Real time monitoring of TCP flows

US 20070070916A1
Filed: 09/12/2006
Published: 03/29/2007
Est. Priority Date: 09/23/2005
Status: Active Grant

First Claim

Patent Images

1. A method for real time monitoring of at least one TCP flow comprising:

monitoring TCP packets flowing past a particular point in a TCP network;

determining a flow trace including at least source and destination addresses and source and destination port numbers for each TCP packet;

creating a packet record for each monitored TCP packet within a determined flow trace, the packet record including at least a transmitted sequence number and an actual received sequence number;

determining an expected received sequence number for each packet record from the transmitted sequence number and the expected received sequence number of the previously received packet; and

determining a difference between the expected received sequence number for each packet record and the actual received sequence number for that packet record to thereby determine by how much a particular packet was moved out of sequence.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for real time monitoring of at least one TCP flow involves monitoring TCP packets flowing past a particular point in a TCP network. A flow trace including at least source and destination addresses for each TCP packet is determined and a packet record for each monitored TCP packet within a determined flow trace is created. Each of the packet records includes at least a transmitted order number and an actual received sequence number, from which an expected received sequence number for each packet record is determined and stored in the packet record. The difference between the expected received sequence number for each packet record and the expected received sequence number for the previous packet record is used to thereby determine by how much a particular packet was moved out of sequence.

49 Citations

View as Search Results

17 Claims

1. A method for real time monitoring of at least one TCP flow comprising:
- monitoring TCP packets flowing past a particular point in a TCP network;
  
  determining a flow trace including at least source and destination addresses and source and destination port numbers for each TCP packet;
  
  creating a packet record for each monitored TCP packet within a determined flow trace, the packet record including at least a transmitted sequence number and an actual received sequence number;
  
  determining an expected received sequence number for each packet record from the transmitted sequence number and the expected received sequence number of the previously received packet; and
  
  determining a difference between the expected received sequence number for each packet record and the actual received sequence number for that packet record to thereby determine by how much a particular packet was moved out of sequence.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method according to claim 1, further comprising determining a difference between the expected received sequence number for a particular packet record and the expected received sequence number for the previous actually received packet record to thereby determine by how much the particular packet has moved out of sequence.
  - 3. A method according to claim 1, further comprising determining the ratio of the rate of change of actual received sequence numbers to the rate of change of the expected received sequence numbers.
  - 4. A method according to claim 3, wherein the ratio is determined over a number of packet records of at least three.
  - 5. A method according to claim 1, wherein each packet record further includes information relating to time of receipt of that packet and the method further comprises determining the rate of change of inter-packet arrival times.
  - 6. A method according to claim 5, wherein the rate of change of inter-packet arrival times is determined according to expected received sequence number.
  - 7. A method according to claim 5, wherein the rate of change of inter-packet arrival times is determined according to actual received sequence number.
  - 8. A method according to claim 5, wherein the rate of change of inter-packet arrival times is determined over a number of packet records of at least three.
  - 9. A method according to claim 1, wherein the transmitted sequence number comprises the TCP Transmission Sequence Number provided by the source of the packets.
  - 10. A method according to claim 1, wherein the transmitted sequence number comprises the IP ID of the packet.
  - 11. A method according to claim 10, wherein the transmitted sequence number comprises the TCP Transmission Sequence Number provided by the source of the packets, and the number of retransmitted packets is provided by the number of packet records having the same TCP Transmission Sequence Number but having a different IP ID.
  - 12. A method according to claim 11, wherein a Goodput measure is provided by the number of packets transmitted less the number of retransmitted packets.
  - 13. A method according to claim 10, wherein the transmitted sequence number comprises the TCP Transmission Sequence Number provided by the source of the packets, and the number of duplicate packets is provided by the number of packet records having the same TCP Transmission Sequence Number and the same IP ID.
  - 14. A method according to claim 1, wherein the number of reordered packets is provided by the number of packet records arriving out of sequence but not having the same transmitted sequence number.
  - 15. A method according to claim 1, wherein the TCP packets relating to the same flow are monitored at different points in the network, and the flow traces are provided to a correlator for further analysis of anomalies in the network.
  - 16. A method according to claim 1, wherein the TCP packets relating to different flows are monitored concurrently at the same point in the network.
  - 17. A method according to claim 1, further comprising determining the difference between the rate of change of actual received sequence numbers and the rate of change of the expected received sequence numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Original Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Inventors
Lehane, Andrew, Curran-Gray, Martin, Arthur, Colin, Girma, Demessie

Granted Patent

US 7,945,661 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 43/18 Protocol analysers

Real time monitoring of TCP flows

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Real time monitoring of TCP flows

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links