JP2014239297A - Failure cause estimation system, failure cause estimation method, failure cause estimation device, failure cause estimation program, radio communication monitoring device, and radio communication monitoring program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it easier to solve a problem even if a connection failure is caused by reasons other than a radio wave environment.SOLUTION: A failure cause estimation system comprises: a first characteristic extraction unit for extracting, as a first characteristic, a characteristic in a first protocol in which a characteristic related to connection to a network can be obtained from a packet wirelessly communicated by an electronic apparatus; a second characteristic extraction unit 30 for extracting, as a second characteristic, a characteristic in a second protocol different from the first protocol from a packet communicated via a wireless LAN by the electronic apparatus; and an estimation unit 37 for estimating the cause of a network connection failure of the electronic apparatus on the basis of the first characteristic and the second characteristic.

Description

  The present invention relates to a failure cause estimation system, a failure cause estimation method, a failure cause estimation device, a failure cause estimation program, a wireless communication monitoring device, and a wireless communication monitoring program.

  In recent years, wireless LAN terminals equipped with wireless LAN (Local Area Network) modules premised on the IEEE 802.11a / b / g / n standard have become widespread as home information appliances. As a result, wireless LAN terminal connection troubles in the home network (hereinafter also referred to as connection troubles) have increased, and the number of inquiries has also been increasing in the remote support business. The remote support operator interviews the user regarding the inquiry about the wireless LAN connection failure. However, since the connection of the wireless LAN terminal is invisible, it is difficult to investigate the cause.

As measures against wireless LAN troubles, there are a first method of installing a system developed for a wireless LAN maintainer, a second method of using a simple analysis tool provided by a smartphone application or the like. The first method often uses a system and spectrum analyzer developed for wireless LAN maintainers, but some of them collect the same information as the spectrum analyzer using simple equipment as in Non-Patent Document 1. There are also monitoring tools for wireless LAN radio wave environment. In addition, products such as Non-Patent Document 2 that collect, analyze, and analyze wireless LAN information for large-scale areas such as offices and non-patents that install a monitor adapter in one personal computer (PC) There is a product like Document 3.
As a simple tool of the second method, a tool such as Non-Patent Document 4 is provided, and is mainly installed and used in a smartphone or a tablet terminal.

Technology for troubleshooting wireless LAN environment, NTT Technical Journal, 2008.7, P61-P62 AirMagnet WiFi Analyze, http://www.toyo.co.jp/airmagnet/d_airmagnet_lt.html USB wireless LAN protocol analyzer AirPcap, http://www.bitrieve.co.jp/products/lan_analyzer/131 WiFi Analyzer, http://a.farproc.com/wifi-analyzer

  These devices and tools are mainly used for trouble analysis based on radio wave interference. If trouble occurs, it is assumed that there is no problem other than the wireless LAN radio wave environment in advance. Is done. However, there are cases where a connection failure of a user who does not have specialized knowledge includes a connection failure in a home network environment other than a user's environment setting error or a wireless LAN radio wave environment. Since the conventional technology does not deal with connection failures that have problems other than the wireless LAN radio wave environment, it is difficult for the remote support operator to estimate the cause of the connection failure, and to solve the connection failure. There was a problem that was difficult.

  Accordingly, one aspect of the present invention has been made in view of the above problems, and a failure cause estimation system capable of improving the ease of solving even a connection failure having a problem other than the radio wave environment. It is an object of the present invention to provide a failure cause estimation method, a failure cause estimation device, a failure cause estimation program, a wireless communication monitoring device, and a wireless communication monitoring program.

  (1) According to one aspect of the present invention, a first feature extraction unit that extracts, as a first feature, a feature acquired by a protocol related to a wireless data link layer from a packet with which the electronic device communicates wirelessly, and the electronic device Based on the first feature and the second feature, a second feature extraction unit that extracts, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer from a packet communicated wirelessly, A failure cause estimation system comprising: an estimation unit that estimates a cause of a network connection failure of an electronic device.

  (2) One aspect of the present invention is the above-described failure cause estimation system, wherein the estimation unit determines which of the features included in the first feature and the second feature is acquired. A connection state detection unit that detects a connection state of the electronic device to the network; a failure cause determination unit that determines a cause of a network connection failure of the electronic device according to the connection state detected by the connection state detection unit; .

  (3) Moreover, one aspect of the present invention is the above-described failure cause estimation system, wherein the first feature extraction unit includes a subtype of a packet wirelessly communicated by the electronic device, a beacon acquisition interval, and packet transmission. Based on at least one of whether the destination is a broadcast, the packet is narrowed down, and the first feature is extracted from the narrowed packet.

  (4) One aspect of the present invention is the above-described failure cause estimation system, wherein the failure cause estimation system includes the first feature extraction unit and collects wireless communication packets of the electronic device. A failure cause estimation device including a monitoring device and the estimation unit, and the wireless communication monitoring device includes both a wireless communication unit and a wired communication unit; One feature extraction unit extracts the first feature from the packet acquired by the wireless communication unit, the wired communication unit transmits the extracted first feature to the failure cause estimation device, and the wireless communication monitoring device When only the wireless communication unit is provided, the wireless communication unit acquires a packet as a monitoring mode for a predetermined period, and the first feature extraction unit extracts the first from the packet acquired by the wireless communication unit. Accumulated by extracting symptoms, the wireless communication unit transmits the first feature stored by changing to the infrastructure mode each time the period elapsed to the failure cause estimation device.

  (5) In addition, according to one aspect of the present invention, the first feature extraction unit can acquire a feature acquired by a protocol related to a wireless data link layer from a packet with which an electronic device communicates wirelessly. A procedure for acquiring a feature as a first feature, and a procedure for a second feature extraction unit to extract, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer from a packet communicated by the electronic device. And a procedure for estimating a cause of a network connection failure of the electronic device based on the first feature and the second feature.

  (6) According to another aspect of the present invention, a feature acquired by a protocol related to a wireless data link layer is acquired as a first feature from a packet in which the electronic device communicates wirelessly, and the electronic device communicates wirelessly. An acquisition unit that acquires, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer from a packet; and a network connection failure of the electronic device based on the first feature and the second feature A failure cause estimation device comprising: an estimation unit that estimates a cause.

  (7) Further, according to one embodiment of the present invention, a feature acquired by a protocol related to a wireless data link layer is acquired as a first feature from a packet that the electronic device communicates wirelessly with a computer. An acquisition step of acquiring, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer from a packet communicated in the network, and the network of the electronic device based on the first feature and the second feature A failure cause estimation program for executing an estimation step for estimating a cause of a connection failure.

  (8) According to another aspect of the present invention, there is provided a wireless communication monitoring apparatus used in a failure cause estimation system for detecting a cause of a network connection failure of an electronic device capable of wireless communication, wherein the electronic device communicates wirelessly. A packet extraction unit that extracts a part of packets from the packet wirelessly communicated by the electronic device based on at least one of a subtype of the packet to be transmitted, a beacon acquisition interval, and whether or not the transmission destination of the packet is broadcast A wireless communication monitoring apparatus comprising: a feature extraction unit that extracts a feature in a protocol capable of acquiring a feature relating to connection to a network from the packet extracted by the packet extraction unit.

  (9) Further, according to one aspect of the present invention, there is provided a wireless communication monitoring apparatus used in a failure cause estimation system that detects a cause of a network connection failure of an electronic device capable of wireless communication. A packet extraction step of extracting a part of the packet from the packet wirelessly communicated by the electronic device based on at least one of the subtype, the beacon acquisition interval, and whether or not the transmission destination of the packet is broadcast, A wireless communication monitoring program for executing a feature extraction step of extracting a feature in a protocol capable of acquiring a feature relating to connection to a network from a packet extracted in the packet extraction step.

  According to one embodiment of the present invention, even in the case of a connection failure having a problem other than the radio wave environment, it is possible to improve the ease of solving the problem.

It is a schematic block diagram which shows the structure of the failure cause estimation system in 1st Embodiment. It is a schematic block diagram which shows the structure of the wireless LAN monitor terminal in 1st Embodiment. It is an example of the operation mode of a wireless LAN module. It is an example of the item of the characteristic collection definition file which a protocol characteristic extraction part hold | maintains. It is an example of the feature collection of the IEEE802.11 packet which the protocol feature extraction part extracted. It is an example of an initial setting item of an agent communication control part. It is a flowchart which shows an example of the flow of a process of the agent communication control part in 1st Embodiment. It is a schematic block diagram which shows the structure of the failure cause estimation apparatus in 1st Embodiment. It is a feature analysis example for every protocol obtained by passive feature extraction. It is an example of analysis for every command obtained by active feature extraction. It is a figure which shows the structure of a feature storage table. It is a figure which shows the structure of the terminal information table memorize | stored in terminal information DB, a fixed apparatus table, a main | base station information table, and a subunit | mobile_unit information table. It is a figure for demonstrating the process of an estimation part. It is a figure which shows an example of the check item and error message for every state number. It is an example of a transition of the screen displayed on an operator operation terminal. It is an example of the terminal information list screen M1. It is an example of the wireless LAN connection information screen M2. The failure cause determination unit is an example of setting items described in an initial setting file. It is an example of the flowchart explaining the production | generation process of the screen displayed on an operator operation terminal. It is a flowchart which shows an example of the flow of a process of the estimation part in the case of terminal information list screen preparation. It is an example of the item of the whole error check which a failure cause determination part performs before producing | generating a terminal information list screen. It is an example of the item of the individual error check which a failure cause determination part performs before producing | generating a terminal information list screen. It is an example of setting items described in an initial setting file read by a connection state detection unit during wireless LAN radio wave environment monitoring processing. It is a flowchart which shows an example of the flow of the wireless LAN electromagnetic wave environment monitoring process in step S301 of FIG. FIG. 25 is a flowchart showing an example of a master device information table creation process in step S404 of FIG. 24. FIG. It is a flowchart which shows an example of the production | generation process of the subunit | mobile_unit information table of step S405 of FIG. It is a flowchart which shows an example of the search process of the final state of step S608 of FIG. It is an example of the list | wrist of the error check which a failure cause determination part performs. It is a flowchart which shows an example of the flow of a process of the estimation part at the time of creating a wireless LAN connection terminal information screen. It is a schematic block diagram which shows the structure of the failure cause estimation system in the modification of 1st Embodiment. It is a schematic block diagram which shows the structure of the feature extraction apparatus in the modification of 1st Embodiment. It is a schematic block diagram which shows the structure of the failure cause estimation apparatus in the modification of 1st Embodiment. It is a schematic block diagram which shows the structure of the failure cause estimation system in 2nd Embodiment. It is a schematic block diagram which shows the structure of the failure cause estimation apparatus in 2nd Embodiment. It is a list of failure causes that can be estimated by the failure cause estimation system of the first embodiment and the failure cause estimation system of the second embodiment.

