摘要 |
PROBLEM TO BE SOLVED: To provide a network monitoring method, program and device for making it easy to specify an intrusion range due to a cyber attack.SOLUTION: The network monitoring method includes: storage processing for extracting an identifier of a transmission source computer and an identifier of a destination computer from a packet captured from a network, and for specifying an attribute parameter in a remote operation to the destination computer by the transmission source computer, and for storing records including the identifier of the transmission source computer, the identifier of the destination computer and the attribute parameter; extraction processing for extracting the attribute parameter from the records including the identifier of the transmission source computer pertinent to the identifier of a contaminated computer; search processing for searching the records including the extracted attribute parameter; and processing for specifying the identifier of the transmission source computer or the identifier of the destination computer included in the searched records.SELECTED DRAWING: Figure 17A |