WO2010000145A1 - A method, apparatus and system for monitoring the network - Google Patents

A method, apparatus and system for monitoring the network Download PDF

Info

Publication number
WO2010000145A1
WO2010000145A1 PCT/CN2009/070875 CN2009070875W WO2010000145A1 WO 2010000145 A1 WO2010000145 A1 WO 2010000145A1 CN 2009070875 W CN2009070875 W CN 2009070875W WO 2010000145 A1 WO2010000145 A1 WO 2010000145A1
Authority
WO
WIPO (PCT)
Prior art keywords
monitoring
service
data
network
server
Prior art date
Application number
PCT/CN2009/070875
Other languages
French (fr)
Chinese (zh)
Inventor
刘廷永
刘国清
张文达
Original Assignee
成都市华为赛门铁克科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都市华为赛门铁克科技有限公司 filed Critical 成都市华为赛门铁克科技有限公司
Priority to US12/478,307 priority Critical patent/US8416695B2/en
Publication of WO2010000145A1 publication Critical patent/WO2010000145A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a network monitoring method, apparatus, and system. Background technique
  • IP Internet Protocol
  • VOIP Voice over Internet Protocol
  • PSTN Public Switched Telephone Network
  • the method for monitoring a service is to perform monitoring of a PSTN voice call by performing operations such as saving and recovering a voice stream in a conventional PSTN communication network.
  • the inventors have found that at least the following problems exist in the prior art:
  • the existing monitoring technology is only applicable to the PSTN network, and the voice stream in the PSTN network is monitored, and the packet is transmitted in the VOIP network. Data, therefore, prior art of this in PSTN
  • the method of monitoring the voice stream in the network is completely unsuitable in the VOIP network, that is, the voice data that needs to be monitored in the VOIP network cannot be effectively obtained.
  • IP networks support multiple types of data services such as text, images, and video. For these types of services, there is also a need for monitoring, but for the time being. There is no monitoring method that can be effectively applied to IP networks.
  • Embodiments of the present invention provide a network monitoring method, apparatus, and system to implement monitoring of an IP network.
  • the embodiment of the invention provides a network monitoring method, including:
  • the received data is selected by using deep packet detection to obtain a monitoring result, and the received data is a service customization rule obtained according to the parsing and listening strategy, and the data is pre-processed to filter the packet data. get.
  • the embodiment of the invention further provides a service analysis server, including:
  • the interception policy processing unit is configured to parse the interception policy, and obtain a service customization rule and an exact matching rule;
  • the data selection unit selects the data sent by the service detection server according to the exact matching rule obtained by the monitoring policy processing unit, and obtains the monitoring result.
  • the embodiment of the invention further provides a network monitoring system, which includes a service detection server and a service analysis server;
  • the service detection server is configured to acquire packet data of an IP network, and apply data pre-location The technology, filtering the acquired packet data according to the service customization rule obtained by the service analysis server;
  • the service analysis server is configured to parse the monitoring policy, and obtain the service customization rule and the exact matching rule.
  • the deep packet inspection is used to select the filtered data of the service detection server according to the exact matching rule to obtain the monitoring result.
  • the problem to be solved is to identify the packet data transmitted in the IP network, and select the service data to be monitored from it.
  • the service detection server obtains the packet data of the IP network
  • the packet data is pre-processed, and then the packet data is filtered according to the service customization rule;
  • the service analysis server applies the deep packet detection technology to the service detection server after filtering.
  • the packet data is further analyzed, and then the analysis result is selected according to the exact matching rule, and finally the desired monitoring result is obtained, and the monitoring of the IP network is realized.
  • various packet data services such as text, image, audio, video, etc. transmitted in the IP network can be monitored, which also provides more effective monitoring means for the listener.
  • FIG. 1 is a schematic flowchart of an IP network monitoring method according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of another IP network monitoring method according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of an SPS according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a SAS according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an IP network monitoring system according to an embodiment of the present invention.
  • FIG. 6 is another schematic structural diagram of an IP network monitoring system according to an embodiment of the present invention. detailed description First, the method for monitoring the IP network in the embodiment of the present invention is described, including: obtaining an exact matching rule obtained by parsing the interception policy;
  • FIG. 1 is a schematic flowchart of a method for monitoring an IP network according to an embodiment of the present invention, where the method includes:
  • the service analysis server receives the interception policy, it parses the interception policy, obtains the service customization rule and the exact match rule, and sends the service customization rule to the service probe server (Service Probe Server). , hereinafter referred to as: SPS).
  • the service customization rule corresponds to basic information of the service to be monitored, and may include a media access control (MAC) address, an Internet Protocol (IP) address, a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port, a service type, and the like;
  • the exact matching rule corresponds to the specific information of the service to be monitored, and may include a user name, an account number, an email address, a phone number, and the like.
  • SPS uses sniffing to obtain packet communication data of the IP network, and first preprocesses the packet data packet: the basic service information of the packet data can be identified through 2-4 layer protocol analysis or message feature matching, and then According to the service customization rule, the data whose basic service information does not match the rule is filtered out, and the filtered data is further sent to the SAS.
  • the SAS uses the Deep Packet Inspection (DPI) technology to analyze the Intercept Related Information (hereinafter referred to as IRI) of the SPS transmission data, and obtain the service specific information corresponding to the data.
  • the IRI is an IP network
  • the call control information related to the Media of Communication (hereinafter referred to as CC) are associated by the unique feature identifier.
  • the analysis result is selected, and the IRI of the service data to be monitored can be accurately hit.
  • the CC corresponding to the IRI is obtained by associating the unique feature identifier, and the IRI of the service data to be monitored is used together with the CC as the monitoring result.
  • the monitoring policy described in S101 includes information such as an IP address or an account to be monitored.