<First Embodiment>
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a schematic block diagram showing a configuration of a failure cause estimation system 1 in the first embodiment. The failure cause estimation system 1 is installed in a house 10 as an example, and is an electronic device among electronic devices 4-1,..., 4-N (N is an integer of 1 or more) connected to a home network as an example. The cause of the wireless connection failure of the device 4-i (i can be an integer from 1 to N) is detected. Each of the electronic devices 4-1,..., 4-N may be connected to the home network by wire, or may be connected to the home network by radio. However, the electronic device 4-i that is a target for detecting the cause of the wireless connection failure is an electronic device that is equipped with a wireless LAN module and can communicate with the wireless LAN. The electronic devices 4-1,..., 4-N are collectively referred to as an electronic device 4 hereinafter. The electronic device 4 is, for example, a network home appliance, a tablet terminal, a multi-function mobile phone (so-called smartphone), or a notebook computer.

  The failure cause estimation system 1 includes a wireless LAN monitor terminal (wireless communication monitoring device) 2 and a failure cause estimation device 3. The wireless LAN monitor terminal 2 collects packets (hereinafter referred to as wireless LAN packets) transmitted by the electronic device 4 via a wireless LAN, extracts features from the collected wireless LAN packets, and uses the extracted features as wireless feature information to cause a failure. Transmit to the estimation device 3. In the present embodiment, as an example, it is assumed that the wireless LAN monitor terminal 2 operates an electronic device having a wireless LAN function that is not currently used in a home and operates in the wireless LAN monitor mode. Thereby, the introduction cost of the failure cause estimation system 1 can be reduced.

  The failure cause estimation device 3 has, as an example, a broadband router function that connects a WAN (Wide Area Network) 5 and a home network, and a wireless LAN access point function. Further, the failure cause estimation device 3 is, for example, a home gateway (HGW) that extracts characteristics of a wireless LAN terminal (for example, network home appliance) 4 connected to the home network from various protocols in the home network. The failure cause estimation device 3 estimates the cause of the wireless LAN connection failure of the electronic device 4 based on the wireless feature information extracted by the wireless communication monitoring device 2 and the features extracted from the protocol other than the wireless LAN protocol. . The failure cause estimation device 3 transmits information obtained by estimation to the operator operation terminal 6 via the WAN 5 in accordance with a request from the operator operation terminal 6.

  The operator operation terminal 6 is a terminal device operated by an operator such as a call center. The operator operation terminal 6 requests the failure cause estimation device 3 for information obtained by the failure cause estimation device 3.

FIG. 2 is a schematic block diagram showing the configuration of the wireless LAN monitor terminal 2 in the first embodiment. The wireless LAN monitor terminal 2 includes a packet collection unit 21, a packet distribution unit 22, a wireless LAN feature extraction unit 23, an agent communication control unit 24, and a wireless module mode control unit 25.
The packet collection unit 21 collects (captures) wireless LAN packets from transmission signals transmitted from all the electronic devices 4. For example, the packet collection unit 21 captures a wireless LAN packet using an open source tool (for example, jpcap) that captures the packet. Note that the packet collection unit 21 may use other packet capture tools, or the packet capture tools may be bundled. The packet collection unit 21 transmits the collected wireless LAN packet to the packet distribution unit 22.
Note that when the packet collection unit 21 receives a transmission signal in the monitor mode, a large amount of packets fly, so that packet loss is likely to occur in wireless LAN packets.

The packet distribution unit 22 distributes the wireless LAN packet captured by the packet collection unit 21. Here, the packet distribution unit 22 includes a packet capture control unit 221 and a packet capture service unit 222.
The packet capture control unit 221 inquires of the packet capture service unit 222 whether or not the packet captured by the packet collection unit 21 is an analysis target protocol, and if it is an analysis target protocol, the corresponding protocol feature of the wireless LAN feature extraction unit 23 The wireless LAN packet is output to the extraction unit (first feature extraction unit) 23i (i is an integer from 1 to N).
The packet capture service unit 222 holds the definition of the condition of the protocol to be analyzed, refers to the stored definition in response to the inquiry from the packet capture control unit 221, and distributes the wireless LAN packet to the wireless LAN feature extraction unit 23 The previous protocol feature extraction unit 23i is notified.

The wireless LAN feature extraction unit 23 extracts features in the wireless LAN from the packet extracted by the packet distribution unit 22. Here, the wireless LAN feature extraction unit 23 includes N protocol feature extraction units 23i up to protocol feature extraction units 231,. The protocol feature extraction unit 23i is a plurality of distribution destinations to which the packet capture control unit 221 distributes wireless LAN packets.
The protocol feature extraction unit 23i serves as a packet extraction unit based on at least one of a subtype of a packet with which the electronic device 4 communicates with a wireless LAN, a beacon acquisition interval, and whether the transmission destination of the packet is broadcast. Some packets are extracted from the packets with which the electronic device 4 communicates wirelessly.

  As a feature extraction unit, the protocol feature extraction unit 23i analyzes, for example, an IEEE802.11 protocol packet among the extracted packets, and extracts information according to the specification of the initial setting file. More specifically, each protocol feature extraction unit 23i extracts packet features in different IEEE standard protocols such as IEEE802.11g / IEEE802.11n as an example. Note that the protocol feature extraction unit 23i may extract packet features in a user authentication protocol such as IEEE802.1x. The wireless LAN feature extraction unit 23 outputs the extracted features to the agent communication control unit 24 as wireless feature information.

As an example, the agent communication control unit 24 holds in advance an initial setting file in which information on the interface of the installed network (for example, the presence or absence of a wired interface) is described, and the wireless LAN monitor terminal 2 holds an initial setting file. Start up with
The agent communication control unit 24 switches between the “wired and wireless simultaneous use mode” and the “wireless switching use mode” according to the installed communication interface. The agent communication control unit 24 switches to the “wired and wireless simultaneous use mode” when both the wired interface and the wireless interface are installed, and switches to “wireless switching use mode” when only the wireless interface is installed. .

  In the case of the “wired and wireless simultaneous use mode”, the agent communication control unit 24 sets the wireless interface to the monitor mode. The agent communication control unit 24 is connected to the manager communication control unit via a wired interface, and transmits the feature extracted by the wireless feature information analysis function such as IEEE802.11 to the manager communication control unit 33 described later of the failure cause estimation device 3.

  In the “wireless switching use mode”, the agent communication control unit 24 switches the wireless interface between the monitor mode and the infrastructure mode in accordance with the cycle specified in the initial setting file. The agent communication control unit 24 accumulates the wireless feature information extracted by the protocol feature extraction unit 23i during execution of the monitor mode. The agent communication control unit 24 is connected to a manager communication control unit 33 (to be described later) of the failure cause estimation device 3 when executing the infrastructure mode, and transmits the accumulated wireless feature information to the manager communication control unit 33.

  The wireless module mode control unit 25 changes the operation mode of the wireless LAN module including the built-in one. The wireless module mode control unit 25 changes to the infrastructure mode or the monitor mode in accordance with an instruction from the agent communication control unit 24.

  FIG. 3 is an example of an operation mode of the wireless LAN module. This example is an operation mode in which an iwconfig command included in a Wireless-tools package of Linux (registered trademark) is taken as an example. In the figure, an operation mode, an outline thereof, and designated parameters at the time of executing the iwconfig command are shown.

  An example of processing for operating an electronic device having a wireless LAN function that is not currently used as a wireless LAN monitor terminal 2 in the home will be described. Usually, an electronic device having a wireless LAN function is in an infrastructure mode for connecting to an access point (hereinafter also referred to as an AP). Therefore, the wireless device can be operated as the wireless LAN monitor terminal 2 by changing the mode to the monitor mode. . Thereby, the wireless LAN monitor terminal 2 can collect wireless LAN packets. When the wireless LAN monitor terminal 2 collects wireless LAN packets using the monitor mode, the wireless LAN monitor terminal 2 can acquire information on all APs existing in a receivable range and information on the electronic device 4 that is to be connected to the AP. By this. The wireless LAN monitor terminal 2 can detect a connection failure due to radio wave intensity, a trouble due to AP channel contention, a connection destination AP error of the wireless LAN terminal, and the like.

  Wireless communication for allowing a user to set an electronic device having a wireless LAN function in the home as the wireless LAN monitor terminal 2 so that the electronic device having the wireless LAN function functions as each part of the wireless LAN monitor terminal 2 described above, for example. A monitoring program is installed. The wireless communication monitoring program may be installed by the user himself, or may be distributed in a state in which the wireless communication monitoring program is incorporated in advance in the Linux (registered trademark) live distribution environment.

  Next, details of the processing of the protocol feature extraction unit 23i will be described. When the wireless LAN monitor terminal 2 receives a wireless LAN packet that flows through communication using a wireless LAN, necessary information is collected from the wireless LAN packets received in large quantities. For example, the number of beacon packets transmitted by the access point is generally a model that is transmitted every 0.5 seconds, and 120 packets are transmitted in one minute for one beacon reception. There are also models of wireless LAN terminals that transmit a large amount of “Probe Request” packets. Since wireless LAN packet capture collects not only the home network but also terminal information of adjacent environments, it is expected that a huge amount of packets will be received, especially in the case of densely populated addresses such as apartment houses. If the huge number of packets are notified to the failure cause estimation device 3 as they are, a delay occurs due to excessive traffic on the home network, and the failure cause estimation device 3 is overloaded to analyze a large number of packets. Other functions may be affected. For this reason, in the present embodiment, the wireless LAN monitor terminal 2 extracts features necessary for failure analysis and notifies the failure cause estimation device 3 of minimum information.

The protocol feature extraction unit 23i holds a feature collection definition file in which the conditions of a packet to be extracted are defined.
FIG. 4 is an example of items in the feature collection definition file held by the protocol feature extraction unit 23i. In the figure, an item name and an outline of the item are shown.
For example, the protocol feature extraction unit 23i refers to each item indicating the conditions defined in the feature collection definition file, narrows down the wireless LAN packet, and outputs the narrowed down packet to the corresponding protocol feature extraction unit 23i.

<Details of processing of protocol feature extraction unit 23i>
Next, details of the processing of the protocol feature extraction unit 23i will be described. FIG. 5 is an example of feature collection of IEEE 802.11 packets extracted by the protocol feature extraction unit 23i. In the same figure, a set of examples of a subtype name, a type / subtype value, an acquisition parameter, a feature name, and a feature value is shown. The subtype name is a name of the subtype. “Type / subtype value” represents the first bit value included in the packet, the first “0x” represents a hexadecimal number, the number after “0x” represents the type number, and the next number Represents the subtype number. In the figure, only a type 0 example representing a control system used for wireless communication connection is shown. An acquisition parameter is a parameter acquired in the corresponding subtype. The feature name is the feature name of the corresponding acquisition parameter. For example, when the acquisition parameter is “Destination address”, the corresponding feature name is “80211_AssociationReq_DistAdr”. In addition, examples of feature values are shown for each feature name.

