Packet analysis method, packet analysis apparatus, recording medium storing packet analysis program

US 8,213,325 B2
Filed: 01/13/2009
Issued: 07/03/2012
Est. Priority Date: 01/29/2008
Status: Active Grant

First Claim

Patent Images

1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network using a packet analysis apparatus connected to the network between a sending host and a receiving host, the packet analysis method comprising:

a procedure of the packet analysis apparatus acquiring source or destination address information from a network layer packet header;

a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;

a procedure of searching for and acquiring the identifier in a previous packet having a source or destination address corresponding to source or destination address information in a current packet from a storage part of the packet analysis apparatus, wherein the previous packet is the packet received immediately prior to receiving the current packet; and

a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet analysis apparatus analyzes content of communication obtained as a result of monitoring or capturing a packet passing through a network. The apparatus has a unit of acquiring source or destination address information from a network layer packet header. The apparatus has a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set. The apparatus has a unit of searching and acquiring an identifier corresponding to address information in a current packet from a storage part holding an identifier in a previous packet corresponding to source or destination address information. The apparatus has a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

6 Citations

View as Search Results

9 Claims

1. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network using a packet analysis apparatus connected to the network between a sending host and a receiving host, the packet analysis method comprising:
- a procedure of the packet analysis apparatus acquiring source or destination address information from a network layer packet header;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of searching for and acquiring the identifier in a previous packet having a source or destination address corresponding to source or destination address information in a current packet from a storage part of the packet analysis apparatus, wherein the previous packet is the packet received immediately prior to receiving the current packet; and
  
  a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.
- View Dependent Claims (3, 4, 5)
- - 3. The packet analysis method according to claim 1 or claim 2, wherein the comparison of the identifiers is performed inverting high order and low order according to arrangement of high-order bits and low-order bits.
  - 4. The packet analysis method according to claim 1 or claim 2, wherein comparison of an identifier in a packet for which fixed communication time or more elapses is not performed.
  - 5. The packet analysis method according to claim 1 or claim 2, wherein the comparison of the identifiers is performed considering circulation with a finite bit number.

2. A packet analysis method for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network using a packet analysis apparatus connected to the network between a sending host and a receiving host, the packet analysis method comprising:
- a procedure of the packet analysis apparatus acquiring session information from network layer and transport layer packet headers;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of acquiring sequence information from the transport layer packet header;
  
  a procedure of searching and acquiring the identifier in a previous packet having session information corresponding to session information in a current packet from a storage part of the packet analysis apparatus;
  
  a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information;
  
  a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and
  
  a procedure of determining that packet loss occurs when the identifier in the current packet is larger.

6. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
- a unit of acquiring source or destination address information from a network layer packet header;
  
  a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a unit of searching and acquiring the identifier in a previous packet having source or destination address information corresponding to source or destination address information in a current packet from a storage part, wherein the previous packet is the packet received immediately prior to receiving the current packet; and
  
  a unit of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

7. A packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the packet analysis apparatus comprising:
- a unit of acquiring session information from network layer and transport layer packet headers;
  
  a unit of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a unit of acquiring sequence information from the transport layer packet header;
  
  a unit of searching and acquiring the identifier in a previous packet having session information corresponding to session information in a current packet from a storage part;
  
  a unit of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information;
  
  a unit of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and
  
  a unit of determining that packet loss occurs when the identifier in the current packet is larger.

8. A non-transitory computer-readable medium storing a packet analysis program including instructions executed by a computer, the computer operating as a packet analysis apparatus for analyzing packets obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
- a procedure of acquiring source or destination address information from a network layer packet header;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of searching for and acquiring the identifier in a previous packet having source or destination address information corresponding to source or destination address information in a current packet from a storage part, wherein the previous packet is the packet received immediately prior to receiving the current packet; and
  
  a procedure of comparing the identifier in the previous packet acquired and the identifier in the current packet and determining that reordering occurs when the identifier in the current packet is smaller.

9. A non-transitory computer-readable recording medium storing a packet analysis program containing instructions upon executed on a computer, the computer being a packet analysis apparatus for analyzing content of communication obtained as a result of monitoring or capturing a packet passing through a network, the program causing the computer to execute:
- a procedure of acquiring session information from network layer and transport layer packet headers;
  
  a procedure of acquiring from the network layer packet header an identifier for which a value that increases monotonously with each sending for each source or destination address information is set;
  
  a procedure of acquiring sequence information from the transport layer packet header;
  
  a procedure of searching for and acquiring the identifier in a previous packet having session information corresponding to session information in a current packet from a storage part;
  
  a procedure of determining whether sequence information in the current packet is included in the storage part holding sequence information in a lost packet corresponding to session information;
  
  a procedure of comparing the identifier in the previous packet and the identifier in the current packet when the sequence information in the current packet is included in the lost packet in the storage part, and determining that reordering occurs when the identifier in the current packet is smaller; and
  
  a procedure of determining that packet loss occurs when the identifier in the current packet is larger.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Nomura, Yuji, Yasuie, Takeshi
Primary Examiner(s)
Shah, Chirag
Assistant Examiner(s)
MITCHELL, DANIEL D

Application Number

US12/353,068
Publication Number

US 20090190593A1
Time in Patent Office

1,267 Days
Field of Search

None
US Class Current

370/252
CPC Class Codes

H04L 43/0829 Packet loss

Packet analysis method, packet analysis apparatus, recording medium storing packet analysis program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Packet analysis method, packet analysis apparatus, recording medium storing packet analysis program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links