1. Field of the Invention
The present invention relates to a network monitoring system, a network monitoring method and a network monitoring program for monitoring a communication state on a network.
2. Description of the Related Art
In recent years, mainly in a company, networks such as a LAN (Local Area Network) or a WAN (Wide Area Network) have been constructed and have become widely available. Generally, trouble always accompanies operation of the networks, so that a network monitoring system called a network analyzer for monitoring a network state has been introduced for the purpose of early detection and prevention of the trouble. The network monitoring system is disclosed in, for example, JP-A-2002-64492.
On the other hand, placing, for example, a file server on a network and sharing data in plural clients have been practiced. In the data on this file server, it is necessary to limit access or deletion and rewriting depending to the data. At this time, by the network monitoring system, data packets flowing through the network can be monitored to check which client has accessed the file server.
Here, in a conventional network monitoring system, every packet, the content of data included therein is analyzed and is displayed on a screen. As a result, in a case of storing information for explaining an action in one packet, for example, information indicating what action has been performed with respect to an action object of which client from which client, a communication state can be grasped sufficiently even in the conventional network monitoring system. However, for example, in an SMB (Server Message Block) protocol mainly developed by Microsoft Corporation, action explanation information for explaining one action is divided into a plurality of packets and is sent.
An example of a packet sequence in the SMB protocol is shown in FIG. 12. This example shows an example of a packet sequence of a case where a client makes connection to a shared folder of a server and performs an operation for rewriting a file in the folder. In FIG. 12, packet numbers are numeric characters allocated to individual packets for convenience of explanation and indicate that the packets are sent and received in ascending order. Also, “C” in FIG. 12 shows a client and “S” shows a server. It is apparent from this packet sequence that the action explanation information for explaining one action is divided into 36 packets.
Therefore, in order to grasp one action by the conventional network monitoring system in a network in which such action explanation information for explaining one action is divided into a plurality of packets, a user such as a network supervisor must analyze a communication state after an analysis result of the content of data included in the packets is displayed every packet. As a result, large labor and knowledge are required.
In the conventional network monitoring system thus, there was a problem that large labor and knowledge were required in order to monitor the network in which action explanation information for explaining one action is divided into a plurality of packets.