  In the present embodiment, as an example, the protocol feature extraction unit 23i detects the features of each subtype of type 0 shown in FIG. The protocol feature extraction unit 23 i stores “type / subtype value” and index information such as a bit position in association with each subtype. The protocol feature extraction unit 23i refers to the stored information and acquires a set of feature name and feature value for each acquisition parameter of each subtype from the wireless LAN packet.

  Further, the protocol feature extraction unit 23i acquires the transmission source MAC address of the packet. Then, the protocol feature extraction unit 23 i outputs to the agent communication control unit 24. The wireless feature information including the packet source MAC address, feature name, and feature value pair is transmitted to the failure cause estimating apparatus 3. As a result, the failure cause estimation device 3 to be described later can store a packet source MAC address, a feature name, and a feature value pair in the feature storage table of the feature storage DB (database) 35 held by itself. The feature accumulation table further includes an IP address item, but since there is no IP address in the IEEE 802.11 packet, the failure cause estimation device 3 sets the IP address of the feature accumulation table to a blank.

FIG. 6 is an example of initial setting items of the agent communication control unit 24. In the same figure, a table T4 showing a set of an item, the content of the item, and a registration example is shown. In the example shown in the figure, the presence / absence of the wired interface is described in the initial setting file. However, the agent communication control unit 24 may determine the presence / absence of the wired interface using a system command. Further, regarding the presence / absence of the wired interface based on the initial setting file, the agent communication control unit 24 may acquire the presence / absence of the wired interface by displaying a confirmation message at the time of activation and obtaining a user input.
For example, the agent communication control unit 24 holds in advance an initial setting file in which a set of an item in the initial setting item in FIG. 6 and a value of the item is described. The agent communication control unit 24 reads an initial setting file held, for example, at startup.

FIG. 7 is a flowchart illustrating an example of a processing flow of the agent communication control unit 24 in the first embodiment.
(Step S101) First, the agent communication control unit 24 reads an initial setting file.
(Step S102) Next, the agent communication control unit 24 refers to the value of the item “presence / absence of wired interface” of the initial setting file to determine whether or not a wired interface is installed in the terminal itself. If a wired interface is installed (YES), the process proceeds to step S103. On the other hand, if the wired interface is not installed (NO), the process proceeds to step S110.

(Step S103) Next, the agent communication control unit 24 sets the wireless interface to the monitor mode.
(Step S104) Next, the agent communication control unit 24 is connected to the manager communication control unit 33 of the failure cause estimating apparatus 3.
(Step S105) Next, the agent communication control unit 24 determines whether there is feature extraction data. If there is feature extraction data (YES), the agent communication control unit 24 proceeds to step S106. If there is no feature extraction data (NO), the agent communication control unit 24 returns to step S108.

(Step S106) Next, the agent communication control unit 24 converts the feature extraction data into a predetermined object format.
(Step S107) Next, the agent communication control unit 24 transmits the wireless characteristic information obtained by the conversion to the manager communication control unit 33 of the failure cause estimating device 3.
(Step S108) Next, the agent communication control unit 24 determines whether or not the input unit 38 has received an end instruction from the user. If an end instruction is accepted (YES), the process proceeds to step S109. If an end instruction has not been received (NO), the process returns to step S105.

(Step S109) Next, the agent communication control unit 24 disconnects the connection with the manager communication control unit 33 of the failure cause estimating apparatus 3.
(Step S110) The agent communication control unit 24 sets the wireless interface to the monitor mode.
(Step S111) Next, the agent communication control unit 24 determines whether there is feature extraction data. If there is feature extraction data (YES), the agent communication control unit 24 proceeds to step S112. If there is no feature extraction data (NO), the agent communication control unit 24 proceeds to step S113.

(Step S112) Next, the agent communication control unit 24 adds the feature extraction data to the feature extraction data list.
(Step S113) Next, the agent communication control unit 24 determines whether or not the period time acquired by reading the initial setting file has elapsed. When the cycle time has elapsed (YES), the agent communication control unit 24 proceeds to step S114. If the cycle time has not elapsed (NO), the agent communication control unit 24 returns to step S111.
(Step S114) Next, the agent communication control unit 24 sets the wireless interface to the infrastructure mode.

(Step S115) Next, the agent communication control unit 24 connects to the manager communication control unit 33 of the failure cause estimating apparatus 3.
(Step S116) Next, the agent communication control unit 24 executes the processes of Step S117 and Step S118 for each of the feature extraction data included in the feature extraction data list.
(Step S117) The agent communication control unit 24 converts the feature extraction data into a predetermined object format.

(Step S118) The agent communication control unit 24 transmits the wireless feature information obtained by the conversion in step S117 to the manager communication control unit 33 of the failure cause estimating device 3.
(Step S119) Next, the agent communication control unit 24 cuts off the connection with the manager communication control unit 33 of the failure cause estimating apparatus 3.
(Step S120) Next, the agent communication control unit 24 determines whether or not the input unit 38 has received an end instruction from the user. If an end instruction has been received (YES), the processing of this flowchart ends. If an end instruction has not been received (NO), the process returns to step S110.
Note that the setting of the wireless interface by the agent communication control unit 24 may be executed by, for example, a wireless module mode control tool configured by a command for changing the mode of the wireless module for each OS (Operating System).

FIG. 8 is a schematic block diagram illustrating a configuration of the failure cause estimation device 3 according to the first embodiment. The failure cause estimation device 3 includes a second feature extraction unit 30, a manager communication control unit 33, a DB control unit 34, a feature storage DB 35, a terminal information DB 36, an estimation unit 37, and an input unit 38. Here, the estimation unit 37 includes a connection state detection unit 371 and a failure cause determination unit 372.
The input unit 38 receives information related to each device connected to the home network input by the user. Here, the information regarding a device is, for example, the MAC address, category, manufacturer name, model name, and model number of the device. The input unit 38 stores the received information as confirmed device information in the confirmed device table of the terminal information DB 36 via the DB control unit 34.
The second feature extraction unit 30 extracts, as a second feature, a feature in a protocol other than the wireless LAN extracted by the wireless LAN monitor terminal 2 from a packet with which the electronic device 4 communicates with the wireless LAN. Here, the second feature extraction unit 30 includes a passive feature extraction unit 31 and an active feature extraction unit 32.

  The passive feature extraction unit 31 captures a packet transmitted by the electronic device 4 connected to the home network via a wireless LAN, analyzes the protocol for each protocol, and extracts a feature. As a result, the failure cause estimation device 3 utilizes the extracted features in the protocol other than the wireless LAN as auxiliary information for grasping the state of the wireless LAN with a large packet loss, and other than the wireless LAN radio wave environment. Can be used as trouble analysis information.

Here, the passive feature extraction unit 31 includes a packet collection unit 311, a packet distribution unit 312, and a feature analysis unit 313. In addition, the feature analysis unit 313 includes N feature extraction units 313i including feature extraction units 3131 to 313N.
The packet collection unit 311 captures packets in the network layer and higher from transmission signals transmitted from all the electronic devices 4.
The packet distribution unit 312 distributes the packets captured by the packet collection unit 311. Here, the packet distribution unit 312 includes a packet capture control unit 3121 and a packet capture service unit 3122.

The packet capture control unit 3121 inquires of the packet capture service unit 3122 whether the packet captured by the packet collection unit 311 is an analysis target protocol. If the packet capture control unit 3121 is an analysis target protocol, the packet capture control unit 3121 acquires information indicating the feature extraction unit 313i that is a packet distribution destination, and outputs the wireless LAN packet to the feature extraction unit 313i indicated by the acquired information.
The packet capture service unit 3122 holds the definition of the condition of the protocol to be analyzed, refers to the held definition according to the inquiry from the packet capture control unit 3121, and extracts the feature that is the distribution destination to the packet capture control unit 3121 Information indicating the unit 313i is notified.

  The feature extraction unit 313i extracts the features of packets having different protocols between the feature extraction units 3131 to 313N. For example, the feature extraction unit 313i extracts a feature in DHCP using a protocol feature analysis bundle of DHCP, and the other feature extraction unit 313j (j is an integer from 1 to N and is an integer different from i) is The features in NetBIOS are extracted using the NetBIOS protocol feature analysis bundle.

  FIG. 9 is an example of feature analysis for each protocol obtained by passive feature extraction. In the figure, an example T5 of the name of the protocol feature analysis bundle, the processing outline, and the data and the set registered in the feature storage table of the feature storage DB 35 is shown. As data registered in the feature accumulation table, a set of a MAC address, an IP address, a feature name, and a feature value is shown. As shown in the figure, the feature extraction unit 313i uses, for example, a protocol feature analysis bundle to extract the features in the protocol by the process shown in the process outline of the figure, and obtains the MAC address and IP address obtained by the extraction. The combination of the feature name and the feature value is stored in the feature accumulation table of the feature accumulation DB 35 via the DB control unit 34.

  Returning to FIG. 8, the active feature extraction unit 32 transmits a command to the electronic device 4 connected to the home network, analyzes the response packet, and extracts the feature. The active feature extraction unit 32 executes this function for each command. As a result, the failure cause estimating device 3 can use the feature obtained by the active feature extraction in a state (for example, for dealing with troubles other than wireless LAN connection mainly in addition to grasping the network (NW) connection status based on the ARP response (for example, It can be used to detect whether there is a setting change or a change in network status.

  FIG. 10 is an analysis example for each command obtained by active feature extraction. In the figure, an active feature extraction method, an outline of processing, and an example T6 of a set of data registered in the feature storage table of the feature storage DB 35 are shown. A set of a MAC address, an IP address, a feature name, and a feature value is shown as data registered in the feature accumulation table. As shown in the figure, the active feature extraction unit 32 extracts a feature by the process shown in the process outline of the figure, for example, and sets the MAC address, IP address, feature name, and feature value obtained by the extraction. And stored in the feature storage table of the feature storage DB 35 via the DB control unit 34.

Returning to FIG. 8, the manager communication control unit 33 receives the wireless feature information from the agent communication control unit 24 of the wireless LAN monitor terminal 2, and causes the DB control unit 34 to register the wireless feature information in the feature storage DB 35.
The DB control unit 34 performs registration, reference, deletion, and update in the feature storage DB 35 and the terminal information DB 36, and accesses the feature storage DB 35 or the terminal information DB 36 according to requests from each unit.

The feature accumulation DB 35 is a database that accumulates the features extracted by the passive feature extraction unit 31 and the features extracted by the active feature extraction unit 32. The feature accumulation DB 35 holds a feature accumulation table.
FIG. 11 is a diagram illustrating a configuration of the feature accumulation table. As shown in the figure, the feature accumulation table T351 includes, for example, a set of a MAC address, an IP address, a feature name, a feature value, and a recording date and time.

