Storing, retrieving and displaying captured data in a network analysis system

US 20040133733A1
Filed: 11/06/2003
Published: 07/08/2004
Est. Priority Date: 11/06/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of storing data from a network for use in network analysis, the method comprising:

capturing network traffic on a network during a period of time, wherein the network traffic is captured as raw data;

organizing the raw data into logical blocks on a mass storage; and

compiling data points, each data point defining information about one of the logical blocks, each data point including;

an offset defining a number of bytes into the captured network traffic; and

datum headers including a number of frames in a logical block, number of bytes contained in the logical block, and clock ticks since the initiation of capturing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Analyzing data on a network. A method of analyzing data on a network is disclosed. The method includes capturing network traffic on the network during a period of time where the network traffic is captured as raw data into data blocks. The data blocks are streamed to a mass storage. The data blocks are organized into logical blocks on the mass storage. A set of data points are compiled. The data points are useful for defining information about the logical blocks. The data points include an offset defining a number of bytes into the captured data and datum headers including the number of frames into a logical block, number of bytes contained in the logical block and clock ticks since the initiation of capturing.

Citations

21 Claims

1. A method of storing data from a network for use in network analysis, the method comprising:
- capturing network traffic on a network during a period of time, wherein the network traffic is captured as raw data;
  
  organizing the raw data into logical blocks on a mass storage; and
  
  compiling data points, each data point defining information about one of the logical blocks, each data point including;
  
  an offset defining a number of bytes into the captured network traffic; and
  
  datum headers including a number of frames in a logical block, number of bytes contained in the logical block, and clock ticks since the initiation of capturing.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, the offset of a particular data point defining the first byte of a logical block associated with the particular data point.
  - 3. The method of claim 1, further comprising writing the logical blocks to the mass storage in a captured data storage portion of a capture.
  - 4. The method of claim 3, further comprising writing the compiled data points to the mass storage in a histogram data storage portion of the capture after the act of capturing has been completed.
  - 5. The method of claim 4, further comprising writing a capture header portion of the capture to the mass storage, the capture header including at least one of:
    - a parity string used to verify the validity of the raw data;
      
      speed at which capturing network traffic occurs;
      
      start and stop times when capturing network traffic occurs;
      
      number of frames captured; and
      
      whether the captured network traffic is sliced or truncated and the length of a slice or truncation.

6. A method of analyzing network traffic, the network traffic being captured data on a network during a period of time, the method comprising:
- accessing a plurality of data points corresponding to logical blocks of the network traffic, the data points comprising;
  
  an offset defining a number of bytes into the captured data;
  
  a number of frames in a logical block;
  
  a number of bytes contained in the logical block; and
  
  a number of clock ticks since the initiation of capturing; and
  
  presenting a user with a graphical user interface representation of the network traffic, by graphing the data points to show byte density over time in a capture histogram.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein presenting is accomplished by presenting the graphical user interface to a user that is remote from the mass storage.
  - 8. The method of claim 6, wherein presenting a user with a graphical user interface representation of the network traffic comprises:
    - including a zoom window, the zoom window useful for highlighting a segment of the capture histogram; and
      
      representing the segment of the capture histogram in a zoom histogram.
  - 9. The method of claim 8, further comprising:
    - including a data selection window useful for highlighting a segment of the zoom histogram; and
      
      displaying data frames corresponding to the highlighted segment of the zoom histogram.
  - 10. The method of claim 9, further comprising:
    - formatting the raw data that is necessary for displaying the data packets corresponding to the highlighted segments of the zoom histogram; and
      
      calculating packet timestamp values from the clock ticks for displaying the packet timestamp values with the formatted raw data.
  - 11. A computer readable medium with instructions for performing the method of claim 10.

12. A computer readable medium having a plurality of data fields stored on the medium and representing a data structure, comprising:
- a captured data storage field containing data stored in logical blocks representing data frames captured during a capture operation; and
  
  a histogram data storage field containing data representing a compilation of data points, each data point comprising;
  
  an offset defining a number of bytes into the data frames captured during the capture operation; and
  
  datum headers including a number frames in a logical block, number of bytes contained in the frames, and clock ticks since the initiation of capturing.
- View Dependent Claims (13, 14, 15)
- - 13. The computer readable medium of claim 12, further comprising a capture header.
  - 14. The computer readable medium of claim 13, the capture header including at least one of:
    - a parity string used to verify the validity of raw data;
      
      speed at which the capture operation occurred;
      
      start and stop times when the capture operation occurred;
      
      number of frames captured in the capture operation; and
      
      whether the data captured in the capture operation is sliced or truncated and the length of the slice or truncation.
  - 15. The computer readable medium of claim 12, the offset defining a first byte of the logical block.

16. In a computer system having a graphical user interface, a method of displaying captured network traffic, the method comprising:
- retrieving data points from at least a portion of a capture, the data points comprising;
  
  an offset defining a number of bytes into captured raw data of the captured network traffic, the raw data organized into logical blocks or datums; and
  
  datum headers including the number of frames in a logical block, number of bytes contained in the logical block, and clock ticks since the initiation of capturing. presenting a user with a graphical user interface representation in the form of a histogram of the network traffic using the data points by graphing byte density over time.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, further comprising:
    - the user computer configured to allow a user to select of a portion of the histogram; and
      
      displaying data frames corresponding to the selected portion of the histogram.
  - 18. The method of claim 16, further comprising formatting the raw data for display including calculating packet timestamp values.
  - 19. The method of claim 16, wherein presenting a user with a graphical user interface representation in the form of a histogram of the network traffic using the data points by graphing byte density over time comprises:
    - presenting a capture histogram that represents all of the captured network traffic;
      
      rendering a zoom window within the capture histogram;
      
      presenting a zoom histogram from the zoom window in the capture histogram, receiving input whereby a user selects a portion of the zoom histogram; and
      
      displaying the data represented by the selected portion of the zoom histogram.
  - 20. The method of claim 19, wherein the zoom histogram is a slave to the capture histogram.
  - 21. The method of claim 19, further comprising:
    - presenting a data selection window in the zoom histogram;
      
      receiving a user selection of a portion of the histogram with the data selection window; and
      
      displaying data frames corresponding to the selected portion of the histogram.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finisar Corporation (II-VI Incorporated)
Original Assignee
Finisar Corporation (II-VI Incorporated)
Inventors
Tran, Cuong, Carter, Gary, Bean, Timothy E., Pelger, Scott

Application Number

US10/703,167
Publication Number

US 20040133733A1
Time in Patent Office

Days
Field of Search
US Class Current

711/100
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/022   by sampling

H04L 43/045   for graphical visualisation...

H04L 43/106   using time related informat...

Storing, retrieving and displaying captured data in a network analysis system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Storing, retrieving and displaying captured data in a network analysis system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links