KR101820117B1 - Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same - Google Patents

Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same Download PDF

Info

Publication number
KR101820117B1
KR101820117B1 KR1020160026333A KR20160026333A KR101820117B1 KR 101820117 B1 KR101820117 B1 KR 101820117B1 KR 1020160026333 A KR1020160026333 A KR 1020160026333A KR 20160026333 A KR20160026333 A KR 20160026333A KR 101820117 B1 KR101820117 B1 KR 101820117B1
Authority
KR
South Korea
Prior art keywords
packet
monitoring
application
communication
data
Prior art date
Application number
KR1020160026333A
Other languages
Korean (ko)
Other versions
KR20170103427A (en
Inventor
박경수
김동휘
문영균
무함마드 잠셰드
한동수
Original Assignee
한국과학기술원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국과학기술원 filed Critical 한국과학기술원
Priority to KR1020160026333A priority Critical patent/KR101820117B1/en
Publication of KR20170103427A publication Critical patent/KR20170103427A/en
Application granted granted Critical
Publication of KR101820117B1 publication Critical patent/KR101820117B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The communication monitoring apparatus includes a packet receiving unit and an application driving unit. The packet receiving unit receives the packet generated according to the communication protocol. The application driver monitors the packet based on the application program running on the operating system. In addition, the application driver determines on the operating system whether the cumulative data formed by accumulation of packets or packets is a monitored packet or monitored data corresponding to a predetermined monitoring condition, and at least one of the monitored packet or the monitored data is applied To the application.

Description

TECHNICAL FIELD [0001] The present invention relates to a communication monitoring apparatus, a communication monitoring method, and a storage medium in which a middle box operating system program for implementing the same is recorded. BACKGROUND OF THE INVENTION 1. Field of the Invention [0002]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication monitoring apparatus, a communication monitoring method, and an operating system program implementing the same, and more particularly, to a middle-box, a communication monitoring method in a middle box and a middle- .

Recently, services based on communication networks such as the cloud are increasing, and thus the amount of data generated in the home as well as the general business is also increasing. As a result, the amount of data to be transmitted over the communication network is continuously increasing.

Meanwhile, a communication company or the like operating a middle-box located in the middle of a network may transmit and receive data transmitted and received through the network for various purposes, such as measuring the amount of data actually transmitted and received, To be monitored.

However, conventional hardware equipment for monitoring a communication network is often relatively expensive. Furthermore, it is not easy to define and add new monitoring methods beyond those provided by hardware device manufacturers. As a result, additional expensive equipment must be purchased to introduce efficient new monitoring methods depending on the increasing amount of communication data. In other words, existing hardware devices for communication monitoring have a problem in that it is not efficient due to lack of flexibility in coping with new monitoring methods.

The prior art document described below describes a technique for removing duplicate content in a middle box, but still lacks the flexibility of the new monitoring method.

Korean Patent Publication No. 10-2015-0023896 (published on March 05, 2015)

It is an object of the present invention to provide a communication monitoring apparatus which can easily add an efficient monitoring method.

It is another object of the present invention to provide a communication monitoring method capable of easily adding an efficient monitoring method.

It is another object of the present invention to provide a storage medium on which a program capable of easily adding an efficient monitoring method is recorded.

It should be understood, however, that the present invention is not limited to the above-described embodiments, and may be variously modified without departing from the spirit and scope of the present invention.

In order to accomplish one object of the present invention, a communication monitoring apparatus according to embodiments of the present invention includes a packet receiving unit for receiving a packet generated according to a communication protocol, and an application for monitoring based on an application program running on the operating system Wherein the application driver determines on the operating system whether the packet or the cumulative data formed by accumulating the packet is a monitored packet or monitored data corresponding to a predetermined monitoring condition, And transmits at least one of the monitoring target data to the application.

According to an embodiment, the application application may instruct a processing task based on at least one of the monitored packet or the monitoring target data, and the application driver may perform the processing task.

According to one embodiment, the communication protocol may be a Transmission Control Protocol (TCP).

According to one embodiment, the monitoring condition may be generated in the application.

According to one embodiment, the monitoring condition for the packet includes whether the packet is a new packet that has not been previously received, whether the packet is an initiation packet that declares a new communication connection to be initiated, whether the packet is a retransmission packet, whether the packet is a first state transition packet generated when a caller state is switched in the communication connection, whether the packet is a first state transition packet generated when a recipient of the communication connection is switched 2-state transition packet, whether the packet is a termination packet that declares that the communication connection is terminated, an out-of-flow packet generated in a manner in which the packet is not defined in the communication protocol Whether or not the packet received after a predetermined time has elapsed from the reception time of the preceding packet indicates the number of the preceding packets It may include at least one or more of whether or not the trailing packet expected to be received after one.

According to one embodiment, the monitoring condition for the cumulative data includes whether the cumulative data has reached the target data that is the transmission target of the communication connection, or whether the cumulative data has reached the target data And whether or not the user has made a request.