  Returning to FIG. 8, the terminal information DB 36 is a database for managing the state of the home device, and holds a terminal information table, a confirmed device table, a parent device information table, and a child device information table. The terminal information table is a table for the purpose of managing the connection state of the home terminal. The confirmed device table is a table for registering user devices. The parent device information table is a table in which the latest information about the wireless LAN parent device is registered. The slave unit information table is a table in which the latest information regarding the slave unit of the wireless LAN is registered.

  FIG. 12 is a diagram showing a configuration of a terminal information table T361, a confirmed device table T362, a parent device information table T363, and a child device information table T364 stored in the terminal information DB 36.

  The terminal information table T361 is associated with the MAC addresses, IP addresses, and connection states of the electronic devices 4-1, ..., 4-N connected to the home network. For example, the active feature extraction unit 32 generates a new record in the terminal information table when there is an ARP response through the DB control unit 34 and there is no corresponding MAC address in the terminal information table. For example, the active feature extraction unit 32 transmits an ARP command to the IP address registered in the terminal information table via the DB control unit 34, and updates the connection state according to the response. The connection state is “ON” when there is an ARP response, and “OFF” when there is no ARP response. The terminal information table T361 is mainly updated by the ARP transmission function of the active feature extraction unit 32.

  The confirmed device table T362 is associated with the MAC address of the electronic device 4, the category of the electronic device 4, the manufacturer name of the electronic device 4, the model name of the electronic device 4, and the model number of the electronic device 4. The category can take, for example, a television, a recorder, or a communication device. Each information of the fixed device table may be registered by the user from the browser, and may be registered whenever the remote support operator responds, and the failure cause estimation device 3 identifies the device using, for example, the second feature, You may register using the information obtained by apparatus identification.

  The parent device information table T363 associates the MAC address of the parent device, the SSID (Service Set Identifier) of the parent device, the channel used by the parent device, and the wireless signal strength of the parent device. The connection state detection unit 371 extracts beacon features from the feature storage table of the feature storage DB 35 in response to a request, and creates a record when a MAC address that does not exist in the parent device information table is detected. The connection state detection unit 371 updates the latest information on the SSID, channel, and signal strength.

The slave unit information table T364 is associated with the slave unit MAC address, the radio signal strength of the slave unit, the master unit MAC address of the master unit to which the slave unit is connected, the final state number, and the “Status / Reason Code”. ing. The final state number is identification information for identifying the connection state of the corresponding slave unit. In this embodiment, the state number is used as an example of the identification information. Status / Reason Code is a reason code or status code associated with the feature.
The connection state detection unit 371 extracts the feature of “Probe Request” or “Probe Response” from the feature accumulation table of the feature accumulation DB 35 and creates a record when a MAC address that does not exist in the child device information table is detected. At that time, the connection state detection unit 371 registers the transmission destination MAC address of “Probe Request” or the transmission source MAC address of “Probe Response” in the parent machine MAC address. At that time, the connection state detection unit 371 updates the latest information on the signal strength and the final state number. The status / reason code is registered by the connection status detection unit 371 when there is a feature with a reason code / status code.

Returning to FIG. 8, the estimation unit 37 determines the cause of the network connection failure of the electronic device 4 based on the first feature extracted by the wireless LAN feature extraction unit 23 and the second feature extracted by the second feature extraction unit 30. presume.
The connection state detection unit 371 detects a connection state to the network depending on which of the features included in the first feature and the second feature is acquired. Details of the processing will be described later. The connection state detection unit 371 outputs a state number for identifying the detected connection state to the failure cause determination unit 372.
The failure cause determination unit 372 determines the cause of the network connection failure of the electronic device 4 according to the connection state detected by the connection state detection unit 371. Also, the failure cause determination unit 372 creates an HTML document to be displayed on the operator operation terminal 6 and transmits the created HTML document to the operator operation terminal 6.

<Details of processing of estimation unit 37>
Next, details of the processing of the estimation unit 37 will be described with reference to FIG. FIG. 13 is a diagram for explaining the processing of the estimation unit 37. FIG. 13 is an example of state management using the IEEE 802.11 protocol and a protocol higher than the network layer. In the figure, there is shown a table T7 indicating a set of a final state number and a feature corresponding to the state number. An ARP response, Probe request, Probe response, DHCP (request), DHCP (reply), and other protocols (eg, TCP, IPv6, SSL) are likely to be acquired. On the other hand, Authentication (request), Authentication (reply), Association (request), Reassociation (request), Association (reply), and Reassociation (response) are arranged in the order of execution in the wireless connection sequence. These characteristics are related to wireless connection, and packet loss is likely to occur at the time of packet capture. In addition, Deauthentication and Disassociation are features related to wireless disconnection, and packet loss is likely to occur during packet capture.

On the right side of the figure, a state transition diagram for searching for a connection state of the connection state detection unit 371 is shown. Here, the numbers surrounded by circles are state numbers. In this example, the processing of the connection state detection unit 371 will be described. First, the connection state detection unit 371 starts the connection state detection process from the state number “0”.
(Status number “0”) First, the connection status detection unit 371 determines whether or not there is an ARP response with status number “0”, for example. At this time, the connection state detection unit 371 may determine whether there is an ARP response by causing the active feature extraction unit 32 to transmit an ARP command to the electronic device 4 to confirm the ARP response. When there is no ARP response (no 0), the state number is changed to “10”. On the other hand, when there is an ARP response (there is 0), transition is made to the state number “9”.

  (State number “10”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number 10 of the table T7 is obtained. When the feature corresponding to the state number 10 is obtained, the connection state detection unit 371 determines the final state number as “10”. Then, the failure cause determining unit 372 determines an error message corresponding to the final state number “10”. When the feature corresponding to the state number 10 is not obtained, the connection state detection unit 371 transits to “state 9”.

  (State number “9”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number 9 and a feature corresponding to the state number 10 in the table T7 are obtained. When both features are obtained, the connection state detection unit 371 determines the final state number as “9”. Then, the failure cause determination unit 372 determines an error message corresponding to the final state number “9”. If any one of the features is not obtained, the connection state detection unit 371 transits to “state 7”.

  (State number “7”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “7” in the table T7 is obtained. When the feature corresponding to the state number “7” is obtained, the connection state detection unit 371 transits to the state number “8”. On the other hand, when the feature corresponding to the state number “7” is not obtained, the connection state detection unit 371 transits to the state number “6”.

  (State number “8”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “8” in the table T7 is obtained. When the feature corresponding to the state number “8” is obtained, the connection state detection unit 371 determines the final state number as “8”. Then, the failure cause determination unit 372 determines an error message corresponding to the final state number “8”. On the other hand, when the feature corresponding to the state number “8” is not obtained, that is, when the response (IP address issuance) to the DHCP request (IP address request) is not obtained, the state without the state number 8 (ie, Therefore, an error message corresponding to the state number “8” is determined.

  (State number “6”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “6” in the table T7 is obtained. When the feature corresponding to the state number “6” is obtained, the connection state detection unit 371 determines the final state number as “6”. Then, the failure cause determination unit 372 determines an error message corresponding to the final state number “6”. On the other hand, when the feature corresponding to the state number “6” is not obtained, the connection state detection unit 371 transits to the state number “5”.

  (State number “5”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “5” in the table T7 is obtained. When the feature corresponding to the state number “5” is obtained, the connection state detection unit 371 transits to the state number “6” and determines an error message corresponding to the state number “6”. On the other hand, when the feature corresponding to the state number “5” is not obtained, the connection state detection unit 371 transits to the state number “4”.

  (State number “4”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “4” in the table T7 is obtained. When the feature corresponding to the state number “4” is obtained, the connection state detection unit 371 determines the final state number as “4”. Then, the failure cause determination unit 372 determines an error message corresponding to the final state number “4”. On the other hand, when the feature corresponding to the state number “4” is not obtained, the connection state detection unit 371 transits to the state number “3”.

  (State number “3”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “3” in the table T7 is obtained. When the feature corresponding to the state number “3” is obtained, the connection state detecting unit 371 transits to the state number “4” and determines an error message corresponding to the state number “4”. On the other hand, when the feature corresponding to the state number “3” is not obtained, the connection state detection unit 371 transits to the state number “2”.

  (State number “2”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “2” in the table T7 is obtained. When the feature corresponding to the state number “2” is obtained, the connection state detection unit 371 determines the final state number as “2”. Then, the failure cause determining unit 372 determines an error message corresponding to the final state number “2”.

(State number “1”) The connection state detection unit 371 checks whether or not a feature corresponding to the state number “1:” in the table T7 is obtained. A feature corresponding to the state number “1” is obtained. In this case, the connection state detection unit 371 determines the final state number as “1”. Then, the failure cause determining unit 372 determines an error message corresponding to the final state number “1”.
In addition, since the subunit | mobile_unit which implements the process of the estimation part 37 is a subunit | mobile_unit detected by the flowchart of FIG. 26 mentioned later, it is assumed that the characteristic of state number 1 or state number 2 exists by all means. The state number does not change from “1” or “2” to “0”.

  The connection state detection unit 371 accumulates features from the feature accumulation table T351 for each MAC address registered in the child device information table T364, and searches for and acquires the presence / absence of features corresponding to the state numbers. In this way, the features acquired by the protocol related to the wireless data link layer and the features (features extracted by passive feature extraction, features extracted by active feature extraction) acquired by the protocol higher than the data link layer are integrated. Then, the state management error width can be minimized by rearranging the features in time series for each MAC address from the stored feature accumulation table.

  Then, the connection state detection unit 371 of the estimation unit 37 uses the state transition diagram shown in FIG. 13 to display the characteristics acquired by the protocol related to the wireless data link layer and the data link layer that is less likely to cause packet loss. By referring to the feature acquired by the layer protocol, the state number indicating the current connection state of the target electronic device (for example, the electronic device 4) is acquired. When the failure cause determination unit 372 of the estimation unit 37 creates the wireless LAN connection terminal information screen, the failure cause determination unit 372 executes an error check according to the state number acquired by the connection state detection unit 371 and determines a message. As a result, even if the packet loss occurs and the feature acquired by the protocol related to the data link layer cannot be acquired, the estimation unit 37 can detect the error portion of the closest connection state, so only the error check corresponding to the state number can be detected. What is necessary is just to perform, and processing time can be shortened.

<Details of processing of failure cause determination unit 372>
Next, an example of details of the processing of the failure cause determination unit 372 will be described with reference to FIG. FIG. 14 is a diagram illustrating an example of check items and error messages for each state number. FIG. 14 shows a set of a final state number, a final code other than ARP, a check item when a defined feature exists, and an error message. The final code is a command requested or returned by the electronic device 4 last. The failure cause determination unit 372 holds the table T8 of FIG. 14 as an example.

