Detection method for firewall reset TCP link

Detection method for firewall reset TCP link

The invention provides a detection method for a firewall reset TCP link. The method comprises the steps: reading a network message, carrying out deep packet analysis, carrying out analysis of a TCP reset packet by employing IPID information of an IP layer and TCP flow session information, and judgin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: AN HUAIZHI, HAN SHAOHUA
Format: Patent
Sprache:chi ; eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a detection method for a firewall reset TCP link. The method comprises the steps: reading a network message, carrying out deep packet analysis, carrying out analysis of a TCP reset packet by employing IPID information of an IP layer and TCP flow session information, and judging whether the reset packet is transmitted by a firewall or not. If a TCP Sequence and the TCP ACK of the reset packet are obviously inconsistent with the current state of the TCP flow session, or the increment of the IPID exceeds a relatively large first threshold value, or the increment of the IPID exceeds a relatively small second threshold value and the IPID accords with certain firewall characteristics, it is judged that the TCP link is closed due to the firewall. The detection method provided by the invention can be applied to bypass or serial network flow analysis equipment, can also be applied to message analysis software, and can also be applied to a network fault analysis system with multiple acquisition p