Message capturing method and device based on network application

Abstract

The invention relates to a message capturing method and device based on a network application. The method comprises the following steps: presetting a to-be-captured network application; continuously receiving traffic data in a period of time or a predetermined quantity from the switching equipment; performing DPI analysis on the messages of the received traffic data, and analyzing and identifying messages belonging to the network application to be captured in the received traffic data based on the characteristics of the network application to be captured; extracting network layer and transmission layer information corresponding to the network application from a message belonging to the network application to be captured in the received flow data; forming an ACL rule for the network application to be captured based on the extracted network layer and transmission layer information; and issuing the ACL rule for the to-be-captured network application to the switching device, so as to perform message capturing for the to-be-captured network application based on the ACL rule for the to-be-captured network application.

Description

technical field [0001] The present disclosure relates to the field of communications, and in particular, to a method and device for capturing packets based on network applications. Background technique [0002] With the rapid development of Internet technology and 5G technology, the traffic in the network is getting larger and larger, and the network is facing more and more types of connection abnormalities or attack events; in addition, most of the remote access failures of the client to the server are caused by network problems , such as improper network configuration of the client or server. Therefore, the troubleshooting of network faults has become an inevitable and thorny problem in work. Especially for those who are not familiar with network knowledge, how to automatically and quickly locate network problems and solve the fault has become a key to improving work efficiency. [0003] The network packet capture technology is to capture the data packets transmitted by t...

AI Technical Summary

Problems solved by technology

However, a large part of the traffic it captures is not the traffic that users care about; in addition, due to the limitation of packet capture performance and hard disk IO performance, when the captured traffic is too large, it cannot be completely saved and the captured traffic Subsequent analysis can also be very difficult

For example, when using wireshark to open a large file, it takes up a lot of memory, the opening speed is very slow, and it often freezes; even if a professional packet capture analysis device is used, it is difficult to solve similar problems

[0005] To capture packets according to ACL rules, it is necessary to know or analyze ACL rule elements in advance, such as source / destination IP, source / destination port, but in many situations in reality, it is impossible to accurately know IP and port information, for example, when crawling websites During traffic flow, there are generally many domain names and sub-domain names on the website, and there are CDN deployments, making it difficult to collect all IP addresses.

In addition, according to the ACL rules, it does not support packet capture based on network applications, and it is powerless to capture packets of network applications.

Images