According to another aspect of the present invention, there is provided a communication monitoring method comprising: receiving a packet generated according to a communication protocol; and monitoring the packet based on an application program running on the operating system Wherein the monitoring step comprises the steps of determining on the operating system whether the packet or the cumulative data formed by accumulating the packet is a monitored packet or monitored data corresponding to a predetermined monitoring condition, And transmitting at least one of the monitoring target data to the application.

According to an embodiment, the monitoring step may further include performing a processing task indicated by the application program based on at least one of the monitored packet or the monitored data.

According to one embodiment, the communication protocol may be a transmission control protocol.

According to one embodiment, the monitoring condition may be generated in the application.

According to one embodiment, the monitoring condition for the packet includes whether the packet is a new packet not previously received, whether the packet is a start packet declaring that a new communication connection is to be started, whether the packet is a retransmission packet Whether the packet is a first state transition packet generated when the sender state is switched in the communication connection, whether the packet is a second state transition packet in which the receiver state is switched by receiving a recipient of the communication connection, Whether or not the packet is an out-of-range packet generated in a manner not defined in the communication protocol, or whether the packet is an out-of-range packet generated in a manner not defined in the communication protocol, A trailing packet that is expected to be received after the packet has received the preceding packet. What it may include at least one of not.

According to one embodiment, the monitoring condition for the cumulative data includes whether the cumulative data has reached the target data that is the transmission target of the communication connection, or whether the cumulative data has reached the target data And whether or not the user has made a request.

According to another aspect of the present invention, there is provided a storage medium on which an OS program according to embodiments of the present invention is recorded. The storage medium stores a packet generated according to a communication protocol or accumulated data formed by accumulating the packet, Determining whether the monitoring target packet or the monitoring target data is a corresponding monitoring target packet or monitoring target data, transmitting at least one of the monitoring target packet or the monitoring target data to an application, And performing a processing task indicated by the application program on the terminal.

According to one embodiment, the communication protocol may be a transmission control protocol.

According to one embodiment, the monitoring condition may be generated in the application.

According to one embodiment, the monitoring condition for the packet includes whether the packet is a new packet not previously received, whether the packet is a start packet declaring that a new communication connection is to be started, whether the packet is a retransmission packet Whether the packet is a first state transition packet generated when the sender state is switched in the communication connection, whether the packet is a second state transition packet in which the receiver state is switched by receiving a recipient of the communication connection, Whether or not the packet is an out-of-range packet generated in a manner not defined in the communication protocol, or whether the packet is an out-of-range packet generated in a manner not defined in the communication protocol, A trailing packet that is expected to be received after the packet has received the preceding packet. What it may include at least one of not.

According to one embodiment, the monitoring condition for the cumulative data includes whether the cumulative data has reached the target data that is the transmission target of the communication connection, or whether the cumulative data has reached the target data And whether or not the user has made a request.

The communication monitoring apparatus and the communication monitoring method according to the embodiments of the present invention can easily add a new monitoring method by monitoring packets and cumulative data on an operating system and delivering them to an application running on an operating system. That is, the user can easily add an efficient monitoring method by developing an application based on the development tool provided by the operating system.

In addition, the storage medium according to embodiments of the present invention may provide an operating system program used in the communication monitoring apparatus and the communication monitoring method.

However, the effects of the present invention are not limited to the above effects, and may be variously extended without departing from the spirit and scope of the present invention.

1 is a block diagram illustrating a communication monitoring apparatus according to embodiments of the present invention.
FIG. 2 is a block diagram showing an example in which an application driver included in the communication monitoring apparatus of FIG. 1 operates.
3 is a flowchart illustrating a communication monitoring method according to embodiments of the present invention.
4 is a flowchart illustrating a communication monitoring method executed by an operating system program recorded on a storage medium according to embodiments of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.

1 is a block diagram illustrating a communication monitoring apparatus according to embodiments of the present invention.

Referring to FIG. 1, the communication monitoring apparatus 100 may include a packet receiving unit 120 and an application driving unit 140.

The packet receiving unit 120 may receive the packet PKT. Here, the communication monitoring apparatus 100 including the packet receiving unit 120 may be a sender that sends data through a communication network, or a third person that does not receive data through a communication network. For example, communication monitoring device 100 may be an intermediary located between a sender and a recipient on a communication network.

The sender can generate at least one packet (PKT) by dividing the data to be sent. At this time, the packet PKT may be generated according to the communication protocol. That is, the sender can generate the packet (PKT) according to the rule set in the communication protocol. For example, the communication protocol may be a Transmission Control Protocol (TCP), and the sender may generate a packet (PKT) according to the rules defined in the transmission control protocol.

The generated packet (PKT) can be transmitted over the communication network and can be reassembled by the recipient receiving the packet (PKT). The recipient can also reassemble the packet (PKT) according to the same communication protocol as the sender and recover the data. For example, the receiver can recover the data by reassembling the packet (PKT) according to the transmission control protocol.

