Simplified network packet analyzer for distributed packet snooper

US 20020078231A1
Filed: 12/15/2000
Published: 06/20/2002
Est. Priority Date: 12/15/2000
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing network packets, the method comprising:

receiving snoop configuration information;

configuring a target endpoint and a source endpoint;

initialize a snooper on at least one client; and

snooping, by the at least one client, data packets transmitted through the target endpoint originating from the source endpoint and transmitted through the target endpoint destined for the source endpoint.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, apparatus, and computer program product are presented for a dynamically locatable packet analyzer spread across a distributed network of endpoints for determining packet generating applications is provided. In particular, the analyzer determines which ports are being used by which applications in order to verify that only intended packets are being sent and received by endpoints. The analyzer also provides novice packet snooping by not requiring administrators to configure operating system specific, packet specific or port specific information. The analyzer also provides snooping per application type (i.e. security, discovery, etc.) on endpoints, rather than packet type or port only.

Citations

22 Claims

1. A method for analyzing network packets, the method comprising:
- receiving snoop configuration information;
  
  configuring a target endpoint and a source endpoint;
  
  initialize a snooper on at least one client; and
  
  snooping, by the at least one client, data packets transmitted through the target endpoint originating from the source endpoint and transmitted through the target endpoint destined for the source endpoint.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, wherein the configuration information comprises packet types.
  - 3. The method as recited in claim 1, further comprising:
    - determining a route between the target endpoint and the source endpoint to determine a complete list of endpoints between the target endpoint and the source endpoint;
      
      wherein the snooper is initialized and started on all of the complete list of endpoints.
  - 4. The method as recited in claim 1, further comprising:
    - receiving snooping results from each of the at least one client;
      
      filtering the snooping results to obtain filtered results corresponding to data requested by a user; and
      
      presenting the filtered results.
  - 5. The method as recited in claim 4, wherein the step of presenting the filtered results comprises displaying the results on a video display.
  - 6. The method as recited in claim 5, wherein the video display comprises a graphical user interface.
  - 7. The method as recited in claim 1, wherein the step of initializing the snooper on the at least one client comprises:
    - creating, by a java virtual machine within the snooper client, a packet filter definition corresponding to the packet type selected by a user;
      
      sending the packet filter definition to the native operating system layer of the snooper client.

8. A computer program product in a computer readable media for use in a data processing system for analyzing network packets, the computer program product comprising:
- first instructions for receiving snoop configuration information;
  
  second instructions for configuring a target endpoint and a source endpoint;
  
  third instructions for initialize a snooper on at least one client; and
  
  fourth instructions for snooping, by the at least one client, data packets transmitted through the target endpoint originating from the source endpoint and transmitted through the target endpoint destined for the source endpoint.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21)
- - 9. The computer program product as recited in claim 8, wherein the configuration information comprises packet types.
  - 10. The computer program product as recited in claim 8, further comprising:
    - fifth instructions for determining a route between the target endpoint and the source endpoint to determine a complete list of endpoints between the target endpoint and the source endpoint;
      
      wherein the snooper is initialized and started on all of the complete list of endpoints.
  - 11. The computer program product as recited in claim 8, further comprising:
    - fifth instructions for receiving snooping results from each of the at least one client;
      
      sixth instructions for filtering the snooping results to obtain filtered results corresponding to data requested by a user; and
      
      seventh instructions for presenting the filtered results.
  - 12. The computer program product as recited in claim 11, wherein the sixth instructions for presenting the filtered results comprises displaying the results on a video display.
  - 13. The computer program product as recited in claim 12, wherein the video display comprises a graphical user interface.
  - 14. The computer program product as recited in claim 8, wherein the third instructions for initializing the snooper on the at least one client comprises:
    - fifth instructions for creating, by a java virtual machine within the snooper client, a packet filter definition corresponding to the packet type selected by a user;
      
      sixth instructions for sending the packet filter definition to the native operating system layer of the snooper client.
  - 16. The system as recited in claim 15, wherein the configuration information comprises packet types.
  - 17. The system as recited in claim 15, further comprising:
    - fifth means for determining a route between the target endpoint and the source endpoint to determine a complete list of endpoints between the target endpoint and the source endpoint;
      
      wherein the snooper is initialized and started on all of the complete list of endpoints.
  - 18. The system as recited in claim 15, further comprising:
    - fifth means for receiving snooping results from each of the at least one client;
      
      sixth means for filtering the snooping results to obtain filtered results corresponding to data requested by a user; and
      
      seventh means for presenting the filtered results.
  - 19. The system as recited in claim 18, wherein the sixth means for presenting the filtered results comprises displaying the results on a video display.
  - 20. The system as recited in claim 19, wherein the video display comprises a graphical user interface.
  - 21. The system as recited in claim 15, wherein the third means for initializing the snooper on the at least one client comprises:
    - fifth means for creating, by a java virtual machine within the snooper client, a packet filter definition corresponding to the packet type selected by a user;
      
      sixth means for sending the packet filter definition to the native operating system layer of the snooper client.

15. A system for analyzing network packets, the system comprising:
- first means for receiving snoop configuration information;
  
  second means for configuring a target endpoint and a source endpoint;
  
  third means for initialize a snooper on at least one client; and
  
  fourth means for snooping, by the at least one client, data packets transmitted through the target endpoint originating from the source endpoint and transmitted through the target endpoint destined for the source endpoint.

22. A system for network packet analyzing, comprising:
- at least one remote snooper client;
  
  a snooper manager server controlling execution of the at least one remote snooper client, the snooper manager server comprising a snooper logging database;
  
  a java virtual machine component of a snooper in the at least one remote snooper client; and
  
  a native operating system component of the snooper in the at least one remote snooper client;
  
  wherein the snooper is configurable by the snooper manager to snoop only certain types of data packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Chang, Ching-Jye, Ullmann, Lorin Evan

Granted Patent

US 7,269,647 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/238
CPC Class Codes

H04L 41/22   comprising specially adapte...

H04L 43/026   using flow identification

H04L 43/14   using software, i.e. softwa...

H04L 43/18   Protocol analysers

Simplified network packet analyzer for distributed packet snooper

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified network packet analyzer for distributed packet snooper

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links