  • the monitoring policy may be configured by a network server (Web server, hereinafter referred to as WBS) and then sent to the SAS.
  • WBS network server
  • the embodiment may further include the following steps:
  • DFS Dbase and Files Server
  • the listener logs in to the WBS to perform service recovery on the monitoring result saved in the DFS.
  • the WBS takes a copy of the interception result from the DFS for recovery processing or generates an analysis report for the listener to view.
  • the monitoring method provided by the foregoing embodiment is applicable to non-real-time monitoring of services in the IP network.
  • the WBS directly obtains the monitoring result from the front-end system SAS for service recovery.
  • FIG. 2 is a schematic flowchart diagram of another IP network monitoring method according to an embodiment of the present invention, and a specific method as follows:
  • the WBS directly obtains the monitoring result from the SAS, and restores the service for the monitor to monitor in real time.
  • the embodiment may further include:
  • WBS also generates a copy of the real-time monitoring results, which are sent to DFS for further analysis or evidence.
  • the method for saving the copy of the monitoring result is similar to that described in S104, and will not be described here.
  • the listener can also manage and maintain the entire monitoring system by logging in to the WBS, including issuing control commands to coordinate the operation of various parts of the monitoring system, and simultaneously generating operation, maintenance, and operation logs of the monitoring system.
  • the listener can also log in to the WBS through the network client (Web Client, hereinafter referred to as WBC) to perform related operations, which does not affect the implementation of the present invention.
  • WBC Web Client
  • the data preprocessing technology is first used to identify the basic information of the data, and the initial filtering is performed, and then the DPI technology is used to analyze the data to achieve accurate selection, and the required monitoring result is obtained.
  • the listener can effectively save, restore, and manage the monitoring results, thereby monitoring the IP network.
  • FIG. 3 is a schematic structural diagram of an SPS according to an embodiment of the present invention, where the SPS includes:
  • the data obtaining unit 310 is configured to acquire packet data of an IP network.
  • the data filtering unit 320 applies an application data pre-processing technique to filter the packet data obtained by the data acquiring unit 310 according to the service customization rule.
  • the data filtering unit 320 includes:
  • the identifying sub-unit 321 is configured to identify basic service information of the packet data acquired by the data acquiring unit 310 by using a data pre-processing technique;
  • the filtering sub-unit 322 filters the packet data according to the identification result of the identification sub-unit 321 and the service customization rule.
  • FIG. 4 is a schematic structural diagram of a SAS according to an embodiment of the present invention, where the SAS includes:
  • the interception policy processing unit 410 is configured to parse the interception policy, and obtain a service customization rule and an exact matching rule.
  • the data selection unit 420 selects the data sent by the service detection server according to the exact matching rule obtained by the interception policy processing unit 410 to obtain the monitoring result.
  • the data selection unit 420 includes:
  • the analysis sub-unit 421 applies the DPI technology to analyze the data sent by the SPS.
  • the selection sub-unit 422 selects the analysis result of the analysis sub-unit 421 according to the exact matching rule obtained by the monitoring policy processing unit 410. Hit the IRI of the service data to be monitored;
  • the monitoring result generation subunit 423 is configured to generate a monitoring result according to the IRI of the to-be-observed service data obtained by the selection subunit 422.
  • FIG. 5 is an embodiment of the present invention.
  • Schematic diagram of the network monitoring system as shown in Figure 5, including SPS 510 and SAS 520;
  • the SPS 510 is configured to obtain packet data of an IP network, apply data preprocessing technology, and filter the obtained packet data according to a service customization rule obtained by the SAS 520;
  • the SAS 520 is configured to parse the monitoring policy, obtain the service customization rule and the exact matching rule, and send the service customization rule to the SPS 510; apply the DPI technology and the exact matching rule to select the SPS 510 filtered data to obtain the monitoring result.
  • the monitoring system may further include a monitoring management device.
  • FIG. 6 is another schematic structural diagram of an IP network monitoring system according to an embodiment of the present invention. The difference from FIG. 5 is that the monitoring management device is further included.
  • the monitoring management device includes: WBS 630 and DFS 640;
  • WBS 630 used for service recovery of the monitoring result
  • DFS 640 used to store the monitoring results.
  • the monitoring result is first saved in the DFS 640.
  • the WBS 630 extracts the monitoring result from the DFS 640 for service recovery.
  • the WBS 630 directly obtains the monitoring result by the SAS 520.
  • the service is restored for the listener to monitor in real time. If the monitoring result needs to be backed up, the WBS 630 can generate a copy of the monitoring result and send it to the DFS 640 storage while the service is being restored.
  • the WBS 630 can also be used to configure, manage, and maintain the operation of the entire listening system.
  • the DFS 640 can also be used to save system configuration information, run maintenance logs, and monitor personnel accounts and permissions.
  • the monitoring system may further include:
  • WBC 650 providing a user interface for the monitoring system, typically with graphical users
  • GUI Graphic User Interface
  • the terminal of the Graphic User Interface (GUI) serves as the user interface of the entire monitoring system.
  • the listener remotely logs in to the WBS630 through the WBC650 to perform operations such as service recovery or system management and maintenance.
  • the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
  • the apparatus and system embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie It can be located in one place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the embodiment scheme. Those of ordinary skill in the art can understand and implement without undue creative work.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides a method, apparatus and system for monitoring the network. A method for monitoring the network includes that: obtain the accurate matching rule which is got by parsing the monitoring strategy; choose the received data using the deep packet inspection according to the accurate matching rule, get the monitoring result, the received data is got by filtrating the packet data using the data pretreatment according to the service customization rule which is got by parsing the monitoring strategy. A system for monitoring the network includes a service probe server and a service analyze server. By applying the technical scheme of the present invention embodiment, the monitoring for the all kinds of the packet data service which is transmitted in IP network can be realized.

