1. Field of the Invention
The present invention relates to a communication apparatus having a data analysis function, a control method therefor, and a program for implementing the control method.
2. Description of the Related Art
Conventionally, there has been a method of sampling a packet flowing through a network communication channel to investigate the cause of a fault thereof when the fault occurs in a network communication device. According to the general method, a fault analyst connects a dedicated device for performing packet acquisition to a line concentrator such as a HUB and samples a packet flowing on a LAN (Local Area Network).
Further, the fault analyst uses the sampled packet to analyze the content of data in the packet sent and received by a network communication device to be investigated and determines a location at which irregular data is received or a location at which a response delay in response to the received packet occurs.
Then, in order to determine whether or not the locations caused the fault, the fault analyst investigates the cause by confirming the recurrence of the fault by sending the same packet to the network device and analyzing the source code responsible for the communication of the network device.
For such an operation of sampling and analyzing the packet, there is a packet filtering function for the purpose of securing a storage area of the packet acquisition device and reducing work load of the analysis operation. The filtering function can reduce the number of packets to be sampled and reduce the memory area for recording the sampled packets and the hard disk area for storing them for a long period of time by acquiring only the packets matching a specified condition. In addition, the number of man-hours required for the analysis can be reduced.
In general, filtering rules are often specified by the type of the network protocol. For example, a specific protocol such as the internet protocol (IP) and the address resolution protocol (ARP) can be filtered to sample packets associated with the protocol.
In addition, in each protocol, further filtering can be accomplished by using smaller factors. For example, in the IP protocol, advanced filtering can be accomplished by setting a specific DST address (destination address), a specific SRC address (source address), a specific higher layer protocol and more.
In recent years, network communication devices having a packet acquisition function have been widely used. This allows packets to be acquired without using a dedicated device for performing packet sampling. For this reason, even if packet sampling cannot be correctly performed by a dedicated device, such as in case of an environment in which a switching HUB is introduced, packet sampling can be performed.
In addition, recently, filtering specific to the usages and characteristics of the network device has been enabled. Unlike the above described filtering based on each type of the network protocol, the filtering specific to the function of the device can further improve fault analysis efficiency.
For example, conventionally, there has been a packet capturing technique capable of storing data in units of received print jobs for a network printer (see Japanese Laid-Open Patent Publication (Kokai) No. 2004-362386). According to this technique, when a fault occurs at printing via a network, only the print job in which the fault occurred can be extracted, thereby improving the analysis efficiency.
However, the above conventional packet acquisition method has a problem described below. Specifically, the above described packet capturing technique also enables the acquisition of confidential information transferred over the network. Here, typical confidential information is authentication information such as a password.
When a fault occurs in an image forming device as the network communication device, the fault analyst needs to acquire a packet transferred by the image forming device, but the packet may contain confidential information such as the password used by the individual person such as a client. In order to prevent such confidential information from leaking outside, there may be cases where the packet itself cannot be allowed to be acquired or the packet cannot be allowed to be taken outside for the analysis. In such cases, there may be a possibility that the fault analysis itself runs into trouble.