As shown in FIG. 14, the failure cause determination unit 372 associates the final state number, the final code at the final state number, and the check items executed by the failure cause determination unit 372 at the final state number. Hold in advance. Further, the failure cause determination unit 372 associates and holds the check item and the error message generated by the failure cause determination unit 372 corresponding to the check item.
Thereby, for example, the failure cause determination unit 372 refers to the check item corresponding to the final state number acquired by the connection state detection unit 371 and executes the referenced check item. When the check item is “status code confirmation”, for example, the connection status detection unit 371 extracts the status code of the final code corresponding to the final status number, and generates an error message corresponding to the extracted status code. . Specifically, in the example of FIG. 14, when the state number is 6, the connection state detection unit 371 extracts an association (return) or reassociation (response) state code corresponding to the final state number 6, and the state code is temporarily If it is 13, an error message “13: An unsupported authentication algorithm error has occurred in the wireless association” is generated.

  When the check item is “reason code confirmation”, for example, the connection state detection unit 371 extracts the reason code of the last code corresponding to the state number, and generates an error message corresponding to the extracted reason code. Specifically, in the example of FIG. 14, when the final state number is 10, the connection state detection unit 371 extracts the Deauthentication or Disassociation state code corresponding to the final state number 6, and the reason code is 10 , “10: Requested bandwidth is not supported” is generated.

  FIG. 15 is a transition example of screens displayed on the operator operation terminal 6. This figure shows an example of an output screen comprising a terminal information list screen M1 that displays a list of wireless LAN terminals and a wireless LAN connection information screen M2 that displays connection information of the selected wireless LAN terminal. If the operator left-clicks the mouse when the cursor is on the wireless button displayed on the terminal information list screen M1, the failure cause determination unit 372 causes the wireless LAN connection information screen M2 to transition. At that time, the failure cause determination unit 372 generates HTML text for generating the wireless LAN connection information screen M2, and transmits the generated HTML text to the operator operation terminal 6 via the WAN 15. Thereby, the operator operation terminal 6 can display the wireless LAN connection information screen M2.

  In addition, when the operator left-clicks the mouse when the cursor is on the terminal information list link on the wireless LAN connection information screen M2, the failure cause determination unit 372 makes a transition to the terminal information list screen M1. At that time, the failure cause determination unit 372 generates an HTML sentence for generating the terminal information list screen M1, and transmits the generated HTML sentence to the operator operation terminal 6 via the WAN 15. Thereby, the operator operation terminal 6 can display the terminal information list screen M1.

  FIG. 16 is an example of the terminal information list screen M1. In the terminal information list screen M1 in the figure, a terminal, an IP address, a communication state, and a set of cause of failure are shown. In addition, wireless buttons G11 to G15 are shown in the column of cause of malfunction. These wireless buttons G11 to G15 represent the wireless state of the corresponding wireless LAN terminal. When the wireless buttons G11 to G15 are pressed, the screen transits to a wireless LAN connection information screen M2 as shown in FIG.

  FIG. 17 is an example of the wireless LAN connection information screen M2. In the wireless LAN connection information screen M2 in the figure, the channel (Ch), name, SSID, radio wave intensity, and comment of the access point are shown. Further, the name of the wireless LAN terminal connected to the access point, the radio wave intensity of the wireless LAN terminal, the communication state, and the error message are displayed in association with each other.

FIG. 18 is an example of setting items described in the initial setting file by the failure cause determination unit 372. In the table T9 in the figure, a set of setting items and an outline of the setting items is shown. As setting items, there are an entire error item file name, an individual error item file name, a wireless LAN error item file name, and an AP check item file name. Depending on the processing function or execution tool described in those files according to the processing described later Refer to it.
The setting items further include a channel threshold value, a connected terminal number threshold value, and an RSSI (Received Signal Strength Indicator) threshold value.

FIG. 19 is an example of a flowchart illustrating a process for generating a screen displayed on the operator operation terminal.
(Step S201) First, the failure cause determination unit 372 reads an initial setting file.
(Step S202) Next, the failure cause determination unit 372 determines whether or not the screen to be currently displayed is a terminal information list screen. If it is a terminal information list screen (YES), the process proceeds to step S203. If it is not the terminal information list screen (NO), the process proceeds to step S204.
(Step S203) The failure cause determination unit 372 creates a terminal information list screen.
(Step S204) The failure cause determination unit 372 creates a wireless LAN connection information screen.
(Step S205) Next, the failure cause determination unit 372 determines whether or not an end input has been received from the operator operation terminal 6. When the termination input is received (YES), the failure cause determination unit 372 terminates the process. If no termination input has been received (NO), the failure cause determination unit 372 returns to the process of step S202. Above, the process of this flowchart is complete | finished.
Thereby, the failure cause determination unit 372 can switch the terminal information list screen and the wireless LAN connection information screen and display them on the operator operation terminal 6.

  The IP address appropriate range confirmation is performed by confirming the IP address of the feature acquired by broadcast from the accumulated data of the corresponding MAC address, and if it is out of the range obtained from the IP address and subnet mask of the failure cause estimation device 3, Is a process for setting a warning in the comment of the corresponding MAC address. The port opening / closing change confirmation confirms the change in value for each port number from the accumulated data of the corresponding MAC address, and outputs a confirmation message with a change to the comment of the corresponding MAC address in the terminal connection list if it matches the defined rule It is processing to do. The definition rule is, for example, a rule that the value does not change for a certain period in the past (for example, one week), the value is changed, and the value remains unchanged. In the IP address setting change confirmation, a feature relating to DHCP is extracted from the accumulated data of the corresponding MAC address, and it is determined whether the setting method is fixed or DHCP. Processing to output a message. The new terminal confirmation confirms whether or not the MAC address detected in the terminal information table is registered in the confirmed device table T362. This is a process for setting a warning message.

FIG. 20 is a flowchart illustrating an example of a process flow of the estimation unit 37 when the terminal information list screen is created.
(Step S301) First, the connection state detection unit 371 (see FIG. 8) executes wireless LAN monitoring update processing. Details of this processing will be described with reference to the flowchart of FIG.
(Step S302) Next, the failure cause determination unit 372 creates a connection terminal list by referring to the confirmed device table, the parent device information table, and the child device information table from the terminal information DB. The connected terminal list is a list of information related to the slave units. The connected terminal list holds a MAC address, an IP address, a manufacturer name, a model number, a connection state, a comment, and a WiFi flag for each terminal. Here, an error message corresponding to the connection state is stored in the comment. The WiFi flag is information indicating the presence or absence of a wireless LAN communication function.

  (Step S303) Next, the failure cause determination unit 372 repeats step S304 described below until, for example, all error check items included in the overall error check items shown in FIG. 21 are set. Here, FIG. 21 is an example of items of an overall error check executed by the failure cause determination unit 372 before the terminal information list screen is generated. A table T10 in the figure shows a set of error check items and error check contents indicating the contents of the error check items. As error check items, DHCP server duplication confirmation, IP address conflict confirmation, and speed status confirmation are shown. The DHCP server duplication check is a process of extracting a terminal that has opened the port 67. When there are two or more models, a warning message is set in the comments of all corresponding MAC addresses in the terminal connection list. In the IP address conflict confirmation, it is confirmed whether there is an IP address that conflicts with the IP address registered in the terminal information table. If there is a conflict, a warning message is set in the comments of all the corresponding MAC addresses in the terminal connection list. It is processing. The speed status confirmation is a process of accessing an external speed measurement site, acquiring upper and lower speed information, and setting a warning message in the comment of the failure cause estimating device 3 in the terminal connection list when the speed information is below a defined value.

  (Step S304) Returning to FIG. 20, next, the failure cause determining unit 372 performs an error check included in the overall error check items shown in FIG.

(Step S305) Next, the failure cause determination unit 372 performs steps S306 to S306 described below for each set of IP address and MAC address in the connection terminal list for all the slave units included in the slave unit information table. The process of S307 is repeated.
(Step S306) The failure cause determination unit 372 repeats step S307 described below until, for example, all error check items included in the individual error check items shown in FIG. 22 are set. Here, FIG. 22 is an example of individual error check items executed by the failure cause determination unit 372 before the terminal information list screen is generated. A table T10 in the figure shows a set of error check items and error check contents indicating the contents of the error check items. As error check items, IP address proper range confirmation, port opening / closing change confirmation, IP address setting change confirmation and new terminal confirmation are shown.

(Step S307) Returning to FIG. 20, the failure cause determination unit 372 performs an error check included in the individual error check items shown in FIG.
(Step S308) The failure cause determination unit 372 creates an HTML sentence from the connected terminal list. Above, the process of this flowchart is complete | finished.
Thereby, the failure cause determination unit 372 can display the terminal information list screen on the operator operation terminal 6.

  FIG. 23 is an example of setting items described in the initial setting file read by the connection state detection unit 371 during the wireless LAN radio wave environment monitoring process. In the table T12 in the figure, a set of setting items and an outline of the setting items is shown. The correspondence file name between the status code and the feature is a file name of a file describing the correspondence between the status code and the feature for obtaining the final state. The data acquisition period is a period that goes back from the present as the condition of the recording date and time acquired from the feature storage DB 35. The parent device extraction feature name is a feature name for extraction as a parent device in the creation of the parent device information table T363. The slave unit extracted feature name is a feature name for extraction as a slave unit in the creation of the slave unit information table T364. The parent device information item comparison list is a feature name (for example, SSID, channel, signal strength) corresponding to the item name registered in the parent device information table.

FIG. 24 is a flowchart illustrating an example of a wireless LAN radio wave environment monitoring process executed by the connection state detection unit 371 in step S301 in FIG.
(Step S401) First, the connection state detection unit 371 reads an initial setting file.
(Step S402) Next, the connection state detection unit 371 acquires the data of the feature accumulation DB 35 for the data acquisition period described in the initial setting file (see FIG. 23).
(Step S403) Next, the connection state detection unit 371 deletes all data in the parent device information table T363 and the child device information table T364 of the terminal information DB 36.

(Step S404) Next, the connection state detection unit 371 creates a parent device information table T363. The detailed process will be described with reference to the flowchart of FIG.
(Step S405) Next, the connection state detection unit 371 creates a handset information table T364. The detailed process will be described with reference to the flowchart of FIG.

  (Step S406) Next, the connection state detection unit 371 determines whether or not there is an update request. For example, when changing to the wireless LAN connection terminal information screen, the connection state detection unit 371 receives an update request. When there is an update request (YES), the connection state detection unit 371 returns to Step S402. When there is no update request (NO), the connection state detection unit 371 ends the process of this flowchart.

