CN107948010A - A kind of network packet capturing implementation method, system and the network equipment - Google Patents

A kind of network packet capturing implementation method, system and the network equipment Download PDF

Info

Publication number
CN107948010A
CN107948010A CN201711100007.0A CN201711100007A CN107948010A CN 107948010 A CN107948010 A CN 107948010A CN 201711100007 A CN201711100007 A CN 201711100007A CN 107948010 A CN107948010 A CN 107948010A
Authority
CN
China
Prior art keywords
network
bag
data packet
size
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711100007.0A
Other languages
Chinese (zh)
Inventor
王阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201711100007.0A priority Critical patent/CN107948010A/en
Publication of CN107948010A publication Critical patent/CN107948010A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/022Capturing of monitoring data by sampling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to technical field of the computer network, there is provided a kind of network packet capturing implementation method, system and the network equipment, the described method includes:Persistently data packet is captured in the network port, and record crawl data packet at the beginning of between;The network port is monitored, whether the size of the network bag for the data packet generation for judging to grab reaches pre-set bag threshold value;When the size of network bag reaches pre-set bag threshold value, then store the network bag of generation, the network bag of storage includes the time started of crawl, and return circulation perform it is described the network port persistently captures data packet the step of;When the size of the network bag is not up to pre-set bag threshold value, then the network port is continued to monitor, so as to fulfill uninterrupted, not packet loss lasting packet capturing, save the monitoring manpower of packet capturing under O&M scenarios, facilitate the positioning of contingency question.

Description

A kind of network packet capturing implementation method, system and the network equipment
Technical field
The invention belongs to technical field of the computer network, more particularly to a kind of network packet capturing implementation method, system and network Equipment.
Background technology
Packet capturing be exactly the data packet for sending and receiving network transmission intercepted and captured, retransmitted, being edited, the operation such as unloading, grab The mode of bag has a variety of ways of realization.
Wherein, when use-C is ordered by original tcpdump orders progress network packet capturing, the bag data for occurring obtaining exists 2 segmentation file gaps lose the phenomenon of data, and bag data file does not have timestamp information, is needed in follow-up orientation problem Labor intensive carries out analysis examination, and original tcpdump orders are not compressed collection bag, the storage structure to application system Into larger pressure.
The content of the invention
It is an object of the invention to provide a kind of network packet capturing implementation method, it is intended to solves the bag number obtained in the prior art According to the phenomenon split file gap at 2 and lose data, and bag data file does not have timestamp information, in follow-up orientation problem In need labor intensive carry out analysis screen the problem of.
The present invention is achieved in that a kind of network packet capturing implementation method, and the described method includes following step:
Persistently data packet is captured in the network port, and record crawl data packet at the beginning of between;
The network port is monitored, whether the size of the network bag for the data packet generation for judging to grab reaches pre- The bag threshold value first set;
When the size of the network bag reaches pre-set bag threshold value, then the network bag of generation is stored, stored The network bag include the time started of crawl, and return circulation perform it is described in the network port persistently to data packet The step of being captured;
When the size of the network bag is not up to pre-set bag threshold value, then the network port is continued to monitor.
As an improvement scheme, the method further includes following step:
Before the step of network bag of storage generation, the network bag is compressed.
As an improvement scheme, the method further includes following step:
Pre-set the bag threshold size of network bag.
Another object of the present invention is to provide a kind of network packet capturing to realize system, the system comprises:
Data packet handling module, for persistently being captured in the network port to data packet;
Time recording module, for when the data packet grasping movement starts, recording between capturing at the beginning of data packet;
Port monitoring modular, for being monitored to the network port;
Judgment module, for the monitoring result according to the port monitoring modular, the data packet generation that judges to grab Whether the size of network bag reaches pre-set bag threshold value;
Network bag memory module, the size for judging network bag when the judgment module reach pre-set bag threshold value When, then the network bag of generation is stored, the network bag of storage includes the time started of crawl, and returns to circulation The data packet handling module is performed the network port persistently captures data packet the step of;
Continue monitoring and controlling module, the size for judging network bag when the judgment module is not up to pre-set bag During threshold value, then the network port is continued to monitor.
As an improvement scheme, the system also includes:
Compression module, for before the step of network bag of storage generation, being compressed to the network bag.
As an improvement scheme, the system also includes:
Bag threshold setting module, for pre-setting the bag threshold size of network bag.
Another object of the present invention is to provide a kind of network equipment that system is realized including network packet capturing.
In embodiments of the present invention, persistently data packet is captured in the network port, and records opening for crawl data packet Begin the time;The network port is monitored, whether the size of the network bag for the data packet generation for judging to grab reaches pre- The bag threshold value first set;When the size of the network bag reaches pre-set bag threshold value, then the network of generation is stored Bag, the network bag of storage include the time started of crawl, and return and continue described in circulation execution in the network port The step of being captured to data packet;When the size of the network bag is not up to pre-set bag threshold value, then to the net Network port continues to monitor, and so as to fulfill uninterrupted, not packet loss lasting packet capturing, saves the monitoring manpower of packet capturing under O&M scenarios, Facilitate the positioning of contingency question.
Brief description of the drawings
Fig. 1 is that network packet capturing implementation method provided by the invention realizes flow chart;
Fig. 2 is the structure diagram that system is realized in network packet capturing provided by the invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
What Fig. 1 showed network packet capturing implementation method provided by the invention realizes flow chart, it specifically includes following step:
In step S101, persistently data packet is captured in the network port, and record crawl data packet at the beginning of Between.
In this step, when being captured to data packet, timestamp record is carried out to data packet, for recording the net of generation The continuity of network bag, and the orientation problem of problem.
In step s 102, the network port is monitored, judges the network bag that the data packet grabbed generates Whether size reaches pre-set bag threshold value, is then to perform step S103, otherwise performs step S104.
In the step, one as packet capturing is realized content, when data packet reaches the data volume of network, then by net Network bag stores, and continues the crawl of next network, continues cycling through, details are not described herein.
In step s 103, when the size of the network bag reaches pre-set bag threshold value, then the institute of generation is stored Network bag is stated, the network bag of storage includes the time started of crawl, and it is described in network-side to return to circulation execution The step of mouth persistently captures data packet.
In this step, recorded with the above, and the process of one circulation of the crawl for data packet.
In step S104, when the size of the network bag is not up to pre-set bag threshold value, then to the network Port continues to monitor, and feeds back and perform the step S102.
In embodiments of the present invention, before the step of network bag of storage generation, the network bag is pressed Contracting, after being compressed to network bag, reduces whole storage data quantity, reduces the expense of storage system, provide facility to the user.
Also need to perform following step before above-mentioned steps S101 is performed:
Pre-set the bag threshold size of network bag, the size of the bag threshold value can according to the size of actual data packet into Row is set, and details are not described herein.
In this embodiment, the above-mentioned crawl for data packet is realized by TCPDUMP orders, the stream shown in above-mentioned Fig. 1 Journey is realized after being encapsulated by SHELL scripts to the TCPDUMP orders, and concrete implementation code is:
#!/usr/bin/bash
#create dump
function dump(){
Dmpname=`date "+%Y%m%d%H%M%S " `_ $ num.cap
nohup tcpdump-i ens32-s 0-w./$dmpname&
}
Num=1
dump
while true
do
#getdmpsize
Dmpsize=`du*-sm | grep $ dmpname | awk'{ print $ 1 } ' `
if[$dmpsize-ge 50]
then
Dmpname1=$ dmpname
Num=$ (($ num+1))
dump
ps-ef|grep$dmpname1|grep-v grep|awk'{print"kill-9"$2}'|sh
tar-czvf$dmpname1.tar.gz./$dmpname1
rm-f$dmpname1
else
sleep 1
fi
done
Above-mentioned only to provide one of which concrete implementation, details are not described herein.
Fig. 2 shows that the structure diagram of system is realized in network packet capturing provided by the invention, for convenience of description, is only given in figure Go out part related to the present invention, wherein, which realizes that system is built in the network equipment.
Data packet handling module 11, for persistently being captured in the network port to data packet;
Time recording module 12, at the beginning of when the data packet grasping movement starts, recording crawl data packet Between;
Port monitoring modular 13, for being monitored to the network port;
Judgment module 14, for the monitoring result according to the port monitoring modular, judges the data packet generation grabbed The size of network bag whether reach pre-set bag threshold value;
Network bag memory module 15, the size for judging network bag when the judgment module reach pre-set bag threshold During value, then the network bag of generation is stored, the network bag of storage includes the time started of crawl, and returns and follow Ring performs the data packet handling module the network port persistently captures data packet the step of;
Continue monitoring and controlling module 16, the size for judging network bag when the judgment module is not up to pre-set During bag threshold value, then the network port is continued to monitor.
In this embodiment, compression module 17, for storage generation the network bag the step of before, to the net Network bag is compressed.
Bag threshold setting module 18, for pre-setting the bag threshold size of network bag.
The function of above-mentioned modules is as described in above-mentioned embodiment of the method, and details are not described herein.
In embodiments of the present invention, persistently data packet is captured in the network port, and records opening for crawl data packet Begin the time;The network port is monitored, whether the size of the network bag for the data packet generation for judging to grab reaches pre- The bag threshold value first set;When the size of the network bag reaches pre-set bag threshold value, then the network of generation is stored Bag, the network bag of storage include the time started of crawl, and return and continue described in circulation execution in the network port The step of being captured to data packet;When the size of the network bag is not up to pre-set bag threshold value, then to the net Network port continues to monitor, and so as to fulfill uninterrupted, not packet loss lasting packet capturing, saves the monitoring manpower of packet capturing under O&M scenarios, Facilitate the positioning of contingency question.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention All any modification, equivalent and improvement made within refreshing and principle etc., should all be included in the protection scope of the present invention.

