Visualization of traffic flowing through a host
First Claim
1. A method performed by a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors for handling requests to a protected computer network, the method comprising steps of:
- intercepting data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets;
analyzing the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets;
providing a graphical representation on a user display indicating the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and
providing on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
user selected node”
) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
2) a focus button which when selected by the user causes a change in the selected node subject to analysis.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer readable storage medium that analyzes network traffic intercepts data communications occurring between one or more hosts and a preselected target host in a protected network. The intercepted data communication includes a plurality of data packets. The intercepted data communications are analyzed to determine volumetric incoming and outgoing traffic flows for the received data packets. The determined volumetric incoming traffic flow for the received packets is graphically represented by a first region. The determined volumetric outgoing traffic flow for the received packets is graphically represented by a second region. The graphical representation includes a plurality of nodes interconnected by a plurality of links. The plurality of nodes represents the hosts. The plurality of links indicate operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications.
15 Citations
18 Claims
-
1. A method performed by a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors for handling requests to a protected computer network, the method comprising steps of:
-
intercepting data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets; analyzing the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets; providing a graphical representation on a user display indicating the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and providing on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
user selected node”
) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
2) a focus button which when selected by the user causes a change in the selected node subject to analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for analyzing network traffic based upon user selected values, comprising:
-
a memory; a processor disposed in communication with said memory, and configured to issue a plurality of instructions stored in the memory, wherein the instructions issue signals to; intercept data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets; analyze the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets; provide a graphical representation on a user display the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and provide a control in the form of a scrollable view bar arranged in a control area of the graphical representation, the scrollable view bar having manipulable handle and a view window configured for visually indicating a portion of the determined incoming or outgoing volumetric traffic flow in the graphical representation; and provide on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
user selected node”
) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
2) a focus button which when selected by the user causes a change in the selected node subject to analysis. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium and one or more computer programs embedded therein, the computer programs comprising instructions, which when executed by a computer system, cause the computer system to:
-
intercept data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets; analyze the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets; and provide a graphical representation on a user display the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and provide on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
user selected node”
) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
2) a focus button which when selected by the user causes a change in the selected node subject to analysis. - View Dependent Claims (17, 18)
-
Specification