FIG. 25 is a flowchart showing an example of the creation process of the parent device information table T363 in step S404 of FIG. The data in the feature storage DB 35 used in the process of creating the parent device information table T363 is the data acquired in step S402 of the wireless LAN radio wave environment monitoring process in FIG.
(Step S501) First, the connection state detection unit 371 executes the processing of steps S502 to S505 until all the feature storage DB data acquired from the feature storage table T351 of the feature storage DB 35 are set in descending order of registration date.
(Step S502) The connection state detection unit 371 determines whether or not the feature name is “Beacon_SSI” for the feature storage DB data acquired from the feature storage DB 35. This process is a process of checking whether or not the feature name specified by the parent device extraction feature name included in the setting item of the table T12 of FIG. 23 matches, and here, “Beacon_SSI” is specified as the parent device extraction feature name. It is. When the feature name is “Beacon_SSI” (YES), the connection state detection unit 371 proceeds to step S503. When the feature name is not “Beacon_SSI” (NO), the connection state detection unit 371 proceeds to the end of step S505, and executes the process of step S502 for the next data.

(Step S503) The connection state detection unit 371 determines whether or not the MAC address included in the feature storage DB data determined in Step S502 is not in the parent device information table T363. If not in the parent device information table T363 (YES), the connection state detection unit 371 proceeds to step S504. On the other hand, if it exists in the parent device information table T363 (NO), the connection state detection unit 371 proceeds to the end of step S505, and executes the process of step S502 for the next data.
(Step S504) The connection state detection unit 371 creates a new record with the corresponding MAC address in the parent device information table T363 of the terminal information DB 36.
(Step S505) The connection state detection unit 371 registers the corresponding MAC address in the parent device MAC address list. Thereby, the connection state detection unit 371 can extract a MAC address corresponding to the parent device and create a list.

(Step S506) The connection state detection unit 371 executes the processes of steps S507 to S511 until all the parent machine MAC addresses included in the parent machine MAC address list are set.
(Step S507) The connection state detection unit 371 executes the processes of Steps S508 to S511 until all the search items included in the search items of the parent device information item comparison list are set.
(Step S508) The connection state detection unit 371 executes the processes of Steps S509 to S511 until all the acquired feature storage DB data are set in the order of registration date.

(Step S509) The connection state detection unit 371 determines whether or not a MAC address included in a certain feature storage DB data matches a parent device MAC address included in the parent device MAC address list. If it matches the parent machine MAC address (YES), the connection state detection unit 371 proceeds to step S510. If it does not match the parent machine MAC address (NO), the connection state detection unit 371 proceeds to the end of step S510, and executes the process of step S509 for the next feature accumulation DB data.
(Step S510) The connection state detection unit 371 determines whether or not the feature name matches any of the search items (eg, SSID, channel, signal strength) in the parent device information item comparison list. If the feature name matches any of the search items in the parent device information item comparison list (YES), the connection state detection unit 371 proceeds to step S511. If the feature name does not match any of the search items in the parent device information item comparison list (NO), the connection state detection unit 371 executes the process of step S509 for the next feature storage DB data.

(Step S511) The connection state detection unit 371 sets a feature value corresponding to the matched feature name in the parent device information table T363 of the terminal information DB 36.
Through the processing in steps S506 to S511, the connection state detection unit 371 can register a feature name corresponding to a search item in the item comparison list when the data matches the parent machine MAC address. Above, the process of this flowchart is complete | finished.

FIG. 26 is a flowchart showing an example of the creation process of the child device information table T364 in step S405 of FIG.
(Step S601) First, the connection state detection unit 371 executes the processing of steps S602 to S606 until all the feature storage DB data acquired from the feature storage DB 35 are set in descending order of registration date.
Subsequently, steps S602 and S603 are an example in which “Probe_SSI” and “Probe_DstAddr” are set as the slave unit extraction feature names included in the setting items of the table T12 of FIG. The reason why a plurality of feature names can be specified as a slave unit extracted feature name is that Probe_Request specifying a transmission destination is more likely to cause packet loss than Beacon, so that it can be complemented even if packet loss occurs. It is.
(Step S602) The connection state detection unit 371 determines whether or not the feature name included in the corresponding feature storage DB data is “ProbeReq_SSI”. When the feature name is “ProbeReq_SSI” (YES), the connection state detection unit 371 proceeds to step S604. If the feature name is not “ProbeReq_SSI” (NO), the connection state detection unit 371 proceeds to step S603.
(Step S603) The connection state detection unit 371 determines whether or not the feature name included in the corresponding feature storage DB data is “ProbeRes_DstAddr”. When the feature name is “ProbeRes_DstAddr” (YES), the connection state detection unit 371 proceeds to step S604. On the other hand, when the feature name is not “ProbeRes_DstAddr” (YES), the connection state detection unit 371 proceeds to the end of step S606, and executes the process of step S602 on the next feature accumulation DB data.
(Step S604) The connection state detection unit 371 determines whether or not there is a MAC address in the child device information table. If there is a MAC address in the handset device information table (YES), the connection state detection unit 371 proceeds to the end of step S606, and executes the process of step S602 on the next feature accumulation DB data. On the other hand, when there is no MAC address in the handset device information table (NO), the connection state detection unit 371 proceeds to step S605.
(Step S605) The connection state detection unit 371 newly creates a record of the slave unit information table with the corresponding MAC address, and registers the master unit MAC address in the record.
(Step S606) Next, the connection state detection unit 371 registers the corresponding MAC address in the slave unit MAC address list.
(Step S607) Next, the connection state detection unit 371 repeats step S608 until all the child devices included in the child device MAC address list are set.
(Step S608) The connection state detection unit 371 searches for the final state. Details of this processing will be described later with reference to FIG. Above, the process of this flowchart is complete | finished.
Thereby, the connection state detection part 371 can create the subunit | mobile_unit information table T364.

FIG. 27 is a flowchart showing an example of the final state search process in step S608 of FIG.
(Step S701) First, the connection state detection unit 371 executes the processing of steps S702 to S710 in the search route order of FIG.
(Step S <b> 702) The connection state detection unit 371 executes the processing of steps S <b> 703 to S <b> 710 in descending order of registration date for the feature storage DB data acquired from the feature storage DB 35.

  (Step S703) The connection state detection unit 371 determines whether or not the MAC address of the target child device matches the MAC address included in one record of the feature storage DB data. If the MAC addresses match (YES), the connection state detection unit 371 proceeds to step S704. On the other hand, when the MAC addresses do not match (YES), the connection state detection unit 371 executes the process of step S703 for the next record of the feature storage DB data.

  (Step S704) The connection state detection unit 371 searches the feature accumulation DB data for the feature name included in the record whose MAC address matches in step S703 to represent any of the features shown in the table T7 of FIG. It is determined whether or not the item matches. Here, the matching includes partial matching. For example, when the search item is “Probe_Req” with the feature name “Probe_Req_Rate” included in the record, the connection state detection unit 371 determines that they match. If the feature name matches one of the search items (YES), the connection state detection unit 371 proceeds to step S705. On the other hand, when the feature name does not match any of the search items (NO), the connection state detection unit 371 executes the process of step S703 for the next record of the feature storage DB data.

(Step S705) The connection state detection unit 371 sets a state number corresponding to the feature name matched in step S704 as the final state number of the child device information table T364.
(Step S706) The connection state detection unit 371 searches the feature storage table T351 for a record having “<Feature Name Signal Name> _SSID” with “_SSID” added to “Feature Name Signal Name” as a feature name. For example, when the feature name is “Probe request”, the signal name of the feature name is “Probe_Request”, and therefore the connection state detection unit 371 searches the feature accumulation table T351 for a record whose feature name is “Probe_Request_SSID”.

  (Step S707) The connection state detection unit 371 determines whether or not the feature name is a feature name with a destination address (DstAddr). For example, when the feature name is “Probe request”, since there is a reaching address as shown in FIG. 5, it is a feature name with a reaching address. If the feature name has a reaching address (YES), the connection state detection unit 371 proceeds to step S708. On the other hand, if it is not a feature name with a reaching address (NO), the connection state detection unit 371 proceeds to step S709.

(Step S708) The connection state detection unit 371 searches for and obtains the arrival address of the feature name, and sets the obtained arrival address in the corresponding MAC address record of the child device information table T364.
(Step S709) The connection state detection unit 371 determines whether the feature name is a feature name with a reason code (Reason code) or a status code (Status code). If the feature name has a reason code or status code (YES), the process proceeds to step S710. If the feature name has no reason code or status code (NO), the connection status detection unit 371 ends the final status search process.

(Step S710) The connection state detection unit 371 searches for and acquires the reason code or state code corresponding to the feature name, and sets the acquired reason code or state code in the corresponding MAC address record of the child device information table T364. To do. Then, the connection state detection unit 371 ends the final state search process. Above, the process of this flowchart is complete | finished.
As a result, the connection state detection unit 371 determines whether the feature corresponding to the state number is stored in the feature storage table of the feature storage DB 35 in the search route order of FIG. Set its state number. Thereby, the connection state detection part 371 can grasp | ascertain the connection state of the electronic device 4, for example.
The above-described process is based on the premise that the ARP transmission of the active feature extraction 32 is frequently performed. However, when the ARP transmission is not frequent, the process of transmitting the ARP and confirming the response is performed as the process of the state number 0. May be.

  FIG. 28 is an example of a list of error checks executed by the failure cause determination unit 372. In the figure, a set of an error item and error check contents of the error item is shown. In the process of “channel contention” as the error item, the MAC address existing in both the terminal information table T361 and the parent device information table T363 is detected as a home AP, and the number of APs using the same channel as the channel used by the home AP. This is a process for making an error when the value exceeds the threshold. When the error item is “number of connected terminals”, the number of slave units registered as the master unit MAC address is counted for each MAC address of the home AP from the slave unit information table T364, and an error occurs when the threshold is exceeded. It is processing. The process whose error item is “RSSI threshold” is an error process when the RSSI is below the threshold for each home AP.

