Journal of Computing
Network data restoration technology includes five basic modules: network packet capture, packet unpack, IP fragment reassembly, TCP stream aggregation, and web business extraction. In a network data restoration process, it should first parse the key field information of packets according to TCP/IP standard protocol. Then effectively restructure the IP fragment in line with the fragmentation identification and fragmentation offset in the flags field in IP protocol. And also complete the efficient aggregation of TCP flows by using SEQ and ACK fields in TCP protocol at the same time. Finally, it can extract web business from TCP stream aimed at HTTP protocol.