PACKET ANALYSIS METHOD, PACKET ANALYSIS APPARATUS, RECORDING MEDIUM STORING PACKET ANALYSIS PROGRAM
First Claim
1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis method comprising:
- a procedure of acquiring source or destination address information from a network layer packet header;
a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
a procedure of searching for and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and
a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
1 Assignment
0 Petitions
Accused Products
Abstract
A packet analysis apparatus analyzes content of communication obtained as a result of monitoring or capturing a packet passing through a network. The apparatus has a unit of acquiring source or destination address information from a network layer packet header. The apparatus has a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set. The apparatus has a unit of searching and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information. The apparatus has a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
-
Citations
9 Claims
-
1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis method comprising:
-
a procedure of acquiring source or destination address information from a network layer packet header; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of searching for and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller. - View Dependent Claims (3, 4, 5)
-
-
2. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis method comprising:
-
a procedure of acquiring session information from network layer and transport layer packet headers; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of acquiring sequence information from the transport layer packet header; a procedure of searching and acquiring an identifier corresponding to session information in a current packet from a storage part holding an identifier in a previous packet corresponding to session information; a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information; a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and a procedure of determining that packet loss occurs when the identifier in the current packet is larger.
-
-
6. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
-
a unit of acquiring source or destination address information from a network layer packet header; a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a unit of searching and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
-
-
7. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
-
a unit of acquiring session information from network layer and transport layer packet headers; a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a unit of acquiring sequence information from the transport layer packet header; a unit of searching and acquiring an identifier corresponding to session information in a current packet from a storage part holding an identifier in a previous packet corresponding to session information; a unit of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information; a unit of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and a unit of determining that packet loss occurs when the identifier in the current packet is larger.
-
-
8. A computer-readable recording medium storing a packet analysis program containing instructions upon executed on a computer, the computer being a packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
-
a procedure of acquiring source or destination address information from a network layer packet header; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of searching for and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information; and a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
-
-
9. A computer-readable recording medium storing a packet analysis program containing instructions upon executed on a computer, the computer being a packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
-
a procedure of acquiring session information from network layer and transport layer packet headers; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of acquiring sequence information from the transport layer packet header; a procedure of searching for and acquiring an identifier corresponding to session information in a current packet from a storage part holding an identifier in a previous packet corresponding to session information; a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information; a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and a procedure of determining that packet loss occurs when the identifier in the current packet is larger.
-
Specification