Claims (7)

1. a kind of network packet capturing implementation method, it is characterised in that the described method includes following step:
Persistently data packet is captured in the network port, and record crawl data packet at the beginning of between;
The network port is monitored, whether the size of the network bag for the data packet generation for judging to grab reaches sets in advance The bag threshold value put;
When the size of the network bag reaches pre-set bag threshold value, then the network bag of generation, the institute of storage are stored State network bag and include the time started of crawl, and return and persistently data packet is carried out in the network port described in circulation execution The step of crawl;
When the size of the network bag is not up to pre-set bag threshold value, then the network port is continued to monitor.
2. network packet capturing implementation method according to claim 1, it is characterised in that the method further includes following step:
Before the step of network bag of storage generation, the network bag is compressed.
3. packet capturing implementation method in network according to claim 2, it is characterised in that the method further includes following step:
Pre-set the bag threshold size of network bag.
4. system is realized in a kind of network packet capturing, it is characterised in that the system comprises:
Data packet handling module, for persistently being captured in the network port to data packet;
Time recording module, for when the data packet grasping movement starts, recording between capturing at the beginning of data packet;
Port monitoring modular, for being monitored to the network port;
Judgment module, for the monitoring result according to the port monitoring modular, judges the network of data packet generation grabbed Whether the size of bag reaches pre-set bag threshold value;
Network bag memory module, when the size for judging network bag when the judgment module reaches pre-set bag threshold value, The network bag of generation is then stored, the network bag of storage includes the time started of crawl, and returns to circulation and hold The row data packet handling module is the network port persistently captures data packet the step of;
Continue monitoring and controlling module, the size for judging network bag when the judgment module is not up to pre-set bag threshold value When, then the network port is continued to monitor.
5. system is realized in network packet capturing according to claim 4, it is characterised in that the system also includes:
Compression module, for before the step of network bag of storage generation, being compressed to the network bag.
6. system is realized in network packet capturing according to claim 5, it is characterised in that the system also includes:
Bag threshold setting module, for pre-setting the bag threshold size of network bag.
A kind of 7. network equipment that system is realized including the network packet capturing of claim 4 to 6 any one of them.
CN201711100007.0A 2017-11-09 2017-11-09 A kind of network packet capturing implementation method, system and the network equipment Pending CN107948010A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711100007.0A CN107948010A (en) 2017-11-09 2017-11-09 A kind of network packet capturing implementation method, system and the network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711100007.0A CN107948010A (en) 2017-11-09 2017-11-09 A kind of network packet capturing implementation method, system and the network equipment