The packet receiving unit 120 included in the communication monitoring apparatus 100 as an intermediary can receive the packet PKT and can forward the received packet PKT to the receiver. The packet receiving unit 120 may be controlled by a control signal CTRL of the application driver 140. [ For example, the application driving unit 140 may generate a control signal CTRL for controlling the packet receiving unit 120 so that the received packet PKT is not transmitted to the receiver.

The application driver 140 can monitor the packet PKT based on an application program running on the operating system. To this end, the application driver 140 can determine whether the packet (PKT) or accumulated data corresponds to a predetermined monitoring condition on the operating system.

The application driver 140 can operate based on the operating system. Here, at least one application program may be run on the operating system. For example, a user may run a first application on an operating system according to a purpose, and may run a second application on an operating system according to another purpose.

The application driving unit 140 can determine whether the packet PKT is a monitoring target packet corresponding to a predetermined monitoring condition. In addition, the application driver 140 can determine whether the accumulated data formed by accumulating the packets PKT is the monitoring target data corresponding to the predetermined monitoring condition. Here, the application driver 140 may determine whether the monitoring condition is satisfied on the operating system.

The monitoring condition may be provided by the operating system, or it may be generated by an application. In other words, application applications can be designed to use only the monitoring conditions provided by the operating system, but can also be made to use the monitoring conditions themselves.

The operating system can provide essential or often used monitoring conditions for application applications. For example, the monitoring conditions provided by the operating system include whether the packet (PKT) is a new packet, whether the packet (PKT) is an initiation packet, whether the packet (PKT) is a retransmission packet, Whether or not the packet PKT is a first conversion packet, whether the packet PKT is a second conversion packet, whether the packet PKT is a termination packet, whether the packet PKT is an out-of-flow packet Whether or not the accumulated data has reached the target data, whether or not the accumulated data has not reached the target data, and whether or not the received packet has been received after the predetermined time has elapsed from the reception time of the preceding packet And whether the packet is a trailing packet expected to be transmitted.

The application driving unit 140 can determine whether the packet PKT is a new packet that has not been received. The application driving unit 140 can determine whether the received packet PKT is a packet PKT that the packet receiving unit 120 previously received based on the accumulated data up to the received time.

The application driving unit 140 may determine whether the packet PKT is a start packet that declares a new communication connection to be started. The initiation packet may be a packet (PKT) generated to declare that a new communication connection is initiated after the mutual verification procedure between the sender and the recipient is terminated. The application driving unit 140 can use a communication protocol substantially the same as the communication protocol used by the sender and the receiver and can determine whether the received packet PKT is a start packet based on the same communication protocol.

The application driver 140 can determine whether the packet PKT is a retransmission packet. A retransmission packet may be generated when a sender sends a packet and then receives a retransmission request from the receiver. Alternatively, the retransmission packet may be generated when the originator does not receive the acknowledgment for one packet (PKT) from the recipient even though the predetermined time has elapsed after sending the one packet (PKT). The application driver 140 can use a communication protocol that is substantially the same as the communication protocol used by the sender and the receiver and can determine whether the received packet (PKT) is a retransmission packet based on the same communication protocol.

The application driver 140 may determine whether the packet PKT is a state transition packet. The state transition packet may be a first state transition packet generated when the sender state is changed in the communication connection and may be the second state transition packet in which the receiver state is switched by receiving the communication connection recipient. The sender can generate a different packet (PKT) according to the sender status, and the receiver can perform different processing for the received packet (PKT) according to the receiver status. The sender state and the receiver state may differ depending on the definition of the communication protocol. The packet receiver 120 can receive the packet PKT between the sender and the receiver and the application driver 140 can determine whether the packet PKT received based on the contents included in the packet PKT is a state transition packet Can be determined. To this end, the application driver 140 may use a communication protocol substantially the same as the communication protocol used by the sender and the receiver.

The application driving unit 140 may determine whether the packet PKT is a termination packet that declares that the communication connection is terminated. The termination packet may be a packet (PKT) generated to declare that the communication connection that was created after the data exchange between the sender and the recipient is terminated is terminated. The application driver 140 can use a communication protocol that is substantially the same as the communication protocol used by the sender and the receiver and can determine whether the received packet PKT is a termination packet based on the same communication protocol.

The application driving unit 140 can determine whether the packet PKT is out of the range. The out-of-range packet may be a packet (PKT) generated in a manner not defined in the communication protocol. To this end, the application driver 140 can monitor the packet PKT based on the specific communication protocol to be set as the monitoring range. For example, the application driver 140 may determine whether the packet PKT is a packet PKT generated in a manner not defined in the transmission control protocol.

The application driving unit 140 can determine whether or not the accumulated data has reached the target data. In addition, the application driver 140 can determine whether or not the accumulated data has not reached the target data. Here, the accumulated data may be formed by accumulating the packets PKT, and the target data may be the transmission target of the communication connection.

