDP packet is the network packet of P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if recorded five yuan
In group, IP number of addresses and the ratio of port number are less than predetermined fractional threshold, then these TCP/UDP data
Wrap the network packet for P2P application.
Alternatively, described entropy threshold value is 0.35, and described fractional threshold is 2.0.
Alternatively, described application controls module, according to predetermined policy, is let pass or blocks identified P2P
The network packet of application refers to:
Described application controls module calculates the flow of the network packet of P2P application in described LAN, with
And the total flow of this LAN gateway;When described total flow is more than first flow threshold value, or described P2P
When the flow of the network packet of application is more than second flow threshold value, block what the P2P identified applied
Network packet.
Technical scheme can solve the problem that P2P seizes Internet resources and causes network blockage, affects other
The problem of network application, allows users to obtain efficiently information, improves user and surfs the Net experience.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the monitoring method of the P2P application of embodiment one;
Fig. 2 be embodiment one example in the flow chart of P2P node identification;
Fig. 3 be embodiment one example in P2P application identify flow chart;
Fig. 4 be embodiment one example in the flow chart of P2P application controls;
Fig. 5 is the configuration diagram of the monitoring system of the P2P application of embodiment two;
Fig. 6 is the networking schematic diagram of the monitoring system of the P2P application of embodiment two;
Fig. 7 be embodiment two example in the main flow chart of monitoring system of P2P application.
Detailed description of the invention
Below in conjunction with drawings and Examples, technical scheme is described in detail.
If it should be noted that do not conflict, each feature in the embodiment of the present invention and embodiment can
To be combined with each other, all within protection scope of the present invention.Although it addition, showing in flow charts and patrol
Collect sequentially, but in some cases, can be to be different from shown or described by order execution herein
Step.
The monitoring method of embodiment one, a kind of P2P application, as it is shown in figure 1, include:
S101, behavior characteristics is utilized to identify the P2P node in described LAN;
S102, the TCP(transmission control protocol that the P2P node identified is received and dispatched)/UDP(use
User data datagram protocol) packet, utilize behavior characteristics or load characteristic to identify the network number of P2P application
According to bag;
S103, according to predetermined policy, let pass or block the network packet of identified P2P application.
The present embodiment passes through behavior characteristics identification LAN P2P node, by behavior characteristics or load characteristic
Identifying the flow of P2P application, thus control P2P application further, the present embodiment can manage effectively
P2P application in LAN, enables the network bandwidth rationally to be taken.
In an embodiment of the present embodiment, described step S104 specifically may include that
For the one or more nodes in described LAN, each node in the time of statistics predetermined length
Connect into power or broadcast packet number;
The described power that connects into is met the first predetermined condition or described broadcast packet number meets the second predetermined bar
The node of part is identified as P2P node.
In present embodiment, each node in the time that predetermined length can be added up after receiving monitoring instruction
Connect into power or broadcast packet number, it is also possible to periodically or record connecting into of recent each node constantly
Power or broadcast packet number.Can periodically identify P2P node, it is also possible to monitoring instruction is laggard receiving
Row identifies.
In present embodiment, can be shaken hands by SYN(in described network packet) message or ACK
The number of (confirmation) message connects into power described in calculating.In a kind of alternative of present embodiment,
Meet the first predetermined condition to refer to connect into power less than 0.8;Other alternative can also be arranged separately
This first predetermined condition.
In present embodiment, ICMP(Internet Internet Control Message Protocol can be passed through) bag number and TTL
The fiducial value of (life span) calculates described broadcast packet number.In a kind of alternative of present embodiment,
Meet the second predetermined condition and refer to that more than 5 and neighbouring broadcast bag TTL difference is 1 to broadcast packet number;Its
Its alternative can also arrange this second predetermined condition separately.
One object lesson of this embodiment is as in figure 2 it is shown, be periodically to identify P2P joint in this example
Point, comprises the following steps 201~208.
