In Internet technologies, in order to solve the problem of scarce global Internet Protocol (IP) address resources, the Internet Engineering Task Force (IETF) has proposed the Network Address Translation (NAT) technology. Each host in a Local Area Network possesses its own private IP address, and the NAT device possesses one or more public IP addresses. Each host can map its private IP address and port number into a public IP address and port number, thus to realize accessing the Internet in a shared way.
Practically, for a supervisory purpose, it is often required to detect the number of access sharing hosts. An existing detecting method is to detect the number of access sharing hosts based on the Internet Protocol Identifier (IPID). The IPID field is a 16-bit identification field in the header of an IP data packet, and can uniquely identify each data packet sent by the host. Each host initializes the IPID when initializing the TCP/IP (Transport Control Protocol/User Datagram Protocol) protocol stack during booting. Taking the WINNT system as an example, the initialized IPID value is 0, and thereafter the IPID value (16 bits) is incremented by 1 (in binary) at each time the host sends a data packet. Because it is unlikely that every host is powered on at the same time and because each host operates differently, it is highly unlikely for the hosts in the same network segment of the Local Area Network to generate an identical IPID value. In addition, when the data packet traverses the NAT device, the NAT device typically does not modify the IPID value of the private network. Thus, data packets sent by different hosts can be distinguished from each other.
According to the detecting method of the prior art, data streams sent from hosts are categorized by distinguishing each category using the IPID value, and data streams belonging to the same host are collected together to vary in an IPID value. The IPID value corresponding to the stream and the survival duration of the IPID value are updated with the variation of the IPID value of the stream. The detecting device records the IPID value of the received data packet. For example, the IPID value of a previously received data packet is 2000 and the IPID value of a subsequently received data packet is 2005. If it is assumed that the threshold range is 20, data packets corresponding to the IPID value having a difference of 20 from the IPID value 2000 are all considered as data streams sent from the same host, and then the originally recorded IPID value 2000 corresponding to such a host is updated as 2005. This applies similarly to other scenarios. By performing statistics for all the existing IPID values over a period of time, the number of existing IPID values is considered as the number of access sharing hosts.
However, in the detecting method of the prior art, the detection accuracy is not satisfactory, because the detected number of hosts is closely related to the collection of the data stream sent from each host. Once a new data stream is collected in error, a mistaken determination may occur. When the IPID values of two hosts are close to each other and the variation extent thereof is similar to each other within a period of time, a missing determination may easily arise. When there is heavy stream traffic in the detected network segment and the IPID value of the data packet sent from the same host vary greatly, a redundant determination may easily arise. Furthermore, if the stream traffic from the host is too heavy, e.g. during a Peer-to-Peer (P2P) downloading, there is a heavy burden on the collection of the streams.