| 发明名称 |
METHOD FOR DETECTING A MESSAGE FROM A GROUP OF PACKETS TRANSMITTED IN A CONNECTION |
| 摘要 |
A group of packets are extracted based on data captured from packets transmitted between communication apparatuses, where each packet has an identical transmission source address or an identical transmission destination address, and is transmitted in an identical connection. First and second beginning-packet candidates, which are transmitted within the identical connection, are identified based on a time difference of capturing individual packets included in the group of packets. A message length is calculated from lengths of packets including the first beginning packet candidate, captured before capturing the second beginning-packet candidate and after capturing the first beginning-packet candidate. A position, at which a message length of a message formed by the group of packets is stored, is estimated from the first beginning-packet candidate, based on the calculated message length, and the message formed by the group of packets is detected in accordance with the message length stored at the estimated position. |
| 申请公布号 |
US2016143082(A1) |
申请公布日期 |
2016.05.19 |
| 申请号 |
US201514861236 |
申请日期 |
2015.09.22 |
| 申请人 |
FUJITSU LIMITED |
发明人 |
IWAKURA Hirokazu |
| 分类号 |
H04W76/04;H04W24/02 |
主分类号 |
H04W76/04 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A non-transitory, computer-readable recording medium having stored therein a packet analysis program for causing a computer to execute a process comprising:
extracting a group of packets, each of which has an identical transmission source address or an identical transmission destination address and is transmitted in an identical connection, based on data captured from packets transmitted between communication apparatuses; identifying a first beginning-packet candidate and a second beginning-packet candidate, which are transmitted within the identical connection, based on a time difference of timings of capturing individual packets included in the extracted group of packets; calculating a message length from packet lengths of packets including the first beginning packet candidate, captured before capturing the second beginning-packet candidate and after capturing the first beginning-packet candidate; estimating a position at which a message length of a message formed by the group of packets is stored, from the first beginning-packet candidate, based on the calculated message length; and detecting the message formed by the extracted group of packets in accordance with the message length stored at the estimated position. |
| 地址 |
Kawasaki-shi JP |