Step 201: whenever intercepting a network packet for transmission between LAN and the Internet, solve
Analyse this network packet and determine whether SYN or ACK message, if it is performing step 202;
If not then determining whether ICMP bag, if it is perform step 205, if not then returning step
Rapid 201.
Step 202: the number that respective nodes in LAN transmits/receives SYN and ACK message is added one.
Step 203: obtain current time, and calculate and start in this recognition cycle the difference of the time added up
Value, it may be judged whether arrive recognition cycle, if arriving, performs step 204;If not arriving, return step
201。
Step 204: calculate each node in LAN connects into power, identifies that whether each node is respectively
P2P node, performs step 208.
Step 205: the number that respective nodes in LAN transmits/receives ICMP bag is added one, it is judged that ttl value
(life span) preserved the most, without then preserving this ttl value.
Step 206: obtain current time, and calculate and start in this recognition cycle the difference of the time added up
Value, it may be judged whether to recognition cycle, if arriving, performs step 204, if not arriving, returns step 201.
Step 207: calculate the ICMP bag number of each node and TTL fiducial value in LAN, know respectively
Whether the most each node is P2P node, performs step 208.
Step 208: the IP address of the P2P node that will identify that and port store in P2P node table;
Described P2P informational table of nodes can include table name, IP address, port and establishment time field etc..Terminate
The identification of this recognition cycle, resets statistical value.
In an embodiment of the present embodiment, described step S102 specifically may include that
Each TCP/UDP packet of the P2P node transmitting-receiving for being identified, records this TCP/UDP
The five-tuple of packet, calculates the entropy of front 32 bytes in this TCP/UDP data pack load;
When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if this TCP/UDP number
According to the loaded matching preassigned pattern of bag, then this TCP/UDP packet is the network packet of P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if recorded
In five-tuple, IP number of addresses and the ratio of port number are less than predetermined fractional threshold, then this TCP/UDP
Packet is the network packet of P2P application.
In a kind of alternative of the present embodiment, described entropy threshold value can be, but not limited to be 0.35, described
Fractional threshold can be, but not limited to be 2.0;Other alternative can also arrange described entropy threshold value separately
And described fractional threshold;Described preassigned pattern can be set to P2P application according to statistical conditions or experience and carry
One or more patterns that lotus is common.
One object lesson of this embodiment is as it is shown on figure 3, the identification to P2P application includes following step
Rapid 301~306.
Step 301: for the P2P node identified, whenever intercept a LAN and the Internet it
Between transmission network packet, resolve this network packet, and store the five-tuple (source of this network packet
IP address, purpose IP address, source port, destination interface, agreement), it is judged that whether this network packet
Comprise TCP/UDP bag, if comprising, performing step 302, if do not comprised, terminating.
Step 302: by the source IP address of this network packet and source port, purpose IP address and destination
Mouth stores in P2P link information table;Described P2P link information table can include table name, source IP address,
Purpose IP address, source port, destination interface and establishment time field etc..
Step 303: calculate the entropy of 32 bytes before this network data payload package;Judge that this entropy is the biggest
In entropy threshold value, if greater than then performing step 304, if less than then performing step 305;If equal to
Then could be arranged to perform step 304, in 305 any one.
Step 304: calculate the ratio of IP number of addresses and port number;If ratio is less than fractional threshold, enter
Row step 306;If not less than fractional threshold, terminated.
Step 305: the load of this network packet is carried out pattern match, if the match is successful, is carried out
Step 306, if mating unsuccessful, terminates.
Step 306: this network packet is identified as the network packet of P2P application, terminates.
In an embodiment of the present embodiment, described step S103 specifically may include that
Calculate the flow of the network packet of P2P application in described LAN, and this LAN gateway
Total flow;
When described total flow is more than first flow threshold value, or the flow of the network packet of described P2P application
During more than second flow threshold value, block the network packet of the P2P application identified.
In a kind of alternative of present embodiment, described first flow threshold value can be, but not limited to as described
The 80% of LAN gateway total bandwidth, second flow threshold value can be, but not limited to as described total flow
80%.Other alternative can also arrange described first, second flow threshold the most separately.