A day communication connection may aim to send the target data to the recipient without loss. The target data may be divided into a plurality of configuration packets, and the configuration packets may be transmitted sequentially. The packet receiver 120 located between the sender and the receiver can receive the packet PKT in the middle and the application driver 140 can determine whether the cumulative data formed by accumulation of the packet PKT has reached the target data It can be judged. In addition, when the packet receiving unit 120 receives the configuration packets in a sequence different from the order of the sender due to the network failure, the application driver 140 may wait until the accumulated data finally formed reaches the target data . At this time, the accumulated data can be stored in a separate storage.

However, when the cumulative data does not reach the target data, the size of the cumulative data may continuously increase and eventually exceed the limit of the storage. Accordingly, the application driver 140 can determine whether the cumulative data has not reached the target data even though the cumulative data exceeds the predetermined size. As a result, the size of the accumulated data may not exceed the limit of the storage.

The application driver 140 may determine whether a trailing packet that is expected to be received after the preceding packet has not been received even though the predetermined time has elapsed since the reception of the preceding packet. The packet (PKT) generated according to the communication protocol may have two or more temporal posterior relations. For example, when the packet receiving unit 120 receives one packet (PKT) as a preceding packet, the application driving unit 140 can predict that it will soon receive a trailing packet corresponding to the preceding packet. However, if the trailing packet is not received even after the predetermined time has elapsed from the reception of the preceding packet, the application driver 140 may determine that the procedure is out of the normal procedure. If the trailing packet is not received, The state can be guessed.

The monitoring condition can be generated in an application running on the operating system. That is, some of the monitoring conditions may not be provided fundamentally in the operating system. In addition, the monitoring condition generated by the application may be a combination of two or more monitoring conditions fundamentally provided in the operating system. The generated monitoring conditions can also be used on the operating system as well as the basic monitoring conditions. For example, the application driver 140 can determine the packet (PKT) or the accumulated data on the operating system based on the monitoring condition generated in the application application.

The application driver 140 can monitor the packet PKT based on a plurality of application applications. For example, the user can operate the first application for generating the first monitoring condition on the operating system, and the application driver 140 can search for the first monitoring target data based on the first monitoring condition. In addition, the user can simultaneously execute a second application that generates the second monitoring condition on the operating system, and the application driver 140 can search the monitoring target packet and the second monitoring target data based on the second monitoring condition .

The application driving unit 140 can transmit at least one of the monitoring target packet or the monitoring target data to the application application. That is, when the packet (PKT) or accumulated data corresponds to the monitoring condition, the application driver 140 may transmit at least one of the monitored packet or the monitored data to the application. Here, the scope of transmitting the monitoring target packet and the monitoring target data can be determined by the application application. For example, the first application may instruct the operating system to transmit the first monitoring target data, and the second application may instruct the operating system to transmit the second monitoring target data and the monitoring target packet together.

The application driver 140 can perform a processing operation instructed by the application program. Here, the processing operation can be generated based on at least one of the monitored packet or the monitored data. For example, the application driver 140 may generate a processing job to prevent the packet receiving unit 120 from transmitting the received packet (PKT) to the receiver, The control signal CTRL can be generated.

According to the embodiment, different processing tasks can be created in a plurality of application applications, and a processing task can be created only in some application applications. For example, the first application may generate a first processing job and deliver it to the operating system, but the second application may not create a processing job.

The communication monitoring apparatus 100 according to the embodiments of the present invention can easily add a new monitoring method by monitoring packet (PKT) and cumulative data on an operating system and delivering it to an application running on the operating system. That is, the user can easily add an efficient monitoring method by developing an application based on the development tool provided by the operating system.

FIG. 2 is a block diagram showing an example in which an application driver included in the communication monitoring apparatus of FIG. 1 operates.

Referring to FIG. 2, the application driver 240 can monitor the packet PKT based on application applications 244-1 and 244-2 running on the operating system 242. FIG. To this end, the application driver 240 may determine on the operating system 242 whether the packet (PKT) or accumulated data corresponds to the preset monitoring condition (CON1, CON2).

The application driver 240 can operate based on the operating system 242. [ Here, on the operating system 242, at least one application application 244-1 or 244-2 can be driven. For example, a user may run a first application 244-1 on an operating system 242 for one purpose and a second application 244-2 on an operating system 242 for other purposes, .

The application driving unit 240 can determine whether the packet PKT is the monitored packet PKT2 corresponding to the preset monitoring condition CON1 or CON2. The application driver 240 can also determine whether the accumulated data formed by accumulating the packets PKT is the monitored data DATA1 and DATA2 corresponding to the preset monitoring conditions CON1 and CON2. Here, the application driver 140 may determine on the operating system 242 whether it corresponds to the monitoring condition (CON1, CON2).

The monitoring conditions CON1 and CON2 may be those provided by the operating system 242 and generated by the application applications 244-1 and 244-2. In other words, the application applications 244-1 and 244-2 may be made to use only the monitoring conditions fundamentally provided in the operating system 242, but they are also made to use the self-generated monitoring conditions CON1 and CON2 together .

The operating system 242 can basically provide essential or frequently used monitoring conditions for the application applications 244-1 and 244-2. For example, the monitoring conditions provided by the operating system include whether the packet PKT is a new packet, whether the packet PKT is a start packet, whether the packet PKT is a retransmission packet, Whether or not the packet PKT is the second conversion packet, whether the packet PKT is the end packet, whether the packet PKT is out of the range packet, whether or not the accumulated data has reached the target data, Whether or not the data has been reached, whether or not the packet received after the elapse of a predetermined time from the reception of the preceding packet is a trailing packet expected to be received after receiving the preceding packet .

The monitoring conditions CON1, CON2 may be generated in the application applications 244-1, 244-2 running on the operating system 242. [ That is, the monitoring conditions CON1 and CON2 may not be provided in the operating system 242 basically. The monitoring conditions CON1 and CON2 generated by the applications 244-1 and 244-2 may be combinations of two or more monitoring conditions fundamentally provided by the operating system 242. [ The generated monitoring conditions CON1 and CON2 may also be used on the operating system 242 in the same manner as the monitoring conditions provided basically. For example, the application driver 240 can determine the packet (PKT) or cumulative data on the operating system 242 based on the monitoring conditions (CON1, CON2) generated in the application applications 244-1, 244-2 have.

The application driving unit 240 can monitor the packet PKT based on the plurality of application programs 244-1 and 244-2. For example, the user can drive the first application 244-1 that generates the first monitoring condition CON1 on the operating system 242, and the application driver 240 can monitor the first monitoring condition CON1 The first monitoring target data (DATA1) can be found based on the first monitoring target data (DATA1). The user can simultaneously drive the second application application 244-2 that generates the second monitoring condition CON2 on the operating system 242 and the application driver 240 generates the second monitoring condition CON2 based on the second monitoring condition CON2 And can thereby find the monitored packet PKT2 and the second monitored data DATA2.

The application driving unit 240 can transmit at least one of the monitored packet PKT2 or the monitored data DATA1 and DATA2 to the application applications 244-1 and 244-2. That is, when the packet PKT or accumulated data corresponds to the monitoring condition CON1 or CON2, the application driver 240 transmits at least one of the monitored packet PKT2 or the monitored data DATA1 and DATA2 to the application application (244-1, 244-2). Here, the range for delivering the monitoring target packet PKT2 and the monitoring target data (DATA1, DATA2) can be determined by the application application 244-1, 244-2. For example, the first application application 244-1 may instruct the operating system 242 to transmit the first monitoring target data (DATA1), and the second application application 244-2 may instruct the operating system 242 to transmit the second monitoring target data (DATA2) and the monitored packet (PKT2) to the operating system (242).

The application driver 240 can perform the processing job HD1 indicated by the application applications 244-1 and 244-2. Here, the processing job HD1 can be generated based on at least one of the monitored packet PKT2 or the monitored data DATA1 and DATA2.

According to the embodiment, different processing jobs HD1 may be created in a plurality of application applications 244-1 and 244-2 and a processing job HD1 may be created only in some application applications 244-1 have. For example, the first application application 244-1 may generate and deliver the first processing task HD1 to the operating system 242, but the second application application 244-2 may not generate a processing task have.

3 is a flowchart illustrating a communication monitoring method according to embodiments of the present invention.

3, in a communication monitoring method according to embodiments of the present invention, a packet generated according to a communication protocol may be received (S120), and a packet may be monitored (S140) based on an application application .

A packet generated according to the communication protocol may be received (S120). Here, the packet can be received by a third party other than the sender or receiver. For example, an intermediary located between a sender and a receiver on a communications network may receive the packet. Thus, the received packet can be delivered to the recipient again. According to an embodiment, the communication protocol may be a transmission control protocol.

The packet may be monitored (S140) based on an application running on the operating system. At least one application program may be run on the operating system. For example, a user may run a first application on an operating system according to a purpose, and may run a second application on an operating system according to another purpose.

When the packet is monitored (S140), it is determined whether the packet or the accumulated data is the monitored packet or the monitored data (S142) on the operating system, and at least one of the monitored packet or the monitoring target data is delivered to the application ). Further, according to the embodiment, the processing job indicated by the application application can be performed (S146).

The accumulated data formed by accumulation of packets or packets may be judged on the operating system (S142) whether the monitored packet corresponds to the predetermined monitoring condition or the monitored data. It can be determined whether the packet is a monitoring target packet corresponding to a predetermined monitoring condition. Also, it can be determined that the accumulated data formed by accumulating the packets is the monitored data corresponding to the predetermined monitoring condition. Here, whether or not the monitoring condition is satisfied can be judged on the operating system.

