The Terminal Access Controller Access Control System (TACACS+) is a network application protocol of Authentication, Authorization, Accounting (AAA) type, the TACACS+ supports separate authentication, authorization and accounting functions, and allows different TACACS+ security servers to work as authentication, authorization and accounting servers to achieve authentication, authorization, and accounting functions.
The functions such as access control and authentication, authorization are respectively implemented on the TACACS+ servers and the TACACS+ client device (see FIG. 1), when a user's log in or another behavior which needs to be authenticated and authorized fails, it needs to determine the cause of the failure, then it needs to track the packet of the TACACS+ session to help locate the problem. However, in actual commercial environments, a large amount of authentication, authorization, accounting TACACS+ packets exchange, tracking all the TACACS+ packets will affect the processing efficiency of the system, and artificially selecting the desired packets will cost a lot of time and energy, and is not conducive to quickly locate the problem. When a user needs to analyze a specific TACACS+ session, if the desired packet is filtered out by analyzing the content of the TACACS+ packet, the existing problem is that the response packet of the TACACS+ packet typically does not contain the required information (such as user account, IP address, port, user authority level and other information), therefore the response packet cannot be tracked, leading to that the TACACS+ session tracking result is not reliable.