1. Field of the Invention
The present invention relates to a method for recording, recovering, and replaying real traffic, and more particularly to a method comprising a recording procedure, a recovery procedure, or a selective replay procedure.
2. Related Art
In the prior art, in a recording system, a traffic recording technology is implemented through a special dedicated hardware design in combination with various software packages, so as to reduce a loss situation as much as possible. The key points of the technology are usually topics on the amount of preprocessors, the operating system, and the size of a buffer area. In addition to a technology of improving performances of software and hardware systems, a technology similar to a time machine exists, thereby saving a storage space by analyzing network traffic behaviors. In the technology, a cutoff mechanism of 10000 to 20000 bytes is used to record each network connection. It is found that the large traffic usually comes from few connections, such that on the whole, the time machine technology may completely record most of the network connection with small traffic. A cutoff value thereof is dynamically adjusted by parsing of the traffic.
However, in the technologies, a traffic recording policy is not decided and the traffic recording method is not designed from a purpose of testing “trigger/reproduce a network event”, such that currently the recording technologies and methods are not quite suitable for testing. Also, in the prior art, a large storage space is wasted to store valueless network traffic, such that a great amount of quick and real network traffic cannot be completely recorded. Further, as the great amount of quick and real network traffic cannot be handled, a record loss situation occurs.
For a technology for replaying network traffic, for example, for TCPreplay, the network traffic is replayed according to a timestamp; and for Tomahawk, a next packet is replayed after a previous packet is arrived. However, in the two technologies, the state of the network protocol is not maintained in the process that the network traffic is replayed, thus causing a problem of stateless replay.
Accordingly, several technologies capable of maintaining the state of the network protocol (referred to as stateful replay) are developed. For example, for TCPopera, when the network traffic is replayed, a rule of transmitting data according to the Transmission Control Protocol/Internet Protocol (TCP/IP) is achieved by using 4 heuristics. For Monkey, a socket is established to simulate the TCP/IP protocol and simulate network situations. For Avalanche, a trace file sample is accepted, the trace file is analyzed, and a great amount of network traffic when a plurality of users exists at the same time is simulated. In addition, in some further technologies, not only states of the network layer and the transmission layer, but also the state of the application layer can be maintained.
However, same as the traffic recording technology, in the current traffic replaying technologies, the design and the implementation are not performed from the purpose of testing “trigger/reproduce a network event”, such that the current replaying technologies and methods are not quite suitable for testing. The conventional replaying technologies and tools cannot accurately replay the network connections satisfying the network protocol according to an incomplete network packet. Further, in the prior art, the event cannot be effectively reproduced, so it is difficult to know causes of network events.