FIG. 29 is a flowchart illustrating an example of a processing flow of the estimation unit 37 when a wireless LAN connection terminal information screen is created.
(Step S801) First, the connection state detection unit 371 executes wireless LAN monitoring update processing. The wireless LAN monitoring update process is the process of steps S402 to S405 in FIG.
(Step S802) Next, the failure cause determination unit 372 creates an AP list by referring to the parent device information table and the confirmed device table. The AP list is a list in which a set of MAC address, manufacturer name, model number, SSID, RSSI, channel, comment, and number of slave units is listed for each master unit.
(Step S803) Next, the failure cause determination unit 372 executes the processing of steps S804 to S805 until all the parent devices in the AP list are set.
(Step S804) The failure cause determination unit 372 determines whether there is a model number in the AP list. If there is a model number (YES), the failure cause determination unit 372 proceeds to step S805. On the other hand, when there is no model number (NO), the failure cause determination unit 372 executes the process of step S804 for the next record in the AP list.
(Step S805) The failure cause determination unit 372 performs an error check on the error items (for example, channel contention, number of connected terminals, RSSI threshold value) shown in FIG. Subscribe to comments.
(Step S806) The failure cause determination unit 372 reads the terminal information table T361, the confirmed device table T362, and the child device information table T364 stored in the terminal information DB 36.
(Step S807) The failure cause determination unit 372 executes the processes of steps S808 to S812 for each MAC address of the child device information table T364 until all the MAC addresses of the child device information table T364 are set.
(Step S808) The failure cause determination unit 372 determines whether or not the MAC address of the child device information table T364 is registered in the confirmed device table T362. If registered (YES), the failure cause determination unit 372 proceeds to step S809. On the other hand, when it is not registered (NO), the failure cause determination unit 372 executes the process of step S808 for the next MAC address in the child device information table T364.
(Step S809) The failure cause determination unit 372 determines whether or not the MAC address of the child device information table T364 is registered in the confirmed device table T362. If registered (YES), the failure cause determination unit 372 proceeds to step S810. On the other hand, when it is not registered (NO), the failure cause determination unit 372 executes the process of step S808 for the next MAC address in the child device information table T364.
(Step S810) The failure cause determination unit 372 creates a handset list. Here, the slave unit list is a set of MAC address, master unit MAC address, final status number, status code (Status code) or reason code (Reason code), RSSI, manufacturer name, model number, status and comment for each slave unit. Is a set list.
(Step S811) The failure cause determination unit 372 refers to the table T8 in FIG. 14 and performs an error check corresponding to the same state number as the final state number.
(Step S812) The failure cause determination unit 372 adds the number of slave devices in the AP list corresponding to the parent MAC address.
(Step S813) The failure cause determination unit 372 creates an HTML document from the AP list and the handset list. Accordingly, the failure cause determination unit 372 transmits the created HTML document to the failure cause determination unit 372, so that the operator operation terminal 6 can display a wireless LAN connection terminal information screen as shown in FIG.

As described above, in the failure cause estimation system 1 according to the first embodiment, the wireless LAN feature extraction unit (first feature extraction unit) 23 is acquired from a packet with which the electronic device 4 communicates wirelessly using a protocol related to the wireless data link layer. The extracted feature (for example, the feature obtained by IEEE 802.11) is extracted as the first feature. The second feature extraction unit 30 extracts, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer (that is, a layer higher than the network) from a packet with which the electronic device 4 communicates wirelessly. The estimation unit 37 estimates the cause of the network connection failure of the electronic device 4 based on the first feature and the second feature. Thereby, the failure cause estimation system 1 can estimate the cause of the connection failure other than the wireless LAN radio wave environment by using the characteristics acquired by the protocol of the layer higher than the data link layer. Even if a connection failure has a problem other than the environment, the cause of the connection failure can be narrowed down. As a result, it is possible to improve the ease of solving a connection failure that has a problem other than the wireless LAN radio wave environment.
Further, when the failure cause estimation system 1 receives in the monitor mode, a large amount of packets fly, so that packet loss occurs frequently and packet loss occurs even if the characteristics acquired by the protocol related to the data link layer cannot be obtained. By using the characteristics acquired by the protocol of the layer higher than the difficult data link layer, the cause of the network connection failure can be narrowed down, and the connection failure status of the electronic device 4 to the network can be grasped more accurately. it can.

  In the first embodiment, the connection state detection unit 371 in the estimation unit 37 detects the connection state of the electronic device 4 to the network depending on which of the features included in the first feature and the second feature is acquired. To do. Then, the failure cause determination unit 372 determines the cause of the network connection failure of the electronic device 4 according to the connection state detected by the connection state detection unit 371. As a result, the connection state detection unit 371 estimates the closest connection state from the features acquired by the higher layer protocol even if the packet loss occurs and the features acquired by the protocol related to the data link layer cannot be detected. Since the cause of the connection failure corresponding to the closest connection state can be detected, only the error check corresponding to the state number needs to be executed, and the processing time can be shortened.

  When the protocol related to the wireless data link layer is IEEE 802.11, the wireless LAN feature extraction unit (first feature extraction unit) 23 is a subtype of a packet in which the electronic device 4 communicates wirelessly, a beacon acquisition interval, and a transmission destination of the packet Based on at least one of whether or not is broadcast, packets are narrowed down, and features in the wireless LAN are extracted from the narrowed packets. As a result, even when a large number of packets are received when the wireless LAN module is applied as the monitor mode, the wireless LAN monitor terminal 2 extracts information necessary for failure analysis and aggregates it to the failure cause estimation device 3. The influence on the home network due to the load on the cause estimation device 3 can be suppressed.

In the first embodiment, the failure cause estimation system 1 includes a wireless LAN monitor terminal 2 that includes a wireless LAN feature extraction unit (first feature extraction unit) 23 and collects packets for wireless communication of the electronic device 4, and an estimation unit 37. A failure cause estimation device. In the case where the wireless LAN monitor terminal 2 does not include a wired communication unit that communicates with the failure cause estimation device 3 by wire but includes a wireless communication unit that communicates with the failure cause estimation device 3 wirelessly, the wireless communication unit is determined in advance. During the period, the packet is acquired as the monitoring mode, and the wireless LAN feature extraction unit (first feature extraction unit) 23 extracts and accumulates the first feature from the packet acquired by the wireless communication unit, and the wireless communication unit Each time the above period elapses, the first feature accumulated by changing to the infrastructure mode is transmitted to the failure cause estimating apparatus 3.
Thus, the wireless LAN monitor terminal 2 can be applied to an electronic device having a network interface only wirelessly. Thereby, since the electronic device carrying the existing wireless LAN module can be used as the wireless LAN monitor terminal 2, the introduction cost of the failure cause estimation system 1 can be suppressed.

In the first embodiment, when the wireless LAN monitor terminal 2 includes both the wired communication unit and the wireless communication unit, the wireless communication unit acquires a packet and acquires a wireless LAN feature extraction unit (first feature extraction unit). Unit) 23 extracts the first feature from the packet acquired by the wireless communication unit, and the wired communication unit transmits the extracted first feature to the failure cause estimating apparatus 3.
Thereby, since the existing electronic device provided with both the wired communication part and the wireless communication part can be used as the wireless LAN monitor terminal 2, the introduction cost of the failure cause estimation system 1 can be suppressed.

In the first embodiment, as an example, the wireless LAN feature extraction unit 23 extracts features obtained by IEEE802.11 from a packet with which the electronic device 4 communicates wirelessly. However, the present invention is not limited to this. The wireless LAN feature extraction unit (first feature extraction unit) 23 may extract, as a first feature, a feature acquired by a protocol related to a wireless data link layer from a packet with which the electronic device 4 communicates wirelessly. Here, the characteristics acquired in the protocol related to the wireless data link layer include the characteristics related to authentication and the characteristics related to disconnection, and the first protocol includes IEEE802.11 and IEEE802.1x.
In the first embodiment, the failure cause determination unit 372 displays the failure analysis result of the wireless failure analysis and the other failure analysis results on two screens. You may make it display on one screen collectively.

<Modification of First Embodiment>
Subsequently, a modification of the first embodiment will be described. FIG. 30 is a schematic block diagram illustrating a configuration of a failure cause estimation system 1b according to a modification of the first embodiment. The failure cause estimation system 1b includes a wireless LAN monitor terminal 2, a WAN 5, a feature extraction device 7, and a failure cause estimation device 8. In the failure cause estimation system 1b, compared to the failure cause estimation system 1 in the first embodiment, a feature extraction device 7 that extracts a second feature of a protocol other than the wireless LAN is installed in the house 10, and the house 10 is different in that a failure cause estimation device 8 is installed outside the network 10. The feature extraction device 7 transmits the first feature input from the wireless LAN monitor terminal 2 and the second feature extracted by itself to the failure cause estimation device 8 via the WAN 5. The failure cause estimation device 8 estimates the cause of the network connection failure of the electronic device 4 from the first feature and the second feature received from the feature extraction device 7. For example, the operator operation terminal 6 is directly connected to the failure cause estimation device 8.

  FIG. 31 is a schematic block diagram illustrating a configuration of the feature extraction device 7 according to a modification of the first embodiment. The feature extraction device 7 includes a second feature extraction unit 30, a passive feature extraction unit 31, an active feature extraction unit 32, a manager communication control unit 33, and a communication unit 71. Note that the second feature extraction unit 30, the active feature extraction unit 32, and the manager communication control unit 33 have the same configuration as the members included in the failure cause estimation device 3 of FIG.

  The communication unit 71 transmits the confirmed device information input from the input unit 38 to the failure cause estimation device 8 via the WAN 5. In addition, the communication unit 71 sends the wireless feature information input from the manager communication control unit 33 and the passive feature information and active feature information input from the second feature extraction unit 30 to the failure cause estimation device 8 via the WAN 5. Send.

  FIG. 32 is a schematic block diagram illustrating a configuration of the failure cause estimation device 8 according to a modification of the first embodiment. The failure cause estimation device 8 includes an acquisition unit 81, a DB control unit 34, a feature storage DB 35, a terminal information DB 36, an estimation unit 37, and an input unit 38. The DB control unit 34, the feature storage DB 35, the terminal information DB 36, the estimation unit 37, and the input unit 38 have the same configuration as the members included in the failure cause estimation device 3 in FIG. Description is omitted.

  The acquisition unit 81 acquires the wireless feature information, the passive feature information, and the active feature information transmitted from the feature extraction device 7, and uses identification information HID (HomeGW ID) that identifies the home network for the acquired information. Give. Then, the acquisition unit 81 stores the set of the wireless feature information, passive feature information, active feature information, and identification information HID in the feature storage DB 35 via the DB control unit 34. Thereby, wireless feature information, passive feature information, and active feature information can be identified for each home network, that is, for each house.

  As described above, in the modified example of the first embodiment, the acquisition unit 81 acquires, as a first feature, a feature obtained by IEEE 802.11 from a packet with which the electronic device 4 communicates wirelessly, and the electronic device 4 communicates wirelessly. The feature acquired by the protocol of the layer higher than the data link layer is acquired from the packet to be processed as the second feature. Then, the estimation unit 37 estimates the cause of the network connection failure of the electronic device 4 based on the first feature and the second feature. Thereby, in addition to obtaining the same effect as in the first embodiment, it is only necessary to provide one estimation unit 37 in common for all home nets, so that the introduction cost of the failure cause estimation system 1b can be suppressed. be able to. Moreover, since it is not necessary to prepare a recording device for storing features in the feature extraction device 7 prepared for each home network for each home network, the introduction cost of the failure cause estimation system 1b can be suppressed.

  In the modification of the first embodiment, as an example, the acquisition unit 81 acquires the characteristics obtained by IEEE802.11 from the packet with which the electronic device 4 communicates wirelessly. However, the present invention is not limited to this. The acquisition unit 81 may acquire, as a first feature, a feature in the first protocol that allows a feature relating to connection to the network to be acquired from a packet in which the electronic device 4 communicates wirelessly. Here, the connection feature includes an authentication feature and a disconnection feature, and the first protocol includes IEEE 802.11 and IEEE 802.1x.

