Model of data handling for in-depth analysis of network traffic

The article proposes an object model of data representation in conducting a deep analysis of network traffic. Unlike the model used by most existing network analyzers, it supports the recovery of data streams, as well as their further analysis. This increases the level of representation (according to the OSI model) of data required in the analysis of network traffic: to understand the mechanisms of interaction of network applications, you need to restore the data in the form in which these data operate applications. On the basis of the proposed model, the infrastructure for in-depth traffic analysis is implemented. The model offers a universal mechanism for linking network Protocol header parsers-there is an opportunity for independent development of parsing functions.