Packet analysis method, packet analysis apparatus, recording medium storing packet analysis program
First Claim
1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network using a packet analysis apparatus connected to the network between a sending host and a receiving host, the packet analysis method comprising:
- a procedure of the packet analysis apparatus acquiring source or destination address information from a network layer packet header;
a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
a procedure of searching for and acquiring the identifier in a previous packet having a source or destination address corresponding to source or destination address information in a current packet from a storage part of the packet analysis apparatus, wherein the previous packet is the packet received immediately prior to receiving the current packet; and
a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
1 Assignment
0 Petitions
Accused Products
Abstract
A packet analysis apparatus analyzes content of communication obtained as a result of monitoring or capturing a packet passing through a network. The apparatus has a unit of acquiring source or destination address information from a network layer packet header. The apparatus has a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set. The apparatus has a unit of searching and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information. The apparatus has a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
6 Citations
9 Claims
-
1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network using a packet analysis apparatus connected to the network between a sending host and a receiving host, the packet analysis method comprising:
-
a procedure of the packet analysis apparatus acquiring source or destination address information from a network layer packet header; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of searching for and acquiring the identifier in a previous packet having a source or destination address corresponding to source or destination address information in a current packet from a storage part of the packet analysis apparatus, wherein the previous packet is the packet received immediately prior to receiving the current packet; and a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller. - View Dependent Claims (3, 4, 5)
-
-
2. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network using a packet analysis apparatus connected to the network between a sending host and a receiving host, the packet analysis method comprising:
-
a procedure of the packet analysis apparatus acquiring session information from network layer and transport layer packet headers; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of acquiring sequence information from the transport layer packet header; a procedure of searching and acquiring the identifier in a previous packet having session information corresponding to session information in a current packet from a storage part of the packet analysis apparatus; a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information; a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and a procedure of determining that packet loss occurs when the identifier in the current packet is larger.
-
-
6. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
-
a unit of acquiring source or destination address information from a network layer packet header; a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a unit of searching and acquiring the identifier in a previous packet having source or destination address information corresponding to source or destination address information in a current packet from a storage part, wherein the previous packet is the packet received immediately prior to receiving the current packet; and a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
-
-
7. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
-
a unit of acquiring session information from network layer and transport layer packet headers; a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a unit of acquiring sequence information from the transport layer packet header; a unit of searching and acquiring the identifier in a previous packet having session information corresponding to session information in a current packet from a storage part; a unit of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information; a unit of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and a unit of determining that packet loss occurs when the identifier in the current packet is larger.
-
-
8. A non-transitory computer-readable medium storing a packet analysis program including instructions executed by a computer, the computer operating as a packet analysis apparatus for analyzing packets obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
-
a procedure of acquiring source or destination address information from a network layer packet header; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of searching for and acquiring the identifier in a previous packet having source or destination address information corresponding to source or destination address information in a current packet from a storage part, wherein the previous packet is the packet received immediately prior to receiving the current packet; and a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
-
-
9. A non-transitory computer-readable recording medium storing a packet analysis program containing instructions upon executed on a computer, the computer being a packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
-
a procedure of acquiring session information from network layer and transport layer packet headers; a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set; a procedure of acquiring sequence information from the transport layer packet header; a procedure of searching for and acquiring the identifier in a previous packet having session information corresponding to session information in a current packet from a storage part; a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information; a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and a procedure of determining that packet loss occurs when the identifier in the current packet is larger.
-
Specification