A packet may be captured for some purpose, for example, for a purpose of monitoring network quality or recording an audit trail. For example, a network device (for example, a switch, a router, or the like) having two or more network ports and one or more mirror ports may be used. In this case, a packet transmitted from the network port and/or a packet received in the network port is copied so as to be output from the mirror port, and is captured in a device connected to the mirror port. In addition, instead of copying a packet through port mirroring, a method in which a signal of a packet is split in a physical layer by using a network tap may be used to capture a packet.
The captured packet may be appropriately analyzed according to a purpose. For example, through the analysis, the number of packet losses or the number of retransmissions may be detected. In addition, network quality may be judged based on the number of packet losses, the number of packet retransmissions, or the like.
For example, a certain packet analysis method is a method of analyzing communication content which is obtained as a result of monitoring or capturing a packet passing through a network. The packet analysis method is aimed at accurately identifying whether a certain packet is a packet retransmitted after packet loss or is a packet of which arrival order is reversed due to the occurrence of order inversion in the network each time a sequence of a protocol having a retransmission procedure is analyzed. The packet analysis method includes, specifically, the following processes:
(1) acquiring address information of a transmission source or destination from a packet header of a network layer;
acquiring from the packet header of the network layer an identifier in which a monotonously increasing value for each transmission is set in each piece of address information of the transmission source or the destination;
(2) searching for and acquiring an identifier corresponding to address information of a current packet from a storage unit which holds an identifier of a previous packet in correlation with the address information of the transmission source or the destination; and
(3) comparing the acquired identifier of the previous packet with the acquired identifier of the current packet and judging that “order inversion has occurred” in a case where the identifier of the current packet is smaller.
Japanese Laid-open Patent Application Publication No. 2009-182430 is an example of the related art.