Description

网络监听方法、 装置及***  Network monitoring method, device and system
本申请要求于 2008 年 06 月 30 日提交中国专利局、 申请号为 200810125272.9, 发明名称为 "网絡监听方法、 装置及***" 的中国专利 申请的优先权, 其全部内容通过引用结合在本申请中。  The present application claims priority to Chinese Patent Application No. 200810125272.9, entitled "Network Monitoring Method, Apparatus and System", which is incorporated herein by reference. .
技术领域 本发明涉及通信技术领域, 特别是涉及一种网絡监听方法、 装置及系 统。 背景技术 TECHNICAL FIELD The present invention relates to the field of communications technologies, and in particular, to a network monitoring method, apparatus, and system. Background technique
因特网协议 ( Internet Protocol , 以下简称: IP ) 网絡为基础的各种新 通信技术,已经成为当前研究的热点。 IP网絡语音传输( Voice over Internet Protocol, 以下简称: VOIP )技术, 是将模拟的语音流信号经过压缩与封 包处理之后, 以分组数据包的形式在 IP 网絡的环境中传输, 具有传统电 话不可替代的优势。 随着通信技术的迅速发展, VOIP 网絡正逐渐取代传 统的公共交换电话网 (Public Switched Telephone Network, 以下简称: PSTN ) , 受到越来越多人的认可。 出于安全等原因, 有关***门或是 一些特殊单位经常需要对网絡内部通信进行监听。 现有技术中, 监听业务 的方法是在传统的 PSTN通信网絡中, 通过对语音流进行保存、 恢复等操 作, 实现对 PSTN语音呼叫的监听。  Various new communication technologies based on the Internet Protocol (IP) network have become a hot topic of current research. Voice over Internet Protocol (VOIP) technology is used to transmit analog voice stream signals in the form of packet data packets in the IP network environment after being compressed and packetized. The advantages. With the rapid development of communication technologies, VOIP networks are gradually replacing the traditional Public Switched Telephone Network (PSTN), which is recognized by more and more people. For security reasons, the security department or some special units often need to monitor the internal communication of the network. In the prior art, the method for monitoring a service is to perform monitoring of a PSTN voice call by performing operations such as saving and recovering a voice stream in a conventional PSTN communication network.
在实现本发明的过程中, 发明人发现现有技术中至少存在如下问题: 现有的监听技术仅适用于 PSTN网絡, 是对 PSTN网絡中的语音流进 行监听, 而 VOIP网絡中传输的是分组数据, 因此, 现有技术这种在 PSTN 网絡中对语音流进行监听的方法在 VOIP网絡中已经完全无法适用, 即无 法有效地获取 VOIP网絡中需要进行监听的语音数据。 In the process of implementing the present invention, the inventors have found that at least the following problems exist in the prior art: The existing monitoring technology is only applicable to the PSTN network, and the voice stream in the PSTN network is monitored, and the packet is transmitted in the VOIP network. Data, therefore, prior art of this in PSTN The method of monitoring the voice stream in the network is completely unsuitable in the VOIP network, that is, the voice data that needs to be monitored in the VOIP network cannot be effectively obtained.
此外, VOIP仅仅是 IP网絡应用的一个方面, 除语音业务之外, IP网 絡还支持文本、 图像、视频等多种类型的数据业务, 对于这些类型的业务, 同样有监听的需求, 但是目前暂时还没有一种能够有效应用于 IP 网絡的 监听方法。 发明内容 本发明实施例提供一种网絡监听方法、 装置及***, 以实现对 IP 网 絡的监听。  In addition, VOIP is only one aspect of IP network applications. In addition to voice services, IP networks support multiple types of data services such as text, images, and video. For these types of services, there is also a need for monitoring, but for the time being. There is no monitoring method that can be effectively applied to IP networks. SUMMARY OF THE INVENTION Embodiments of the present invention provide a network monitoring method, apparatus, and system to implement monitoring of an IP network.
本发明实施例提供一种网絡监听方法, 包括:  The embodiment of the invention provides a network monitoring method, including:
获取解析监听策略得到的精确匹配规则;  Obtain an exact matching rule obtained by parsing the interception strategy;
根据所述精确匹配规则, 釆用深度包检测对接收的数据进行选择, 得 到监听结果,所述接收的数据,是根据解析监听策略得到的业务定制规则, 釆用数据预处理对分组数据进行过滤得到。  According to the exact matching rule, the received data is selected by using deep packet detection to obtain a monitoring result, and the received data is a service customization rule obtained according to the parsing and listening strategy, and the data is pre-processed to filter the packet data. get.
本发明实施例还提供一种业务分析服务器, 包括:  The embodiment of the invention further provides a service analysis server, including:
监听策略处理单元, 用于解析监听策略, 得到业务定制规则和精确匹 配规则;  The interception policy processing unit is configured to parse the interception policy, and obtain a service customization rule and an exact matching rule;
数据选择单元, 釆用深度包检测, 根据所述监听策略处理单元得到的 精确匹配规则对业务探测服务器发送的数据进行选择, 得到监听结果。  The data selection unit selects the data sent by the service detection server according to the exact matching rule obtained by the monitoring policy processing unit, and obtains the monitoring result.
本发明实施例还提供一种网絡监听***, 包括业务探测服务器和业务 分析服务器;  The embodiment of the invention further provides a network monitoring system, which includes a service detection server and a service analysis server;
所述业务探测服务器, 用于获取 IP 网絡的分组数据, 应用数据预处 理技术, 根据所述业务分析服务器得到的业务定制规则对所获取的分组数 据进行过滤; The service detection server is configured to acquire packet data of an IP network, and apply data pre-location The technology, filtering the acquired packet data according to the service customization rule obtained by the service analysis server;
所述业务分析服务器, 用于解析监听策略, 得到业务定制规则和精确 匹配规则; 釆用深度包检测, 根据精确匹配规则对所述业务探测服务器过 滤后的数据进行选择, 得到监听结果。  The service analysis server is configured to parse the monitoring policy, and obtain the service customization rule and the exact matching rule. The deep packet inspection is used to select the filtered data of the service detection server according to the exact matching rule to obtain the monitoring result.
实现对 IP网絡的监听, 需要重点解决的问题是识别 IP网絡中传输的 分组数据, 并从其中选择出所需要监听的业务数据。 上述技术方案中, 业 务探测服务器获取 IP 网絡的分组数据后, 首先对分组数据进行预处理, 然后根据业务定制规则对分组数据进行过滤; 业务分析服务器应用深度包 检测技术对经业务探测服务器过滤后的分组数据做进一步分析, 再根据精 确匹配规则对分析结果进行选择, 最终得到所需的监听结果, 实现对 IP 网絡的监听。 此外, 对于 IP 网絡中传输的文本、 图像、 音频、 视频等各 种分组数据业务都可以进行监听, 这也为监听人员提供了更多有效的监听 手段。  To realize the monitoring of the IP network, the problem to be solved is to identify the packet data transmitted in the IP network, and select the service data to be monitored from it. In the foregoing technical solution, after the service detection server obtains the packet data of the IP network, the packet data is pre-processed, and then the packet data is filtered according to the service customization rule; the service analysis server applies the deep packet detection technology to the service detection server after filtering. The packet data is further analyzed, and then the analysis result is selected according to the exact matching rule, and finally the desired monitoring result is obtained, and the monitoring of the IP network is realized. In addition, various packet data services such as text, image, audio, video, etc. transmitted in the IP network can be monitored, which also provides more effective monitoring means for the listener.
附图说明 图 1为本发明实施例一种 IP网絡监听方法流程示意图; BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a schematic flowchart of an IP network monitoring method according to an embodiment of the present invention;
图 2为本发明实施例另一种 IP网絡监听方法流程示意图;  2 is a schematic flowchart of another IP network monitoring method according to an embodiment of the present invention;
图 3为本发明实施例 SPS的结构示意图;  3 is a schematic structural diagram of an SPS according to an embodiment of the present invention;
图 4为本发明实施例 SAS的结构示意图;  4 is a schematic structural diagram of a SAS according to an embodiment of the present invention;
图 5为本发明实施例 IP网絡监听***的结构示意图;  FIG. 5 is a schematic structural diagram of an IP network monitoring system according to an embodiment of the present invention; FIG.
图 6为本发明实施例 IP网絡监听***的另一种结构示意图。 具体实施方式 首先对本发明实施例 IP网絡的监听方法进行说明, 包括: 获取解析监听策略得到的精确匹配规则; FIG. 6 is another schematic structural diagram of an IP network monitoring system according to an embodiment of the present invention. detailed description First, the method for monitoring the IP network in the embodiment of the present invention is described, including: obtaining an exact matching rule obtained by parsing the interception policy;
根据所述精确匹配规则, 釆用深度包检测对接收的数据进行选择, 得 到监听结果,所述接收的数据,是根据解析监听策略得到的业务定制规则, 釆用数据预处理对分组数据进行过滤得到。 图 1为本发明实施例一种 IP网絡监听方法流程示意图, 该方法包括: According to the exact matching rule, the received data is selected by using deep packet detection to obtain a monitoring result, and the received data is a service customization rule obtained according to the parsing and listening strategy, and the data is pre-processed to filter the packet data. get. FIG. 1 is a schematic flowchart of a method for monitoring an IP network according to an embodiment of the present invention, where the method includes:
5101 , 业务分析服务器 (Service Analyze Server, 以下简称: SAS ) 接收到监听策略之后, 对监听策略进行解析, 得到业务定制规则和精确匹 配规则, 并将业务定制规则发送至业务探测服务器 ( Service Probe Server, 以下简称: SPS ) 。 其中, 业务定制规则对应待监听业务的基本信息, 可 以包括媒体接入控制 (MAC )地址、 因特网协议(IP )地址、 传输控制协 议 /用户数据报协议 (TCP/UDP ) 端口、 业务类型等; 精确匹配规则对应 待监听业务的具体信息, 可以包括用户名、 账号、 电子邮件地址、 电话号 码等。 After the service analysis server (Service Analyze Server, SAS) receives the interception policy, it parses the interception policy, obtains the service customization rule and the exact match rule, and sends the service customization rule to the service probe server (Service Probe Server). , hereinafter referred to as: SPS). The service customization rule corresponds to basic information of the service to be monitored, and may include a media access control (MAC) address, an Internet Protocol (IP) address, a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port, a service type, and the like; The exact matching rule corresponds to the specific information of the service to be monitored, and may include a user name, an account number, an email address, a phone number, and the like.
5102, SPS釆用嗅探的方式获取 IP 网絡的分组通信数据, 首先对分 组数据报文进行预处理: 可以通过 2-4层协议分析或报文特征匹配来识别 分组数据的基本业务信息, 然后根据业务定制规则, 过滤掉基本业务信息 与规则不相符的数据, 将过滤后的数据继续发送至 SAS。  5102, SPS uses sniffing to obtain packet communication data of the IP network, and first preprocesses the packet data packet: the basic service information of the packet data can be identified through 2-4 layer protocol analysis or message feature matching, and then According to the service customization rule, the data whose basic service information does not match the rule is filtered out, and the filtered data is further sent to the SAS.
5103 , SAS使用深度包检测 ( Deep Packet Inspection, 以下简称: DPI ) 技术对 SPS发送数据的监听相关信息( Intercept Related Information, 以下 简称: IRI ) 进行分析, 得到数据对应的业务具体信息。 所述 IRI为 IP网 絡分组数据中, 与媒体流( Content of Communication , 以下简称: CC )相 关的呼叫控制信息, 相同业务数据的 IRI与 CC通过唯一特征标识符相关 联。 然后根据 S 101 中得到的精确匹配规则对分析结果进行选择, 即可精 确命中待监听业务数据的 IRI。 最后通过关联唯一特征标识符, 得到 IRI 所对应的 CC , 将待监听业务数据的 IRI 与 CC共同作为监听结果。 5103. The SAS uses the Deep Packet Inspection (DPI) technology to analyze the Intercept Related Information (hereinafter referred to as IRI) of the SPS transmission data, and obtain the service specific information corresponding to the data. The IRI is an IP network In the network packet data, the call control information related to the Media of Communication (hereinafter referred to as CC), the IRI of the same service data and the CC are associated by the unique feature identifier. Then, according to the exact matching rule obtained in S101, the analysis result is selected, and the IRI of the service data to be monitored can be accurately hit. Finally, the CC corresponding to the IRI is obtained by associating the unique feature identifier, and the IRI of the service data to be monitored is used together with the CC as the monitoring result.
其中, S 101 中所述的监听策略, 包括需要监听的 IP地址或者账号等 信息, 监听策略可以由网絡端服务器 (Web server, 以下简称: WBS ) 配 置后发送至 SAS。  The monitoring policy described in S101 includes information such as an IP address or an account to be monitored. The monitoring policy may be configured by a network server (Web server, hereinafter referred to as WBS) and then sent to the SAS.
为了对监听结果进一步做业务恢复, 本实施例还可以包括以下步骤: In order to further perform service recovery on the monitoring result, the embodiment may further include the following steps:
5104 , 数据库与文件服务器 ( Dbase and Files Server, 以下简称: DFS ) 对监听结果进行保存。 将监听结果中的 CC存入文件服务器, 将 IRI存入 数据库, 这样可以很方便地通过 IRI与 CC的关联关系检索被监听业务。 监听结果在 DFS存储***中一直保持原始存储格式不变, 以便生成证据 , 直到归档至外部存储介质或被删除。 存储容量取决于监听的目标数量, 一 般为几百 G到几个 T比特。 5104, Dbase and Files Server (hereinafter referred to as DFS) saves the monitoring results. The CC in the monitoring result is stored in the file server, and the IRI is stored in the database, so that the monitored service can be conveniently retrieved through the relationship between the IRI and the CC. The listening result remains in the original storage format in the DFS storage system to generate evidence until it is archived to an external storage medium or deleted. The storage capacity depends on the number of targets being monitored, typically a few hundred G to a few T bits.
5105 ,监听人员登录 WBS , 对 DFS中保存的监听结果进行业务恢复。 WBS从 DFS中取出一份监听结果的拷贝进行恢复处理或者生成分析报告 供监听人员查看。  5105. The listener logs in to the WBS to perform service recovery on the monitoring result saved in the DFS. The WBS takes a copy of the interception result from the DFS for recovery processing or generates an analysis report for the listener to view.
上述实施例提供的监听方法, 适用于 IP 网絡中业务的非实时监听, 对于需要实时监听的业务, WBS从前端*** SAS直接获得监听结果进行 业务恢复。  The monitoring method provided by the foregoing embodiment is applicable to non-real-time monitoring of services in the IP network. For services that need real-time monitoring, the WBS directly obtains the monitoring result from the front-end system SAS for service recovery.
图 2为本发明实施例另一种 IP 网絡监听方法流程示意图, 具体方法 如下: 2 is a schematic flowchart diagram of another IP network monitoring method according to an embodiment of the present invention, and a specific method as follows:
S201-S203 , 与 S101-S103所述相同;  S201-S203, which is the same as described in S101-S103;
5204, WBS从 SAS直接获得监听结果, 对业务进行恢复, 供监听人 员实时监听。  5204, the WBS directly obtains the monitoring result from the SAS, and restores the service for the monitor to monitor in real time.
其中, 如果需要对实时监听的数据做备份处理, 那么本实施例还可以 包括:  If the data to be monitored in real time is to be backed up, the embodiment may further include:
5205 , WBS同时生成一份实时监听结果的拷贝, 送入 DFS保存, 以 供日后进一步分析或提供证据。 对监听结果拷贝的保存方法与 S104 中所 述类似, 此处不再赘述。  5205, WBS also generates a copy of the real-time monitoring results, which are sent to DFS for further analysis or evidence. The method for saving the copy of the monitoring result is similar to that described in S104, and will not be described here.
在上述两个实施例中, 监听人员还可以通过登录 WBS对整个监听系 统进行管理维护, 包括下发控制指令来协调监听***各个部分的运行, 同 时产生监听***的操作、 维护和运行日志等。  In the above two embodiments, the listener can also manage and maintain the entire monitoring system by logging in to the WBS, including issuing control commands to coordinate the operation of various parts of the monitoring system, and simultaneously generating operation, maintenance, and operation logs of the monitoring system.
需要说明的是, 监听人员也可以通过网絡客户端 (Web Client, 以下 简称: WBC )登录 WBS来进行相关操作, 这些并不影响本发明的实现。  It should be noted that the listener can also log in to the WBS through the network client (Web Client, hereinafter referred to as WBC) to perform related operations, which does not affect the implementation of the present invention.
可见, 上述实施例中, 针对 IP 网絡中传输的分组数据, 首先应用数 据预处理技术识别数据的基本信息, 进行初步过滤, 再应用 DPI技术分析 数据, 实现精确选择, 得到所需的监听结果。 监听人员通过登录网絡端服 务器, 可以有效地对监听结果进行保存、 恢复、 管理等操作, 从而实现对 IP网絡的监听。  It can be seen that, in the foregoing embodiment, for the packet data transmitted in the IP network, the data preprocessing technology is first used to identify the basic information of the data, and the initial filtering is performed, and then the DPI technology is used to analyze the data to achieve accurate selection, and the required monitoring result is obtained. By logging in to the network server, the listener can effectively save, restore, and manage the monitoring results, thereby monitoring the IP network.
本发明实施例提供一种业务探测服务器 SPS ,图 3为本发明实施例 SPS 的结构示意图, 所述 SPS包括:  The embodiment of the present invention provides a service detection server SPS. FIG. 3 is a schematic structural diagram of an SPS according to an embodiment of the present invention, where the SPS includes:
数据获取单元 310, 用于获取 IP网絡的分组数据; 数据过滤单元 320, 应用数据预处理技术, 根据业务定制规则, 对所 述数据获取单元 310得到的分组数据进行过滤。 The data obtaining unit 310 is configured to acquire packet data of an IP network. The data filtering unit 320 applies an application data pre-processing technique to filter the packet data obtained by the data acquiring unit 310 according to the service customization rule.
其中, 所述数据过滤单元 320, 包括:  The data filtering unit 320 includes:
识别子单元 321 , 应用数据预处理技术, 识别所述数据获取单元 310 获取的分组数据的基本业务信息;  The identifying sub-unit 321 is configured to identify basic service information of the packet data acquired by the data acquiring unit 310 by using a data pre-processing technique;
过滤子单元 322, 根据所述识别子单元 321的识别结果和业务定制规 则, 对所述分组数据进行过滤。  The filtering sub-unit 322 filters the packet data according to the identification result of the identification sub-unit 321 and the service customization rule.
本发明实施例提供一种业务分析服务器 SAS , 图 4 为本发明实施例 SAS的结构示意图, 所述 SAS包括:  The embodiment of the present invention provides a service analysis server SAS, and FIG. 4 is a schematic structural diagram of a SAS according to an embodiment of the present invention, where the SAS includes:
监听策略处理单元 410, 用于解析监听策略, 得到业务定制规则和精 确匹配规则;  The interception policy processing unit 410 is configured to parse the interception policy, and obtain a service customization rule and an exact matching rule.