Publications (1)

Publication Number Publication Date
CN107948010A true CN107948010A (en) 2018-04-20

Family

ID=61933649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711100007.0A Pending CN107948010A (en) 2017-11-09 2017-11-09 A kind of network packet capturing implementation method, system and the network equipment

Country Status (1)

Country Link
CN (1) CN107948010A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474492A (en) * 2018-11-26 2019-03-15 许继集团有限公司 A kind of message capturing and localization method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101114932A (en) * 2006-07-27 2008-01-30 华为数字技术有限公司 Method and system for implementing remote capturing packet
CN101133599A (en) * 2004-12-24 2008-02-27 阿斯帕拉公司 Bulk data transfer
US20080101225A1 (en) * 2006-10-31 2008-05-01 Tassinari Mark A Systems and methods for capturing network packets
CN101827082A (en) * 2010-02-09 2010-09-08 蓝盾信息安全技术股份有限公司 Method, system and device for recording and playing back desktop operating information of user
CN101895736A (en) * 2010-07-07 2010-11-24 杭州华三通信技术有限公司 Media stream data processing method and device thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101133599A (en) * 2004-12-24 2008-02-27 阿斯帕拉公司 Bulk data transfer
CN101114932A (en) * 2006-07-27 2008-01-30 华为数字技术有限公司 Method and system for implementing remote capturing packet
US20080101225A1 (en) * 2006-10-31 2008-05-01 Tassinari Mark A Systems and methods for capturing network packets
CN101827082A (en) * 2010-02-09 2010-09-08 蓝盾信息安全技术股份有限公司 Method, system and device for recording and playing back desktop operating information of user
CN101895736A (en) * 2010-07-07 2010-11-24 杭州华三通信技术有限公司 Media stream data processing method and device thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LHWPYSF: ""TCPdump指定时间或者指定大小进行循环抓取报文"", 《HTTPS://BLOG.CSDN.NET/LHWPYSF/ARTICLE/DETAILS/51578994》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474492A (en) * 2018-11-26 2019-03-15 许继集团有限公司 A kind of message capturing and localization method
CN109474492B (en) * 2018-11-26 2021-04-20 许继集团有限公司 Message capturing and positioning method

Similar Documents

Publication Publication Date Title
CN101729836B (en) Method for videoing bottom acquisition device
CN108345524A (en) Method for monitoring application program and Application Monitoring device
CN1150766C (en) Compressed video data processing with conversion of image compression format
CN104010151A (en) Method for compressing monitoring video file
CN104702914A (en) Monitored video data processing method and system
CN101415107A (en) A kind of reliable multilevel medium storage method
CN111400127B (en) Service log monitoring method and device, storage medium and computer equipment
CN104301652B (en) Carry out the method and network hard disk video recorder of web camera access configuration
CN102215286A (en) Sound and time recording system of embedded multi-channel phone
CN107948010A (en) A kind of network packet capturing implementation method, system and the network equipment
CN111131786A (en) Video monitoring storage system applying cloud storage
Hong et al. Optimizing cloud-based video crowdsensing
CN110381128B (en) Uploading method and cloud storage model suitable for streaming media file
CN101895736B (en) Media stream data processing method and device thereof
CN105897929B (en) A kind of method and device of video monitoring data backup
CN107147583A (en) A kind of intelligent assistance processing method and intelligent assistance processing wireless router
CN101867763A (en) Transmitting apparatus, imaging device, transmission system, receiving equipment and sending method
CN101557487A (en) Hard disk recorder with human face image capturing function and method for capturing a human face image
CN103227934B (en) The method and server that TV programme are recorded a video
CN104394453B (en) video prerecording method and device
CN103368968A (en) Data transmission method and system
CN202210838U (en) Fixed time duration video covering picture pick-up system
CN106254098A (en) A kind of tune-up data acquisition method, system and embedded radio system
CN103634158B (en) A kind of method for testing pressure and device of snmp management process
CN104717240A (en) File network sharing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180420

RJ01 Rejection of invention patent application after publication