The operating system can provide essential or often used monitoring conditions for application applications. For example, the monitoring condition provided by the operating system may include whether the packet is a new packet, whether the packet is a start packet, whether the packet is a retransmission packet, whether the packet is a first switch packet, whether the packet is a second switch packet, Whether or not the packet is an out-of-range packet, whether or not the packet is out of the range, whether or not the accumulated data has reached the target data, whether or not the accumulated data has not reached the target data, And whether the received packet is a trailing packet that is expected to be received after receiving the preceding packet.

It can be determined whether or not the packet is a new packet that has not been received previously. It can be determined whether or not the received packet is a previously received packet based on the cumulative data up to the received time point.

It may be determined whether the packet is a start packet that declares that a new communication connection is to be started. The initiation packet may be a packet that is generated to declare that a new communication connection is initiated after the mutual verification procedure between the sender and the recipient is terminated.

It can be determined whether or not the packet is a retransmission packet. A retransmission packet may be generated when a sender sends a packet and then receives a retransmission request from the receiver. Alternatively, the retransmission packet may be generated when a certain time has elapsed after the sender has sent a packet, but has not received acknowledgment of a packet from the receiver.

It can be determined whether or not the packet is a state transition packet. The state transition packet may be a first state transition packet generated when the sender state is switched in the communication connection and may be the second state transition packet in which the receiver state is switched by receiving the communication connection recipient.

It can be determined whether the packet is a termination packet that declares that the communication connection is terminated. The termination packet may be a packet generated to declare that the communication connection that was created after the data exchange between the sender and the recipient is terminated is terminated.

It can be determined whether or not the packet is out of the range. The out-of-range packet may be a packet generated in a manner not defined in the communication protocol.

It can be determined whether or not the cumulative data has reached the target data. Further, it can be judged whether or not the accumulated data has not reached the target data. Here, the accumulated data may be formed by accumulating packets, and the target data may be the transmission target of the communication connection.

It can be determined whether or not a trailing packet that is expected to be received after the preceding packet has not been received even though a predetermined time has elapsed since the time when the preceding packet was received.

The monitoring condition can be generated in an application running on the operating system. That is, some of the monitoring conditions may not be provided fundamentally in the operating system. In addition, the monitoring condition generated by the application may be a combination of two or more monitoring conditions fundamentally provided in the operating system. The generated monitoring conditions can also be used on the operating system as well as the basic monitoring conditions.

At least one of the monitoring target packet or the monitoring target data may be transmitted to the application application (S144). That is, when a packet or cumulative data corresponds to a monitoring condition, at least one of a monitored packet or monitored data may be delivered to an application. Here, the scope of transmitting the monitoring target packet and the monitoring target data can be determined by the application application.

The processing job indicated by the application application can be performed (S146). Here, the processing operation can be generated based on at least one of the monitored packet or the monitored data. According to the embodiment, different processing tasks can be created in a plurality of application applications, and a processing task can be created only in some application applications.

The communication monitoring method according to embodiments of the present invention can easily add a new monitoring method by monitoring packets and cumulative data on an operating system and transmitting the monitoring data to an application running on an operating system. That is, the user can easily add an efficient monitoring method by developing an application based on the development tool provided by the operating system.

4 is a flowchart illustrating a communication monitoring method executed by an operating system program recorded on a storage medium according to embodiments of the present invention.

Referring to FIG. 4, the operating system program recorded on the storage medium according to the embodiments of the present invention may determine whether the packet or the accumulated data is a monitored packet or monitored data corresponding to a predetermined monitoring condition (S220) , The monitoring target packet or the monitoring target data to the application application (S240), and performs the processing job indicated by the application application based on at least one of the monitoring target packet and the monitoring target data (S260 ).

The cumulative data formed by accumulating the packets or packets generated according to the communication protocol by the operating system program recorded on the storage medium can be judged on the operating system (S220) whether the monitoring target packet or the monitoring target data corresponding to the predetermined monitoring condition have. According to an embodiment, the communication protocol may be a transmission control protocol.

The operating system can provide essential or often used monitoring conditions for application applications. For example, the monitoring condition provided by the operating system may include whether the packet is a new packet, whether the packet is a start packet, whether the packet is a retransmission packet, whether the packet is a first switch packet, whether the packet is a second switch packet, Whether or not the packet is an out-of-range packet, whether or not the packet is out of the range, whether or not the accumulated data has reached the target data, whether or not the accumulated data has not reached the target data, And whether the received packet is a trailing packet that is expected to be received after receiving the preceding packet.

It can be determined whether or not the packet is a new packet that has not been received previously. It can be determined whether or not the received packet is a previously received packet based on the cumulative data up to the received time point.

It may be determined whether the packet is a start packet that declares that a new communication connection is to be started. The initiation packet may be a packet that is generated to declare that a new communication connection is initiated after the mutual verification procedure between the sender and the recipient is terminated.

It can be determined whether or not the packet is a retransmission packet. A retransmission packet may be generated when a sender sends a packet and then receives a retransmission request from the receiver. Alternatively, the retransmission packet may be generated when a certain time has elapsed after the sender has sent a packet, but has not received acknowledgment of a packet from the receiver.

It can be determined whether or not the packet is a state transition packet. The state transition packet may be a first state transition packet generated when the sender state is switched in the communication connection and may be the second state transition packet in which the receiver state is switched by receiving the communication connection recipient.

It can be determined whether the packet is a termination packet that declares that the communication connection is terminated. The termination packet may be a packet generated to declare that the communication connection that was created after the data exchange between the sender and the recipient is terminated is terminated.

It can be determined whether or not the packet is out of the range. The out-of-range packet may be a packet generated in a manner not defined in the communication protocol.

It can be determined whether or not the cumulative data has reached the target data. Further, it can be judged whether or not the accumulated data has not reached the target data. Here, the accumulated data may be formed by accumulating packets, and the target data may be the transmission target of the communication connection.

It can be determined whether or not a trailing packet that is expected to be received after the preceding packet has not been received even though a predetermined time has elapsed since the time when the preceding packet was received.

The monitoring condition can be generated in an application running on the operating system. That is, some of the monitoring conditions may not be provided fundamentally in the operating system. In addition, the monitoring condition generated by the application may be a combination of two or more monitoring conditions fundamentally provided in the operating system. The generated monitoring conditions can also be used on the operating system as well as the basic monitoring conditions.

At least one of the monitoring target packet or the monitoring target data may be transmitted (S240) to the application by the operating system program recorded on the storage medium. That is, when a packet or cumulative data corresponds to a monitoring condition, at least one of a monitored packet or monitored data may be delivered to an application. Here, the scope of transmitting the monitoring target packet and the monitoring target data can be determined by the application application.

A processing job indicated by the application program may be executed (S260) by the operating system program recorded on the storage medium. Here, the processing operation can be generated based on at least one of the monitored packet or the monitored data. According to the embodiment, different processing tasks can be created in a plurality of application applications, and a processing task can be created only in some application applications.

The storage medium according to embodiments of the present invention may provide an operating system program used in the communication monitoring apparatus and the communication monitoring method.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the exemplary embodiments, but, on the contrary, And may be modified and changed by those skilled in the art. For example, in the above description, it is exemplified whether the packet is a new packet under the monitoring condition, but the type of the monitoring condition is not limited thereto.

The present invention can be applied variously to the network security industry. For example, the present invention can be applied to a communication service provider, a network service provider, and the like.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made therein without departing from the spirit and scope of the invention as defined in the appended claims. You will understand.

120: packet receiver
140, 240: Application driver
242: Operating system
244-1, 244-2: Application Application

Claims (15)

