Conventionally, a trespass detecting device has been proposed that includes: a data segment assembling unit which, when a packet from an external network is a communication by TCP, temporarily stores a copy of a data segment included in the packet in association with session information and, upon receiving a packet including a data segment which is the same as a data segment in the session information and which is a last data segment, assembles data segments including the same session information; and an unauthorized access analyzing unit which analyzes a received data segment or assembled data segments and, when an unauthorized access is included, discards a packet including the last received data segment (refer to Japanese Patent Application Laid-open No. 2004-179999).
In addition, a data packet inspection method has been proposed which classifies received data packets using information included in headers and contents of the data packets, decides a flow instruction for processing the packets based on both the header information and the contents, and processes the packets using the flow instruction (refer to Japanese Patent Application Laid-open No. 2008-011537).