1. Field of the Invention
The present invention relates generally to a network monitoring system, and more particularly to such a system capable of reducing the processing load on a network monitoring apparatus. The present invention also relates to a network monitoring method therefor.
2. Description of the Background Art
Along with the popularization of telecommunications networks, such as the Internet, it becomes usual to use the technique of monitoring network traffic. For example, U.S. patent application publication No. US 2006/0171217 A1 to Ward discloses a technique for implementing the method of reducing the number of measurement systems installed for effectively monitoring a network by deframing data from lower speed lines, and reframing and multiplexing the deframed data into a stream of data carried on a higher speed line.
In the case where a filter mechanism is provided in the system configuration as described in Ward, while blocking particular packets, it is impossible to detect the behavior of traffic with a filter. Because of this, in the case of the system provided with a filter, it is difficult to effectively blocking so-called DoS (Denial of Service) attacks which disable the server computer by transmitting malicious data or disrupt the network by intentionally increasing the traffic. In such a system, when a DoS attack is done, useless traffic flows into a monitoring apparatus monitoring the network, thus making it difficult to effectively monitor the network.
Also, in the case of the technique described in Ward, although network analyzers can be unified, it is impossible to deal with overlapped IP addresses by the unified network analyzer. For example, in the case of business-oriented VPN (Virtual Private Network), a small ISP (Internet Service Provider), a regionally-oriented CATV (Community Antenna TeleVision) or the like, private IP (Internet Protocol) addresses are allocated specifically to the respective subscribers. In this case, if a monitoring apparatus is simply used, an IP address is redundantly used among the subscribers to cause an interference. When monitoring the traffic passing through the subscribers, a network analyzer, i.e. monitoring apparatus, is connected to the network path through a network tap device. However, in the case where the network analyzer cannot process packets having a redundant IP address, there is a problem that it is impossible to accurately monitor the traffic passing through subscribers.