Patent literature discloses a network monitoring device configured to capture a packet passing through a switch by mirroring so as to monitor the state of a network.
This network monitoring device analyzes each captured packet in terms of the fourth layer (hereinafter referred to as L4) in an open systems interconnection (OSI) reference model of the International Organization for Standardization (ISO), and collects a packet related to a connection determined to be abnormal by the L4 analysis.
However, such collection of packets related to the abnormal connection requests a large amount of resources. Storing undesirable packets would be a waste of a storage region.
Related art is disclosed in Japanese Laid-open Patent Publication Nos. 2006-261804, 2015-95785, and 2015-115842.