One object lesson of this embodiment as shown in Figure 4, the control of network packet to P2P application
System comprises the following steps 401~404.
Step 401: when network packet is identified as the network packet of P2P application, carry out step
402;
Step 402: add up the total flow of described LAN gateway and the network packet of P2P application
Flow (hereinafter P2P flow);
Step 403: if total flow is both less than corresponding threshold value with P2P flow, then this network data of letting pass
Bag.
Step 404: at least one is more than corresponding threshold value if total flow is with P2P flow, then blocking should
Network packet.
The monitoring system of embodiment two, a kind of P2P application, as it is shown in figure 5, include:
Node identification module, for utilizing behavior characteristics to identify the P2P node in described LAN;
Application recognition module, for the TCP/UDP packet of the P2P node transmitting-receiving for being identified,
Behavior characteristics or load characteristic is utilized to identify the network packet of P2P application;
Application controls module, for according to predetermined policy, lets pass or blocks identified P2P application
Network packet.
In an embodiment of the present embodiment, described monitoring system can also include:
Memory module, including an information bank, is used for storing P2P informational table of nodes and P2P link information table;
P2P informational table of nodes includes table name, IP address, port and establishment time field;P2P link information table
Including table name, source IP address, purpose IP address, source port, destination interface and establishment time field.
Management module, for managing the monitoring strategies of P2P application and being saved in information bank;Can be used for setting
Put each threshold value etc.;
Communication module, for intercepting the network packet of transmission between LAN and the Internet, and works as institute
When stating P2P application controls module clearance network packet, forward this network packet.
In an embodiment of the present embodiment, described node identification module utilizes behavior characteristics to identify institute
The P2P node stated in LAN specifically may refer to:
Described node identification module, for the one or more nodes in described LAN, adds up predetermined length
Time in each node connect into power or broadcast packet number;Connect into power by described to meet first pre-
The node that fixed condition or described broadcast packet number meet the second predetermined condition is identified as P2P node.
In present embodiment, can be shaken hands by SYN(in described network packet) message or ACK
The number of (confirmation) message connects into power described in calculating.In a kind of alternative of present embodiment,
Meet the first predetermined condition to refer to connect into power less than 0.8;Other alternative can also be arranged separately
This first predetermined condition.
In present embodiment, ICMP(Internet Internet Control Message Protocol can be passed through) bag number and TTL
The fiducial value of (life span) calculates described broadcast packet number.In a kind of alternative of present embodiment,
Meet the second predetermined condition and refer to that more than 5 and neighbouring broadcast bag TTL difference is 1 to broadcast packet number;Its
Its alternative can also arrange this second predetermined condition separately.
In an embodiment of the present embodiment, described application recognition module is for the P2P joint identified
The TCP/UDP packet of some transmitting-receiving, utilizes behavior characteristics or load characteristic to identify the network of P2P application
Packet specifically may refer to:
Each TCP/UDP packet of the described application recognition module P2P node transmitting-receiving for being identified,
Record the five-tuple of this TCP/UDP packet, calculate front 32 bytes in this TCP/UDP data pack load
Entropy;When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if this TCP/UDP
The loaded matching preassigned pattern of packet, then this TCP/UDP packet is the network packet of P2P application;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if recorded five yuan
In group, IP number of addresses and the ratio of port number are less than predetermined fractional threshold, then these TCP/UDP data
Wrap the network packet for P2P application.
In a kind of alternative of the present embodiment, described entropy threshold value can be, but not limited to be 0.35, described
Fractional threshold can be, but not limited to be 2.0;Other alternative can also arrange described entropy threshold value separately
And described fractional threshold;Described preassigned pattern can be set to P2P application according to statistical conditions or experience and carry
One or more patterns that lotus is common.
