Identifying a transaction of interest within a network
First Claim
1. A method of identifying packets within a transmission stream that are related to an activity, the method comprising the acts of:
- classifying transactions utilizing characteristics that identify an activity based on user-level actions (ULAs); and
extracting packets of the transactions from the transmission stream that correspond to the activity.
1 Assignment
0 Petitions
Accused Products
Abstract
Transactions within a transmission stream are identified that are related to an activity. The transactions are classified utilizing characteristics that identify the activity. Packets of the transaction are extracted from the transmission stream that corresponds to the activity. The extracted packets are presented in a visualization that identifies the packets and source and sink devices of the packets. The packets may be identified from a network trace. Classifying transactions includes identifying patterns present in packets to identify related transactions and/or packets that are temporally correlated. The characteristics may include heuristics related to a communication protocol of the transactions, examining temporal relationships of the packets, and/or identifying DNS requests related to the packets. The extracted packets may be presented as a tier pair circle wherein related devices are presented around a circumference of the tier pair circle and packet traffic between devices is indicated by a joining line.
18 Citations
28 Claims
-
1. A method of identifying packets within a transmission stream that are related to an activity, the method comprising the acts of:
-
classifying transactions utilizing characteristics that identify an activity based on user-level actions (ULAs); and
extracting packets of the transactions from the transmission stream that correspond to the activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An application embodied on a computer readable medium configured to identifying packets within a transmission stream that are related to an activity, the application comprising:
-
a portion configured to classify transactions based on one or more characteristics that identify an activity; and
a portion configured to extract packets of the transactions from the transmission stream that correspond to the activity. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification