PACKET ANALYSIS METHOD, PACKET ANALYSIS APPARATUS, RECORDING MEDIUM STORING PACKET ANALYSIS PROGRAM

US 20090190593A1
Filed: 01/13/2009
Published: 07/30/2009
Est. Priority Date: 01/29/2008
Status: Active Grant

First Claim

Patent Images

1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis method comprising:

a procedure of acquiring source or destination address information from a network layer packet header;

a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;

a procedure of searching for and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and

a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet analysis apparatus analyzes content of communication obtained as a result of monitoring or capturing a packet passing through a network. The apparatus has a unit of acquiring source or destination address information from a network layer packet header. The apparatus has a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set. The apparatus has a unit of searching and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information. The apparatus has a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

Citations

9 Claims

1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis method comprising:
- a procedure of acquiring source or destination address information from a network layer packet header;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of searching for and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and
  
  a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
- View Dependent Claims (3, 4, 5)
- - 3. The packet analysis method according to claim 1 or claim 2, wherein the comparison of the identifiers is performed considering circulation with a finite bit number.
  - 4. The packet analysis method according to claim 1 or claim 2, wherein the comparison of the identifiers is performed inverting high order and low order according to arrangement of high-order bits and low-order bits.
  - 5. The packet analysis method according to claim 1 or claim 2, wherein comparison of an identifier in a packet for which fixed communication time or more elapses is not performed.

2. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis method comprising:
- a procedure of acquiring session information from network layer and transport layer packet headers;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of acquiring sequence information from the transport layer packet header;
  
  a procedure of searching and acquiring an identifier corresponding to session information in a current packet from a storage part holding an identifier in a previous packet corresponding to session information;
  
  a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information;
  
  a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and
  
  a procedure of determining that packet loss occurs when the identifier in the current packet is larger.

6. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
- a unit of acquiring source or destination address information from a network layer packet header;
  
  a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a unit of searching and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and
  
  a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

7. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
- a unit of acquiring session information from network layer and transport layer packet headers;
  
  a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a unit of acquiring sequence information from the transport layer packet header;
  
  a unit of searching and acquiring an identifier corresponding to session information in a current packet from a storage part holding an identifier in a previous packet corresponding to session information;
  
  a unit of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information;
  
  a unit of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and
  
  a unit of determining that packet loss occurs when the identifier in the current packet is larger.

8. A computer-readable recording medium storing a packet analysis program containing instructions upon executed on a computer, the computer being a packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
- a procedure of acquiring source or destination address information from a network layer packet header;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of searching for and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and
  
  a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

9. A computer-readable recording medium storing a packet analysis program containing instructions upon executed on a computer, the computer being a packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
- a procedure of acquiring session information from network layer and transport layer packet headers;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of acquiring sequence information from the transport layer packet header;
  
  a procedure of searching for and acquiring an identifier corresponding to session information in a current packet from a storage part holding an identifier in a previous packet corresponding to session information;
  
  a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information;
  
  a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and
  
  a procedure of determining that packet loss occurs when the identifier in the current packet is larger.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Nomura, Yuji, Yasuie, Takeshi

Granted Patent

US 8,213,325 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/394
CPC Class Codes

H04L 43/0829 Packet loss

PACKET ANALYSIS METHOD, PACKET ANALYSIS APPARATUS, RECORDING MEDIUM STORING PACKET ANALYSIS PROGRAM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

PACKET ANALYSIS METHOD, PACKET ANALYSIS APPARATUS, RECORDING MEDIUM STORING PACKET ANALYSIS PROGRAM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links