In an embodiment of the present embodiment, described application controls module according to predetermined policy, let pass or
The network packet blocking the P2P application identified specifically may refer to:
Described application controls module calculates the flow of the network packet of P2P application in described LAN, with
And the total flow of this LAN gateway;When described total flow is more than first flow threshold value, or described P2P
When the flow of the network packet of application is more than second flow threshold value, block what the P2P identified applied
Network packet.
In a kind of alternative of present embodiment, described first flow threshold value can be, but not limited to as described
The 80% of LAN gateway total bandwidth, second flow threshold value can be, but not limited to as described total flow
80%.Other alternative can also arrange described first, second flow threshold the most separately.
Fig. 6 show the networking schematic diagram of the monitoring system of the present embodiment.
Described LAN includes the network equipment, Network Security Device, main frame and terminal etc.;Wherein network sets
For including router and switch etc.;Network Security Device can include fire wall, VPN, network
Anti-Virus and intruding detection system etc.;Main frame can include Web server, mail server and literary composition
Part server etc.;Terminal can include subscriber computer and self-aided terminal etc..
Internet(the Internet), router can be included, for transmitting and routing network traffic.
Described monitoring system is connected between described the Internet and LAN to be monitored, and can intercept office
The network packet of transmission between territory net and the Internet.
One object lesson of the present embodiment as it is shown in fig. 7, the workflow of described monitoring system include with
Lower step 601~607.
Step 601: initialize, arranges P2P application monitoring strategies in management module and is stored into
In the information bank of memory module.
Step 602: receive P2P packet in communication module.
Step 603: utilize behavior characteristics identification LAN P2P node in node identification module.
Step 604: utilize behavior characteristics or load characteristic identification P2P to apply in application recognition module
Network packet;Network packet to then P2P application, performs step 605.
Step 605: in application controls module, decision-making blocking-up or clearance P2P packet.
Step 606: block accordingly or let pass.
Step 607: for clearance action, communication module forwards the network packet of P2P application.
One of ordinary skill in the art will appreciate that all or part of step in said method can pass through program
Instructing related hardware to complete, described program can be stored in computer-readable recording medium, as read-only
Memorizer, disk or CD etc..Alternatively, all or part of step of above-described embodiment can also use
One or more integrated circuits realize.Correspondingly, each module/unit in above-described embodiment can use
The form of hardware realizes, it would however also be possible to employ the form of software function module realizes.The present invention is not restricted to appoint
The combination of the hardware and software of what particular form.
Certainly, the present invention also can have other various embodiments, spiritual and essence without departing substantially from the present invention
In the case of, those of ordinary skill in the art work as can make various corresponding change and deformation according to the present invention,
But these change accordingly and deform the scope of the claims that all should belong to the present invention.
Claims (8)
1. a monitoring method for peer-to-peer network application, including:
Behavior characteristics is utilized to identify the Peer-to-Peer Network P2P node in LAN;
The TCP/UDP packet of the P2P node transmitting-receiving for being identified, utilizes behavior characteristics or load
Lotus feature identification goes out the network packet of P2P application;
According to predetermined policy, let pass or block the network packet that identified P2P applies;
Wherein, the TCP/UDP packet of the described P2P node transmitting-receiving for being identified, utilize row
It is characterized or load characteristic identifies the step of network packet of P2P application and includes:
Each TCP/UDP packet of the P2P node transmitting-receiving for being identified, records this TCP/UDP
The five-tuple of packet, calculates the entropy of front 32 bytes in this TCP/UDP data pack load;
When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if this TCP/UDP
The loaded matching preassigned pattern of packet, then this TCP/UDP packet is the network data of P2P application
Bag;
When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, if institute's record
Five-tuple in, the ratio of IP number of addresses and port number is less than predetermined fractional threshold, then this TCP/UDP
Packet is the network packet of P2P application.
2. the method for claim 1, it is characterised in that described utilize behavior characteristics to identify
The step of the P2P node in described LAN includes:
For the one or more nodes in described LAN, each node in the time of statistics predetermined length
Connect into power or broadcast packet number;
The described power that connects into is met the first predetermined condition or described broadcast packet number meets second and makes a reservation for
The node of condition is identified as P2P node.
3. the method for claim 1, it is characterised in that:
Described entropy threshold value is 0.35, and described fractional threshold is 2.0.
4. the method for claim 1, it is characterised in that described according to predetermined policy, lets pass
Or the step blocking the network packet of the P2P application identified includes:
Calculate the flow of the network packet of P2P application in described LAN, and this LAN gateway
Total flow;
When described total flow is more than first flow threshold value, or the flow of the network packet of described P2P application
During more than second flow threshold value, block the network packet of the P2P application identified.
5. the monitoring system of a peer-to-peer network application, it is characterised in that including:
Node identification module, for utilizing behavior characteristics to identify the P2P node in LAN;
Application recognition module, for the TCP/UDP packet of the P2P node transmitting-receiving for being identified,
Behavior characteristics or load characteristic is utilized to identify the network packet of P2P application;
Application controls module, for according to predetermined policy, lets pass or blocks identified P2P application
Network packet;
The TCP/UDP packet of the described application recognition module P2P node transmitting-receiving for being identified,
The network packet utilizing behavior characteristics or load characteristic to identify P2P application refers to:
Each TCP/UDP data of the described application recognition module P2P node transmitting-receiving for being identified
Bag, records the five-tuple of this TCP/UDP packet, before calculating in this TCP/UDP data pack load
The entropy of 32 bytes;When the entropy of TCP/UDP packet is less than predetermined entropy threshold value, if should
The loaded matching preassigned pattern of TCP/UDP packet, then this TCP/UDP packet is P2P application
Network packet;When the entropy of TCP/UDP packet is more than or equal to predetermined entropy threshold value, as
In the five-tuple that fruit is recorded, IP number of addresses and the ratio of port number less than predetermined fractional threshold, then should
TCP/UDP packet is the network packet of P2P application.
6. system as claimed in claim 5, it is characterised in that described node identification module utilizes row
It is characterized the P2P node identified in described LAN to refer to:
Described node identification module, for the one or more nodes in described LAN, adds up predetermined length
Time in each node connect into power or broadcast packet number;Connect into power by described to meet first pre-
The node that fixed condition or described broadcast packet number meet the second predetermined condition is identified as P2P node.
7. system as claimed in claim 5, it is characterised in that:
Described entropy threshold value is 0.35, and described fractional threshold is 2.0.
8. system as claimed in claim 5, it is characterised in that described application controls module is according to pre-
Fixed strategy, letting pass or blocking the network packet of identified P2P application refers to:
Described application controls module calculates the flow of the network packet of P2P application in described LAN, with
And the total flow of this LAN gateway;When described total flow is more than first flow threshold value, or described P2P
When the flow of the network packet of application is more than second flow threshold value, block what the P2P identified applied
Network packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310381658.7A CN103428295B (en) | 2013-08-28 | 2013-08-28 | A kind of monitoring method and system of peer-to-peer network application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310381658.7A CN103428295B (en) | 2013-08-28 | 2013-08-28 | A kind of monitoring method and system of peer-to-peer network application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428295A CN103428295A (en) | 2013-12-04 |
| CN103428295B true CN103428295B (en) | 2016-08-10 |
Family
ID=49652459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310381658.7A Active CN103428295B (en) | 2013-08-28 | 2013-08-28 | A kind of monitoring method and system of peer-to-peer network application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103428295B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219165A (en) * | 2014-09-25 | 2014-12-17 | 中国人民解放军信息工程大学 | Business bandwidth control method and apparatus |
| CN106006271A (en) * | 2016-07-18 | 2016-10-12 | 湖北天禾立方智能科技发展有限公司 | Single chip microcomputer driving MODEM internet-surfing transmission method and related intelligent elevator remote monitoring system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902365A (en) * | 2009-05-26 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method for monitoring P2P traffic of wide area network and system thereof |
