Real-time adaptive processing of network data packets for analysis

US 10,284,440 B2
Filed: 05/23/2017
Issued: 05/07/2019
Est. Priority Date: 04/08/2010
Status: Expired

First Claim

Patent Images

1. A method, comprising:

determining first and second sessions associated with data packets received by a network monitoring device at a location in a network;

generating a common header summarizing information in headers of a plurality of data packets in each of the first and second sessions by the network monitoring device; and

generating, for each first and second session, a session record for respectively storing the common header of the first and second session, and storing mapping information representing association of the first session with the second session when the first and second sessions are associated with planes in a same protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network monitoring system that summarizes a plurality of data packets of a session into a compact session record for storage and processing. Each session record may be produced in real-time and made available during the session and/or after the termination of the session. Depending on protocols, a network monitoring system extracts different sets of information, removes redundant information from the plurality of data packets, and adds performance information to produce the session record. The network monitoring system may retrieve and process a single session record or multiple session records for the same or different protocols to determine cause of events, resolve issues in a network or evaluate network performance or conditions. The session record enables analysis in the units of session instead of individual packets. Hence, the network monitoring system can analyze events, issues or performance of the network more efficiently and effectively.

9 Citations

View as Search Results

18 Claims

1. A method, comprising:
- determining first and second sessions associated with data packets received by a network monitoring device at a location in a network;
  
  generating a common header summarizing information in headers of a plurality of data packets in each of the first and second sessions by the network monitoring device; and
  
  generating, for each first and second session, a session record for respectively storing the common header of the first and second session, and storing mapping information representing association of the first session with the second session when the first and second sessions are associated with planes in a same protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, further including generating a unit of payload metadata summarizing information in payloads of the plurality of the data packets in each of the first and second session by the network monitoring device wherein the generating step further includes storing the payload metadata of each of the first and second session respectively in the session record for each first and second session.
  - 3. The method of claim 2, further comprising determining a protocol associated with each of the first and second session, information included in the common header or the payload metadata of each first and second session is respectively determined based on a protocol associated with the first and second session.
  - 4. The method of claim 2, wherein the common header and the payload metadata are generated in real-time responsive to receiving data packets for each of the first and second session from the network.
  - 5. The method of claim 1, further comprising:
    - generating performance parameters representing performance of the network for transmitting the plurality of the data packets in each of the first and second sessions; and
      
      adding the performance parameters of the first and second sessions respectively in the first and second session record.
  - 6. The method of claim 5, wherein the performance parameters comprise at least one of a packet loss rate, a response time, a number of packets or bytes transmitted, parameters indicative of transmission latency, codec parameters, total transfer time for the session, R-Factor (rating factor), MOS (Mean Opinion Score), a file or page size, a file name, sender/receive information, a total transfer time, a user ID, jitter, and phone number.
  - 7. The method of claim 1, wherein the first session is associated with a first protocol and the second session is associated with a second protocol different than the first protocol.
  - 8. The method of claim 1, wherein each first and second session record further stores links to the plurality of the data packets respectively in each of the first and second sessions.
  - 9. The method of claim 1, wherein the common header comprises fields of the headers that remain unchanged throughout each respective first and second session.

10. A network monitoring device for processing network data for analysis, comprising:
- a network interface configured to receive data packets at a location in a network; and
  
  a session tracing engine configured to;
  
  determine first and second sessions associated with data packets received by a network monitoring device at a location in a network;
  
  generate a common header summarizing information in headers of a plurality of data packets in each of the first and second sessions by the network monitoring device; and
  
  generate, for each first and second session, a session record for respectively storing the common header of the first and second session, and storing mapping information representing association of the first session with the second session when the first and second sessions are associated with planes in a same protocol.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The network monitoring device as recited in claim 10, wherein the session tracing engine is further configured to generate a unit of payload metadata summarizing information in payloads of the plurality of the data packets in each of the first and second session by the network monitoring device wherein the generating step further includes storing the payload metadata of each of the first and second session respectively in the session record for each first and second session.
  - 12. The network monitoring device as recited in claim 11, wherein the session tracing engine is further configured to determine a protocol associated with each of the first and second session, information included in the common header or the payload metadata of each first and second session is respectively determined based on a protocol associated with the first and second session.
  - 13. The network monitoring device as recited in claim 11, wherein the common header and the payload metadata are generated in real-time responsive to receiving data packets for each of the first and second session from the network.
  - 14. The network monitoring device as recited in claim 11, wherein each first and second session record further stores links to the plurality of the data packets respectively in each of the first and second sessions.
  - 15. The network monitoring device as recited in claim 10, wherein the session tracing engine is further configured to:
    - generate performance parameters representing performance of the network for transmitting the plurality of the data packets in each of the first and second sessions; and
      
      add the performance parameters of the first and second sessions respectively in the first and second session record.
  - 16. The network monitoring device as recited in claim 15, wherein the performance parameters comprise at least one of a packet loss rate, a response time, a number of packets or bytes transmitted, parameters indicative of transmission latency, codec parameters, total transfer time for the session, R-Factor (rating factor), MOS (Mean Opinion Score), a file or page size, a file name, sender/receive information, a total transfer time, a user ID, jitter, and phone number.
  - 17. The network monitoring device as recited in claim 10, wherein the first session is associated with a first protocol and the second session is associated with a second protocol different than the first protocol.
  - 18. The network monitoring device as recited in claim 10, wherein the common header comprises fields of the headers that remain unchanged throughout each respective first and second session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetScout Systems Incorporated
Original Assignee
NetScout Systems Incorporated
Inventors
Singhal, Anil K., Kelley, Jr., Bruce A., Nadkarni, Rajeev, Byrapuram, Narendra, Saraswati, Abhishek, Singhal, Ashwani
Primary Examiner(s)
Sinkantarakorn, Pao

Application Number

US15/603,034
Publication Number

US 20170264506A1
Time in Patent Office

714 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/069   using logs of notifications...

H04L 43/026   using flow identification

H04L 43/028   by filtering

H04L 43/062   related to network traffic

H04L 43/08   Monitoring or testing based...

H04L 43/0829   Packet loss

H04L 43/087   Jitter

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/0882   Utilisation of link capacity

H04L 43/16   Threshold monitoring

H04L 69/22   Parsing or analysis of headers

Y02D 30/50   in wire-line communication ...

Real-time adaptive processing of network data packets for analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Real-time adaptive processing of network data packets for analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others