数据选择单元 420,釆用深度包检测,根据所述监听策略处理单元 410 得到的精确匹配规则对业务探测服务器发送的数据进行选择, 得到监听结 果。  The data selection unit 420 selects the data sent by the service detection server according to the exact matching rule obtained by the interception policy processing unit 410 to obtain the monitoring result.
其中, 所述数据选择单元 420, 包括:  The data selection unit 420 includes:
分析子单元 421 , 应用 DPI技术, 对 SPS发送的数据进行分析; 选择子单元 422, 根据所述监听策略处理单元 410得到的精确匹配规 则, 对所述分析子单元 421的分析结果进行选择, 精确命中待监听业务数 据的 IRI;  The analysis sub-unit 421 applies the DPI technology to analyze the data sent by the SPS. The selection sub-unit 422 selects the analysis result of the analysis sub-unit 421 according to the exact matching rule obtained by the monitoring policy processing unit 410. Hit the IRI of the service data to be monitored;
监听结果生成子单元 423 , 用于根据所述选择子单元 422得到的待监 听业务数据的 IRI, 生成监听结果。  The monitoring result generation subunit 423 is configured to generate a monitoring result according to the IRI of the to-be-observed service data obtained by the selection subunit 422.
本发明实施例还提供一种 IP网絡监听***, 图 5为本发明实施例 IP 网絡监听***的结构示意图, 参见图 5所示, 包括 SPS 510和 SAS 520;The embodiment of the invention further provides an IP network monitoring system, and FIG. 5 is an embodiment of the present invention. Schematic diagram of the network monitoring system, as shown in Figure 5, including SPS 510 and SAS 520;
SPS 510, 用于获取 IP网絡的分组数据, 应用数据预处理技术, 根据 SAS 520得到的业务定制规则对所获取的分组数据进行过滤; The SPS 510 is configured to obtain packet data of an IP network, apply data preprocessing technology, and filter the obtained packet data according to a service customization rule obtained by the SAS 520;
SAS 520 , 用于解析监听策略, 得到业务定制规则和精确匹配规则, 将业务定制规则发送至 SPS 510;应用 DPI技术与精确匹配规则对 SPS 510 过滤后的数据进行选择, 得到监听结果。  The SAS 520 is configured to parse the monitoring policy, obtain the service customization rule and the exact matching rule, and send the service customization rule to the SPS 510; apply the DPI technology and the exact matching rule to select the SPS 510 filtered data to obtain the monitoring result.
为了对监听结果进行业务恢复, 监听***还可以进一步包括监听管理 设备, 图 6为本发明实施例 IP 网絡监听***的另一种结构示意图, 其与 图 5的区别在于:还包括监听管理设备,所述监听管理设备包括: WBS 630 和 DFS 640;  In order to perform service recovery on the monitoring result, the monitoring system may further include a monitoring management device. FIG. 6 is another schematic structural diagram of an IP network monitoring system according to an embodiment of the present invention. The difference from FIG. 5 is that the monitoring management device is further included. The monitoring management device includes: WBS 630 and DFS 640;
WBS 630, 用于对监听结果进行业务恢复;  WBS 630, used for service recovery of the monitoring result;
DFS 640, 用于存储监听结果。  DFS 640, used to store the monitoring results.
对于非实时业务, 监听结果首先被保存在 DFS 640中, 在需要监听的 时候由 WBS 630从 DFS 640中提取监听结果进行业务恢复; 对于需要实 时监听的业务, WBS 630直接由 SAS 520获得监听结果进行业务恢复, 供 监听人员实时监听, 如果需要对监听结果进行备份, WBS 630可以在业务 恢复的同时生成一份监听结果的拷贝, 送入 DFS 640存储。  For the non-real-time service, the monitoring result is first saved in the DFS 640. When the monitoring needs to be monitored, the WBS 630 extracts the monitoring result from the DFS 640 for service recovery. For the service that needs real-time monitoring, the WBS 630 directly obtains the monitoring result by the SAS 520. The service is restored for the listener to monitor in real time. If the monitoring result needs to be backed up, the WBS 630 can generate a copy of the monitoring result and send it to the DFS 640 storage while the service is being restored.
其中, WBS 630还可以用于对监听策略进行配置、 管理及维护整个监 听***的运行; DFS 640还可以用于保存***的配置信息、运行维护日志, 监听人员账户和权限等信息。  The WBS 630 can also be used to configure, manage, and maintain the operation of the entire listening system. The DFS 640 can also be used to save system configuration information, run maintenance logs, and monitor personnel accounts and permissions.
为了方便监听人员的操作, 监听***还可以包括:  In order to facilitate the operation of the monitor, the monitoring system may further include:
WBC 650, 为监听***提供用户接口, 一般情况下都是带有图形用户 接口 ( Graphic User Interface, 以下简称: GUI ) 的终端作为整个监听*** 的用户接口, 监听人员通过 WBC650远程登录 WBS630, 进行业务恢复或 ***管理维护等操作。 WBC 650, providing a user interface for the monitoring system, typically with graphical users The terminal of the Graphic User Interface (GUI) serves as the user interface of the entire monitoring system. The listener remotely logs in to the WBS630 through the WBC650 to perform operations such as service recovery or system management and maintenance.
对于装置和***实施例而言, 由于其基本相应于方法实施例, 所以描 述得比较简单, 相关之处参见方法实施例的部分说明即可。 以上所描述的 装置与***实施例仅仅是示意性的, 其中所述作为分离部件说明的单元可 以是或者也可以不是物理上分开的, 作为单元显示的部件可以是或者也可 以不是物理单元, 即可以位于一个地方, 或者也可以分布到多个网絡单元 上。 可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方 案的目的。 本领域普通技术人员在不付出创造性的劳动的情况下, 即可以 理解并实施。  For the device and system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment. The apparatus and system embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie It can be located in one place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the embodiment scheme. Those of ordinary skill in the art can understand and implement without undue creative work.
本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步 骤可以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机 可读取存储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的存储介质包括: ROM、 RAM, 磁碟或者光盘等各种可以存储程 序代码的介质。  A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing steps include the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
以上所述的本发明实施方式, 并不构成对本发明保护范围的限定。 任 何在本发明的精神和原则之内所作的修改、 等同替换和改进等, 均应包含 在本发明的保护范围之内。  The embodiments of the present invention described above are not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权利要求 Rights request
1、 一种网絡监听方法, 其特征在于, 包括:  A network monitoring method, comprising:
获取解析监听策略得到的精确匹配规则;  Obtain an exact matching rule obtained by parsing the interception strategy;
根据所述精确匹配规则, 釆用深度包检测对接收的数据进行选择, 得 到监听结果,所述接收的数据,是根据解析监听策略得到的业务定制规则, 釆用数据预处理对分组数据进行过滤得到。  According to the exact matching rule, the received data is selected by using deep packet detection to obtain a monitoring result, and the received data is a service customization rule obtained according to the parsing and listening strategy, and the data is pre-processed to filter the packet data. get.
2、 根据权利要求 1 所述的方法, 其特征在于, 所述釆用深度包检测 对接收的数据进行选择, 得到监听结果, 包括:  The method according to claim 1, wherein the detecting the received data by using the deep packet detection to obtain the monitoring result comprises:
釆用深度包检测, 对接收的数据进行分析;  深度 Use deep packet inspection to analyze the received data;
根据所述精确匹配规则对分析结果进行选择, 获得待监听业务数据的 监听相关信息;  Selecting an analysis result according to the exact matching rule, and obtaining monitoring related information of the service data to be monitored;
通过关联唯一特征标识符, 得到所述待监听业务数据的监听相关信息 所对应的媒体流, 将待监听业务数据的监听相关信息与所对应的媒体流共 同作为监听结果。  The media stream corresponding to the monitoring related information of the service data to be monitored is obtained by associating the unique feature identifier, and the monitoring related information of the service data to be monitored is used as the monitoring result together with the corresponding media stream.
3、 根据权利要求 1 所述的方法, 其特征在于, 该方法进一步包括: 对所述监听结果进行业务恢复。  The method according to claim 1, wherein the method further comprises: performing service recovery on the monitoring result.
4、 一种业务分析服务器, 其特征在于, 包括:  4. A service analysis server, comprising:
监听策略处理单元, 用于解析监听策略, 得到业务定制规则和精确匹 配规则;  The interception policy processing unit is configured to parse the interception policy, and obtain a service customization rule and an exact matching rule;
数据选择单元, 釆用深度包检测, 根据所述监听策略处理单元得到的 精确匹配规则对业务探测服务器发送的数据进行选择, 得到监听结果, 所 述业务探测服务器发送的数据是业务探测服务器根据解析监听策略得到 的业务定制规则, 釆用数据预处理对分组数据进行过滤得到。 The data selection unit, using the deep packet detection, selects the data sent by the service detection server according to the exact matching rule obtained by the monitoring policy processing unit, and obtains the monitoring result, and the data sent by the service detection server is the service detection server according to the analysis. Listening strategy The business customization rules are obtained by filtering the packet data by using data preprocessing.
5、 根据权利要求 4所述的业务分析服务器, 其特征在于, 所述数据 选择单元, 包括:  The service analysis server according to claim 4, wherein the data selection unit comprises:
分析子单元, 釆用深度包检测, 对业务探测服务器发送的数据进行分 选择子单元, 根据所述监听策略处理单元得到的精确匹配规则, 对所 述分析子单元的分析结果进行选择, 获得待监听业务数据的监听相关信 息;  The analysis subunit, using the deep packet detection, performs the sub-selection sub-units on the data sent by the service detection server, and selects the analysis result of the analysis sub-unit according to the exact matching rule obtained by the monitoring strategy processing unit, and obtains the Listening for monitoring related information of business data;
监听结果生成子单元, 用于根据所述选择子单元得到的待监听业务数 据的监听相关信息, 生成监听结果。  The monitoring result generating subunit is configured to generate a monitoring result according to the monitoring related information of the to-be-listened service data obtained by the selecting subunit.
6、 一种网絡监听***, 其特征在于, 包括业务探测服务器和业务分 析服务器;  A network monitoring system, comprising: a service detection server and a service analysis server;
所述业务探测服务器, 用于获取 IP 网絡的分组数据, 应用数据预处 理技术, 根据所述业务分析服务器得到的业务定制规则对所获取的分组数 据进行过滤;  The service detection server is configured to acquire packet data of an IP network, apply data pre-processing technology, and filter the acquired packet data according to a service customization rule obtained by the service analysis server;
所述业务分析服务器, 用于解析监听策略, 得到业务定制规则和精确 匹配规则; 釆用深度包检测, 根据所述精确匹配规则对所述业务探测服务 器过滤后的数据进行选择, 得到监听结果。  The service analysis server is configured to parse the interception policy, and obtain the service customization rule and the exact matching rule. The deep packet inspection is performed, and the data filtered by the service detection server is selected according to the exact matching rule to obtain a monitoring result.
7、 根据权利要求 6 所述的网絡监听***, 其特征在于, 所述监听结 果包括根据所述精确匹配规则对所述业务探测服务器过滤后的数据进行 选择, 精确命中的待监听业务数据的监听相关信息及与所述监听相关信息 对应的媒体流, 该***还包括: 数据库与文件服务器, 所述数据库用于存储所述监听相关信息, 所述 文件服务器用于存储与所述监听相关信息对应的媒体流。 The network monitoring system according to claim 6, wherein the monitoring result comprises: selecting, according to the exact matching rule, data filtered by the service detecting server, and accurately monitoring a data of the to-be-listened service data. Relevant information and a media stream corresponding to the monitoring related information, the system further includes: a database and a file server, the database is configured to store the monitoring related information, and the file server is configured to store a media stream corresponding to the monitoring related information.
8、 根据权利要求 6或 7所述的网絡监听***, 其特征在于, 该*** 还包括:  The network monitoring system according to claim 6 or 7, wherein the system further comprises:
网絡端服务器, 用于对所述监听结果进行业务恢复。  The network server is configured to perform service recovery on the monitoring result.
9、 根据权利要求 8所述的监听***, 其特征在于, 该***还包括: 网絡客户端, 为监听***提供用户接口, 用于监听人员通过网絡客户 端登录所述网絡端服务器, 对所述监听结果进行业务恢复。  The monitoring system according to claim 8, wherein the system further comprises: a network client, providing a user interface for the monitoring system, and the monitoring personnel logging in to the network server through the network client, Monitor the results for business recovery.
PCT/CN2009/070875 2008-06-30 2009-03-18 A method, apparatus and system for monitoring the network WO2010000145A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/478,307 US8416695B2 (en) 2008-06-30 2009-06-04 Method, device and system for network interception

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2008101252729A CN101621587B (en) 2008-06-30 2008-06-30 Method, device and system for network monitoring
CN200810125272.9 2008-06-30

Publications (1)

Publication Number Publication Date
WO2010000145A1 true WO2010000145A1 (en) 2010-01-07

Family

ID=41465476

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070875 WO2010000145A1 (en) 2008-06-30 2009-03-18 A method, apparatus and system for monitoring the network

Country Status (2)

Country Link
CN (1) CN101621587B (en)
WO (1) WO2010000145A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347949A (en) * 2011-09-28 2012-02-08 上海西默通信技术有限公司 Application protocol analysis method based on DPI (Distributed Protocol Interface)
CN115314424A (en) * 2022-08-08 2022-11-08 湖南三湘银行股份有限公司 Method and device for rapidly detecting network signals
CN117932175A (en) * 2024-03-18 2024-04-26 广州番禺职业技术学院 Data analysis method, device and storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945021B (en) * 2010-09-20 2014-07-02 中兴通讯股份有限公司 Method and system for realizing strategy synchronization
CN101951330A (en) * 2010-09-27 2011-01-19 中兴通讯股份有限公司 Bidirectional joint detection device and method
CN110336818A (en) * 2019-07-08 2019-10-15 郑州黑猫数字科技有限公司 A kind of secure data acquisition method and system based on data perception
CN112311717B (en) * 2019-07-24 2022-08-23 腾讯科技(深圳)有限公司 Network data recovery method and device, storage medium and computer equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040268149A1 (en) * 2003-06-30 2004-12-30 Aaron Jeffrey A. Network firewall host application identification and authentication
CN1564525A (en) * 2004-03-30 2005-01-12 国电自动化研究院 Recording method and devicer for multimedia network communication
CN101179449A (en) * 2007-11-27 2008-05-14 华为技术有限公司 Monitoring system, apparatus and method in IP network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101072174A (en) * 2007-03-23 2007-11-14 南京邮电大学 Tencent voice identifying method based on pay load deep detection and session correlating technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040268149A1 (en) * 2003-06-30 2004-12-30 Aaron Jeffrey A. Network firewall host application identification and authentication
CN1564525A (en) * 2004-03-30 2005-01-12 国电自动化研究院 Recording method and devicer for multimedia network communication
CN101179449A (en) * 2007-11-27 2008-05-14 华为技术有限公司 Monitoring system, apparatus and method in IP network

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347949A (en) * 2011-09-28 2012-02-08 上海西默通信技术有限公司 Application protocol analysis method based on DPI (Distributed Protocol Interface)
CN115314424A (en) * 2022-08-08 2022-11-08 湖南三湘银行股份有限公司 Method and device for rapidly detecting network signals
CN115314424B (en) * 2022-08-08 2024-03-26 湖南三湘银行股份有限公司 Method and device for rapidly detecting network signals
CN117932175A (en) * 2024-03-18 2024-04-26 广州番禺职业技术学院 Data analysis method, device and storage medium

Also Published As

Publication number Publication date
CN101621587A (en) 2010-01-06
CN101621587B (en) 2012-08-08

Similar Documents

Publication Publication Date Title
US8416695B2 (en) Method, device and system for network interception
WO2010000145A1 (en) A method, apparatus and system for monitoring the network
JP4554609B2 (en) Network asset tracker that identifies users of networked computers
US8463612B1 (en) Monitoring and collection of audio events
WO2016082371A1 (en) Ssh protocol-based session parsing method and system
CN103580945A (en) Method and device for generating testing data for complex service system
EP3197100A1 (en) Multi cause correlation in wireless protocols
CN102088377B (en) Man-machine correspondence method and device for assets management
CN107666486A (en) A kind of network data flow restoration methods and system based on message protocol feature
US20060253531A1 (en) Communicating multimedia information to respondent endpoints
WO2023109524A1 (en) Information leakage monitoring method and system, and electronic device
US9602551B2 (en) Method for providing a law enforcement agency with sampled content of communications
EP2028831A2 (en) Systems and methods for multi-stream recording
CN105847250A (en) VoIP stream media multi-dimensional information steganography real time detection method
CN102045379B (en) Method and system for IP storage and storage equipment
CN106789728A (en) A kind of voip traffic real-time identification method based on NetFPGA
CN104348749B (en) A kind of flow control methods, apparatus and system
EP2403199B1 (en) Seat service monitoring device, seat service device and seat service monitoring method
GB2613101A (en) Endpoint network sensor and related cybersecurity infrastructure
CN112565207B (en) Non-invasive intelligent sound box safety evidence obtaining system and method thereof
US20080034163A1 (en) Distributive Network Control
US8130913B1 (en) Method and apparatus for archiving calls terminating at a computer
CN106411987B (en) File uploads monitoring method and device
JP5662735B2 (en) How to improve call tracing
KR102545276B1 (en) Communication terminal based group call security apparatus and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09771915

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09771915

Country of ref document: EP

Kind code of ref document: A1