| CN102387045A (en) * | 2011-09-30 | 2012-03-21 | 北京信息科技大学 | Embedded point to point (P2P) flow monitoring system and method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050030892A1 (en) * | 2003-06-23 | 2005-02-10 | Hagen David A. | System for providing network load distribution |
-
2013
- 2013-08-28 CN CN201310381658.7A patent/CN103428295B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902365A (en) * | 2009-05-26 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method for monitoring P2P traffic of wide area network and system thereof |
| CN102387045A (en) * | 2011-09-30 | 2012-03-21 | 北京信息科技大学 | Embedded point to point (P2P) flow monitoring system and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103428295A (en) | 2013-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7375068B2 (en) | Data packet detection methods, devices, and systems | |
| US7636305B1 (en) | Method and apparatus for monitoring network traffic | |
| US8594070B1 (en) | Acting on data packets in a mobile telecommunications network based on inner headers | |
| EP2241058B1 (en) | Method for configuring acls on network device based on flow information | |
| US8942242B2 (en) | Method and apparatus for self-learning of VPNS from combinations of unidirectional tunnels in MPLS/VPN networks | |
| US9438496B2 (en) | Monitoring link quality between network devices | |
| US7644150B1 (en) | System and method for network traffic management | |
| CN113132342B (en) | Method, network device, tunnel entry point device, and storage medium | |
| US7933214B2 (en) | Fault detection in a transport network | |
| US9825815B2 (en) | System and method for aggregating and estimating the bandwidth of multiple network interfaces | |
| US9479596B2 (en) | Pairing internal network identifier with external network identifier | |
| EP3627770B1 (en) | Network performance monitoring using an active measurement protocol and relay mechanism | |
| CN103718509B (en) | Using adaptive transmission system and method for the queue length to reduce data packet loss | |
| CN103428295B (en) | A kind of monitoring method and system of peer-to-peer network application | |
| JP2008048131A (en) | P2p traffic monitoring and control system, and method therefor | |
| Krishnan et al. | Mechanisms for optimizing link aggregation group (LAG) and equal-cost multipath (ECMP) component link utilization in networks | |
| JP5178573B2 (en) | Communication system and communication method | |
| JP4561980B2 (en) | Session relay apparatus and session relay method | |
| Kokku et al. | A multipath background network architecture | |
| US7929443B1 (en) | Session based resource allocation in a core or edge networking device | |
| Garcia et al. | The ethernet frame payload size and its effect on IPv4 and IPv6 traffic | |
| Ito et al. | A bandwidth allocation scheme to improve fairness and link utilization in data center networks | |
| Reddy et al. | Ant‐inspired level‐based congestion control for wireless mesh networks | |
| Quang et al. | Delay-insensitive traffic detection and transfer on network edges | |
| Vinodha et al. | Introducing novel service policies in designing protocol for congestion control mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100094 No. 4, building 8, No. 305, West flourishing road, Haidian District, Beijing Applicant after: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. Address before: 102208, room 530, amber world, No. 85, West Street, Changping District, Beijing, Huilongguan Applicant before: BEIJING YONGXIN ZHICHENG TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Chen Jun Inventor after: Cai Jingjing Inventor after: Zhang Xuefeng Inventor after: Zheng Hao Inventor after: Fu Lei Inventor before: Chen Jun |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221122 Address after: 100094 103, building 6, yard 9, FengHao East Road, Haidian District, Beijing Patentee after: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. Patentee after: Beijing Wuyi Jiayu Technology Co.,Ltd. Address before: No. 305, Building 4, Yard 8, Dongbei Wangxi Road, Haidian District, Beijing 100094 Patentee before: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100094 103, building 6, yard 9, FengHao East Road, Haidian District, Beijing Patentee after: Yongxin Zhicheng Technology Group Co.,Ltd. Patentee after: Beijing Wuyi Jiayu Technology Co.,Ltd. Address before: 100094 103, building 6, yard 9, FengHao East Road, Haidian District, Beijing Patentee before: BEIJING YONGXIN ZHICHENG TECHNOLOGY CO.,LTD. Patentee before: Beijing Wuyi Jiayu Technology Co.,Ltd. |