A packet receiving unit for receiving a packet generated according to a communication protocol; And
And an application driver for monitoring the packet based on an application program running on the operating system,
Wherein the application driver determines on the operating system whether the packet or the cumulative data formed by accumulating the packet is a monitored packet or monitored data corresponding to a predetermined monitoring condition, Deliver one or more to the application,
Wherein the monitoring condition for the packet includes whether the packet is a new packet not previously received, whether the packet is an initiation packet that declares a new communication connection to be initiated, whether the packet is a retransmission packet, , Whether the packet is a first state transition packet generated when a caller state is switched in the communication connection, whether the packet is a second state transition packet in which the receiver state is switched by receiving a receiver of the communication connection , Whether the packet is a termination packet that declares the termination of the communication connection, whether the packet is an out-of-flow packet generated in a manner not defined in the communication protocol, The packet received after a predetermined time elapses from the reception time is received after the reception of the preceding packet Communication monitoring device comprises at least one of whether or not the trailing packet is expected to. The method according to claim 1, wherein the application instructs a processing operation based on at least one of the monitored packet or the monitored data,
Wherein the application driver performs the processing operation. The communication monitoring apparatus according to claim 1, wherein the communication protocol is a transmission control protocol (TCP). The communication monitoring apparatus according to claim 1, wherein the monitoring condition is generated in the application. delete 2. The method of claim 1, wherein the monitoring condition for the cumulative data includes whether the cumulative data has reached target data that is a transmission target of the communication connection, or whether the cumulative data has reached a predetermined size, And whether or not the mobile communication terminal has performed the communication. Receiving a packet generated according to a communication protocol; And
And monitoring the packet based on an application program running on the operating system,
The monitoring step
Determining on the operating system whether the packet or the cumulative data formed by accumulating the packet is a monitored packet or monitored data corresponding to a predetermined monitoring condition; And
And transmitting at least one of the monitoring target packet and the monitoring target data to the application application,
Wherein the monitoring condition for the packet includes whether the packet is a new packet not previously received, whether the packet is a start packet declaring that a new communication connection is to be started, whether the packet is a retransmission packet, Whether the packet is a first state transition packet generated when a sender state changes in a connection, whether the packet is a second state transition packet in which a recipient state is switched by receiving a recipient of the communication connection, Whether or not the packet is out of the range generated in a manner not defined in the communication protocol, or whether or not the packet received after a predetermined time has elapsed from the reception time of the preceding packet is the out- Whether or not it is a trailing packet expected to be received after reception And at least one of the at least two of the at least two of the plurality of communication terminals. 8. The method of claim 7, wherein the monitoring comprises:
Further comprising: performing a processing task instructed by the application based on at least one of the monitoring target packet and the monitoring target data. 8. The method of claim 7, wherein the monitoring condition is generated in the application. delete 8. The method of claim 7, wherein the monitoring condition for the cumulative data includes determining whether the cumulative data has reached target data that is a transmission target of the communication connection, or whether the cumulative data has reached a predetermined size And whether or not the mobile terminal has performed the communication. Determining whether the packet generated according to the communication protocol or the accumulated data formed by accumulating the packet is a monitored packet or monitored data corresponding to a predetermined monitoring condition;
Transmitting at least one of the monitored packet or the monitored data to an application program; And
And performing a processing task instructed by the application based on at least one of the monitored packet and the monitored data,
Wherein the monitoring condition for the packet includes whether the packet is a new packet not previously received, whether the packet is a start packet declaring that a new communication connection is to be started, whether the packet is a retransmission packet, Whether the packet is a first state transition packet generated when a sender state changes in a connection, whether the packet is a second state transition packet in which a recipient state is switched by receiving a recipient of the communication connection, Whether or not the packet is out-of-range packet generated in a manner not defined in the communication protocol, or whether the packet received after a predetermined time has elapsed from the reception time of the preceding packet is the out- Whether or not it is a trailing packet expected to be received after reception A computer-readable storage medium storing an operating system program for executing a communication monitoring method including at least one program on a terminal. The computer-readable storage medium according to claim 12, wherein the monitoring condition is generated in the application program. delete 13. The method of claim 12, wherein the monitoring condition for the cumulative data includes determining whether the cumulative data has reached target data that is a transmission target of the communication connection, or whether the cumulative data has reached a predetermined size Or whether or not the computer program has been executed.
KR1020160026333A 2016-03-04 2016-03-04 Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same KR101820117B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160026333A KR101820117B1 (en) 2016-03-04 2016-03-04 Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160026333A KR101820117B1 (en) 2016-03-04 2016-03-04 Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same

Publications (2)

Publication Number Publication Date
KR20170103427A KR20170103427A (en) 2017-09-13
KR101820117B1 true KR101820117B1 (en) 2018-01-18

Family

ID=59968115

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160026333A KR101820117B1 (en) 2016-03-04 2016-03-04 Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same

Country Status (1)

Country Link
KR (1) KR101820117B1 (en)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
박경수, "미들박스 서비스를 위한 전용 소프트웨어 플랫폼과 네트워크 기능 가상화", 스마트인터넷/미래네트워크, 정보와 통신, 한국통신학회 (2014.06.)*

Also Published As

Publication number Publication date
KR20170103427A (en) 2017-09-13

Similar Documents

Publication Publication Date Title
CN105763474B (en) Data transmission method and device
CN102148662B (en) Adjusting method and device for data transmitting speed
CN104320425A (en) Method and device for receiving and sending message
CN105635116A (en) Reconnection methods, apparatuses and system in case of disconnection
WO2022017529A1 (en) Data transmission method and system, electronic device, and storage medium
CN102209039A (en) Method and equipment for transmitting file
CN109379769A (en) A kind of data transmission method, equipment and computer readable storage medium
KR102435334B1 (en) Adaptive Bidirectional Forwarding Detection protocol and equipment for maximizing service availability in network system
KR101820117B1 (en) Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same
JP4583318B2 (en) Data communication method
KR101855265B1 (en) Communication monitoring device, method of monitoring communication and storage media of middle-box operating system implementing the same
CN112865990A (en) File upgrading method, system and device
EP3314970B1 (en) Method and apparatus for managing uplink traffic from a client device in a communication network
CN114868367B (en) Method and system for exchanging periodic data in a mobile telecommunication network
US20140043968A1 (en) Method and apparatus for managing load on service devices in a communication network
KR101933175B1 (en) Mediatioin appratus mediating communication betwwen server and client
US20150200813A1 (en) Server connection apparatus and server connection method
WO2015004861A1 (en) Message distribution system, message distribution device, message distribution method, and program for message distribution
JP6042205B2 (en) Distribution system
US11252626B2 (en) Data transmission protocol to reduce delay during link switchovers
CN114070781B (en) Data communication method, device, system and computer equipment
WO2021164370A1 (en) Method and apparatus for switching length of bidirectional forwarding detection packet, and storage medium
CN110311750B (en) Data transmission method, system and server
KR101794740B1 (en) Network device and method for session processing control thereof
US20130227124A1 (en) Apparatus and method of portable terminal for transmitting contents according to network environment

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right