<Second Embodiment>
Next, the second embodiment will be described. FIG. 33 is a schematic block diagram illustrating a configuration of a failure cause estimation system according to the second embodiment. Elements common to those in FIG. 1 are denoted by the same reference numerals, and detailed description thereof is omitted. The configuration of the failure cause estimation system 1c in the second embodiment is different from the configuration of the failure cause estimation system 1 in the first embodiment in that the wireless LAN monitor terminal 2 is deleted and the failure cause estimation device 3 The device 3c is changed. Compared to the failure cause estimation device 3 in the first embodiment, the failure cause estimation device 3c in the second embodiment further has an access point function, receives a wireless LAN packet, and wirelessly transmits the packet from the received packet. The feature acquired by the protocol related to the data link layer (for example, IEEE802.11 protocol) is extracted.

FIG. 34 is a schematic block diagram showing the configuration of the failure cause estimation device 3c in the second embodiment. In addition, the same code | symbol is attached | subjected to the element which is common in FIG. 8, and the specific description is abbreviate | omitted. The failure cause estimation device 3c is obtained by adding a packet collection unit 21, a packet distribution unit 22, and a wireless LAN feature extraction unit 23c to the failure cause estimation device 3 of FIG. While the packet collection unit 21 of the first embodiment is a packet capture in the monitor mode,
The packet collection unit 21 in the second embodiment is different in that it is a packet capture as an AP. The packet collecting unit 21 outputs the captured packet to the packet sorting unit 22. Since the packet distribution unit 22 is the same as the packet distribution unit 22 of the wireless LAN monitor terminal 2 in the first embodiment, the description thereof is omitted.

  The wireless LAN feature extraction unit 23c has the same function as the wireless LAN feature extraction unit 23 of FIG. 2, but differs in the following points. The wireless LAN feature extraction unit 23 stores wireless feature information indicating the extracted features in the feature storage DB 35 via the DB control unit 34.

  As described above, in the failure cause estimation system 1c according to the second embodiment, in addition to the effects of the first embodiment, it is not necessary to introduce the wireless LAN monitor terminal 2, so that it takes time and effort to introduce the failure cause estimation system 1c. Can be reduced.

  FIG. 35 is a list of failure causes that can be estimated by the failure cause estimation system 1 of the first embodiment and the failure cause estimation system 1c of the second embodiment. In the figure, both the failure cause estimation system 1 of the first embodiment and the failure cause estimation system 1c of the second embodiment are referred to as “the number of connected master units exceeds the allowable amount” in the case of a failure that does not connect to the network. It has been shown that causes other than the wireless LAN radio wave environment can be estimated. In addition, both the failure cause estimation system 1 of the first embodiment and the failure cause estimation system 1c of the second embodiment are wireless LAN radio waves “the number of connected master units exceeds the allowable amount” in the case of a slow network failure. It has been shown that it is possible to estimate causes other than the environment and causes other than the wireless LAN radio wave environment such as “the number of connected master units exceeds the allowable amount” in the case of a failure to be disconnected from the network.

Further, the failure cause estimation system 1 of the first embodiment identifies the transition status for causes other than the wireless LAN radio wave environment such as “master unit setting error” and “DHCP error” in the case of a failure that is not connected to the network. The failure cause estimation system 1c of the second embodiment shows that the cause can be estimated.
The failure cause estimation system 1c of the second embodiment cannot estimate a failure cause that “the radio wave intensity of the failure cause estimation device 3 is weak” in the case of a failure that is not connected to the network. This is because the radio wave intensity of the electronic device 4 is too weak to detect the radio wave from the electronic device 4, so it cannot be determined whether the radio wave intensity of the electronic device 4 is weak. On the other hand, in the failure cause estimation system 1 of the first embodiment, since the wireless LAN monitor terminal 2 can detect the radio wave intensity of the failure cause estimation device 3, “the radio wave intensity of the failure cause estimation device 3 is weak”. It has the further advantage that the cause of failure can be estimated.

Also, the failure cause estimation system 1c of the second embodiment cannot estimate a failure cause of “connection destination AP error” in the case of a failure that does not connect to the network. On the other hand, in the failure cause estimation system 1 of the first embodiment, since the wireless LAN monitor terminal 2 can detect the connection destination AP of the electronic device 4, it is possible to estimate the failure cause “connection destination AP error”. Have
Also, the failure cause estimation system 1c of the second embodiment cannot estimate the failure cause of “channel contention” in the case of a failure that is slow or disconnected from the network. On the other hand, the failure cause estimation system 1 of the first embodiment has the further advantage that the failure cause of “channel contention” can be estimated because the wireless LAN monitor terminal 2 can detect the channel of the surrounding AP.

Note that a system including a plurality of devices may process each process of the wireless LAN monitor terminal 2 or the failure cause estimation device (3, 3c, or 8) according to the present embodiment in a distributed manner by the plurality of devices. .
In addition, a program for executing each process of the wireless LAN monitor terminal 2 or the failure cause estimation device (3, 3c, or 8) of the present embodiment is recorded on a computer-readable recording medium and recorded on the recording medium. The above-described various processes relating to the wireless LAN monitor terminal 2 or the failure cause estimating device (3, 3c, or 8) may be performed by causing the computer system to read and execute the program.

  Here, the “computer system” may include an OS and hardware such as peripheral devices. Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used. The “computer-readable recording medium” means a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a CD-ROM, a hard disk built in a computer system, etc. This is a storage device.

  Further, the “computer-readable recording medium” refers to a volatile memory (for example, DRAM (Dynamic) in a computer system serving as a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. Random Access Memory)) that holds a program for a certain period of time is also included. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, a specific structure is not restricted to this embodiment. Each configuration in each embodiment, a combination thereof, and the like are examples, and the addition, omission, replacement, and other changes of the configuration can be made without departing from the spirit of the present invention. Further, the present invention is not limited by the embodiments, and is limited only by the scope of the claims.

1, 1b, 1c, failure cause estimation system 2 wireless LAN monitor terminal (wireless communication monitoring device)
3, 3c, 8 Failure cause estimation device 4 Electronic device 5 WAN
6 Operator operation terminal 7 Feature extraction device 10 House 21 Packet collection unit 22 Packet distribution unit 23, 23c Wireless LAN feature extraction unit 24 Agent communication control unit 25 Wireless module mode control unit 30 Second feature extraction unit 31 Passive feature extraction unit 32 Active feature extraction unit 33 Manager communication control unit 34 DB control unit 35 Feature storage DB
36 Terminal information DB
37 estimation unit 38 input unit 71 communication unit 81 acquisition unit 221, 3121 packet capture control unit 222, 3122 packet capture service unit 231, ..., 23N protocol feature extraction unit (packet extraction unit, first feature extraction unit)
311 Packet collection unit 312 Packet distribution unit 313 Feature analysis unit 3131, ..., 313N Feature extraction unit

Claims (9)

A first feature extraction unit that extracts, as a first feature, a feature acquired by a protocol related to a wireless data link layer from a packet in which the electronic device communicates wirelessly;
A second feature extraction unit that extracts, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer from a packet in which the electronic device communicates wirelessly;
An estimation unit for estimating a cause of a network connection failure of the electronic device based on the first feature and the second feature;
A failure cause estimation system comprising: The estimation unit includes
A connection state detection unit that detects a connection state of the electronic device to the network according to which of the features included in the first feature and the second feature is acquired;
According to the connection state detected by the connection state detection unit, a failure cause determination unit that determines a cause of a network connection failure of the electronic device,
The failure cause estimation system according to claim 1. The first feature extraction unit narrows and narrows the packet based on at least one of a subtype of a packet wirelessly communicated by the electronic device, a beacon acquisition interval, and whether the transmission destination of the packet is broadcast. The failure cause estimation system according to claim 1, wherein the first feature is extracted from the received packet. The failure cause estimation system includes a wireless communication monitoring device that includes the first feature extraction unit and collects packets for wireless communication of the electronic device, and a failure cause estimation device that includes the estimation unit,
When the wireless communication monitoring device does not include a wired communication unit that communicates with the failure cause estimation device by wire, but includes a wireless communication unit that communicates with the failure cause estimation device wirelessly, the wireless communication unit is determined in advance. The first feature extraction unit extracts and accumulates the first feature from the packet acquired by the wireless communication unit, and the wireless communication unit passes the period. The failure cause estimation system according to any one of claims 1 to 3, wherein the first feature accumulated by changing to an infrastructure mode is transmitted to the failure cause estimation device every time. A procedure in which a first feature extraction unit acquires, as a first feature, a feature in a first protocol capable of acquiring a feature acquired by a protocol related to a wireless data link layer from a packet in which the electronic device communicates wirelessly;
A procedure in which a second feature extraction unit extracts, as a second feature, a feature acquired by a protocol in a layer higher than the data link layer from a packet communicated by the electronic device;
A step of estimating an cause of a network connection failure of the electronic device based on the first feature and the second feature;
A method for estimating a cause of failure. A feature acquired by a protocol related to a wireless data link layer is acquired as a first feature from a packet with which the electronic device communicates wirelessly. A packet higher than the data link layer is acquired from a packet with which the electronic device communicates wirelessly. An acquisition unit for acquiring a feature acquired by the protocol as a second feature;
An estimation unit for estimating a cause of a network connection failure of the electronic device based on the first feature and the second feature;
A failure cause estimation device comprising: On the computer,
A feature acquired by a protocol related to a wireless data link layer is acquired as a first feature from a packet with which the electronic device communicates wirelessly, and a protocol higher than the data link layer from a packet with which the electronic device communicates wirelessly An acquisition step of acquiring the feature acquired in step 2 as a second feature;
An estimation step for estimating a cause of a network connection failure of the electronic device based on the first feature and the second feature;
Failure cause estimation program to run. A wireless communication monitoring device used in a failure cause estimation system for detecting a cause of a network connection failure of an electronic device capable of wireless communication,
Some packets from packets wirelessly communicated by the electronic device based on at least one of the subtype of the packet with which the electronic device communicates wirelessly, the beacon acquisition interval, and whether the transmission destination of the packet is broadcast A packet extraction unit for extracting
A feature extraction unit that extracts a feature in a protocol capable of acquiring a feature relating to connection to a network from the packet extracted by the packet extraction unit;
A wireless communication monitoring device. To the wireless communication monitoring device used in the failure cause estimation system that detects the cause of network connection failure of electronic devices that can communicate wirelessly,
Some packets from packets wirelessly communicated by the electronic device based on at least one of the subtype of the packet with which the electronic device communicates wirelessly, the beacon acquisition interval, and whether the transmission destination of the packet is broadcast A packet extraction step for extracting
A feature extraction step of extracting a feature in a protocol capable of acquiring a feature relating to connection to a network from the packet extracted in the packet extraction step;
Wireless communication monitoring program for executing

Images