Abstract: A device and method for traffic monitoring and a non-transitory tangible machine-readable medium for use in the device are disclosed. The device stores a probability model. The device records a packet quantity transmitted by a device under test in a monitoring time period. The device determines that the device under test is in an abnormal state when a probability of occurrence corresponded to by the packet quantity and the monitoring time period is lower than a probability threshold, wherein the probability of occurrence is determined by the probability model.

Abstract: A packet analysis apparatus, method, and non-transitory computer readable medium thereof are provided. The packet analysis apparatus stores a plurality of packets whose formats are unknown. The packet analysis apparatus calculates a plurality of cross-correlation values of the packets. The packet analysis apparatus decides at least one group according to the cross-correlation values and at least one first threshold, wherein each group includes a subset of the packets. The packets included in a specific group of the groups define a plurality of bit positions. Each packet included in the specific group has a plurality of bits. For each of the bit positions, the packet analysis apparatus calculates a variation degree of the bits corresponding to the bit positions. The packet analysis apparatus selects the at least one bit position whose variation degree(s) is/are smaller than a second threshold as at least one field boundary of the specific group.