Real-time adaptive processing of network data packets for analysis
First Claim
1. A method, comprising:
- determining first and second sessions associated with data packets received by a network monitoring device at a location in a network;
generating a common header summarizing information in headers of a plurality of data packets in each of the first and second sessions by the network monitoring device; and
generating, for each first and second session, a session record for respectively storing the common header of the first and second session, and storing mapping information representing association of the first session with the second session when the first and second sessions are associated with planes in a same protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
A network monitoring system that summarizes a plurality of data packets of a session into a compact session record for storage and processing. Each session record may be produced in real-time and made available during the session and/or after the termination of the session. Depending on protocols, a network monitoring system extracts different sets of information, removes redundant information from the plurality of data packets, and adds performance information to produce the session record. The network monitoring system may retrieve and process a single session record or multiple session records for the same or different protocols to determine cause of events, resolve issues in a network or evaluate network performance or conditions. The session record enables analysis in the units of session instead of individual packets. Hence, the network monitoring system can analyze events, issues or performance of the network more efficiently and effectively.
9 Citations
18 Claims
-
1. A method, comprising:
-
determining first and second sessions associated with data packets received by a network monitoring device at a location in a network; generating a common header summarizing information in headers of a plurality of data packets in each of the first and second sessions by the network monitoring device; and generating, for each first and second session, a session record for respectively storing the common header of the first and second session, and storing mapping information representing association of the first session with the second session when the first and second sessions are associated with planes in a same protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network monitoring device for processing network data for analysis, comprising:
-
a network interface configured to receive data packets at a location in a network; and a session tracing engine configured to; determine first and second sessions associated with data packets received by a network monitoring device at a location in a network; generate a common header summarizing information in headers of a plurality of data packets in each of the first and second sessions by the network monitoring device; and generate, for each first and second session, a session record for respectively storing the common header of the first and second session, and storing mapping information representing association of the first session with the second session when the first and second sessions are associated with planes in a same protocol. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification