Network monitoring system and method thereof

US 20080002595A1
Filed: 06/20/2007
Published: 01/03/2008
Est. Priority Date: 06/23/2006
Status: Active Grant

First Claim

Patent Images

1. A Hardware-based network monitoring system for monitoring network data traffic, said monitoring system comprises, (i) packet processing engine consisting of, (a) network processor for sniffing the packets and for analyzing traffic, and (b) core engine for packet processing consisting of, means for extraction of protocols to build protocol analysis data at protocol level and application level, means for protocol-based analysis of the packets, and/or (ii) application layer Processor for Session level Analysis consisting of, (a) means for extraction of every session and to build session data, and (b) means for session-based analysis of the packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet processing engine is disclosed which comprises (a) packet processor for sniffing the packets and for analyzing traffic, and (b) core engine for packet processing. The core engine comprises means for extraction of protocols to build protocol analysis data and means for protocol-based analysis of the packets.

31 Citations

View as Search Results

22 Claims

1. A Hardware-based network monitoring system for monitoring network data traffic, said monitoring system comprises, (i) packet processing engine consisting of, (a) network processor for sniffing the packets and for analyzing traffic, and (b) core engine for packet processing consisting of, means for extraction of protocols to build protocol analysis data at protocol level and application level, means for protocol-based analysis of the packets, and/or (ii) application layer Processor for Session level Analysis consisting of, (a) means for extraction of every session and to build session data, and (b) means for session-based analysis of the packets.
- View Dependent Claims (2, 3, 4)
- - 2. The network monitoring system as claimed in claim 1, wherein session level analyzer automatically uses host memory in case on-board memory is not enough.
  - 3. The network monitoring system as claimed in claim 1, wherein session level analyzer interface in attached to a host System using the PCI interface.
  - 4. The network monitoring system as claimed in claim 1, wherein said microengine enables analysis of Transmission control protocol (TCP), User datagram Protocol (UDP), Hyper text Transfer protocol (HTTP), Simple mail transfer Protocol/Post office Protocol 3(SMTP/POP3), Real-time Transport Protocol (RTP), Session Initiation Protocol (SIP), H.323 (real-time voice and videoconferencing over packet networks), Voice over Internet Protocol (VoIP), internet control message protocol (ICMP), Telnet, File transfer Protocol (FTP) and Domain name System (DNS) packet.

5. A hardware-based method for monitoring Network data traffic, said method comprising steps of;
- o. sniffing packets, p. checking the sniffed packets for fragmentation and reassembling, q. analyzing the checked packets for protocols, r. saving the analyzed packets onto host memory, s. creating sessions from the saved packets, t. analyzing and thereby segregating the sessions, and u. uploading the segregated sessions onto the host memory.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 6. The method as claimed in claim 5, wherein packets are fragmented and de-fragmented using identification field.
  - 7. The method as claimed in claim 5, wherein analyzing the packets using Source IP, Destination IP, Protocol field, data load, packet counter, packet size, time stamp, source mac address, destination mac address, source port, destination port, TCP control flags, and TCP type of service.
  - 8. The method as claimed in claim 5, wherein the method updates database and upload it onto the host memory with timestamp.
  - 9. The method as claimed in claim 5 wherein said method segregate the packet to a protocol selected from a group comprising Transmission control protocol (TCP), User datagram Protocol (UDP), Hyper text Transfer protocol (HTTP), Simple mail transfer Protocol/Post office Protocol 3(SMTP/POP3), Realtime Transport Protocol (RTP), Session Initiation Protocol (SIP), H.323 (realtime voice and videoconferencing over packet networks), Voice over Internet Protocol (VoIP), internet control message protocol (ICMP), Telnet, File transfer Protocol (FTP) and Domain name System (DNS).
  - 10. The method as claimed in claim 5, wherein the Hyper Text Transport protocol (HTTP) sessions are segregated along with extracted information consisting of request method, web-site name, url, content type apart from start and end time stamp of the session.
  - 11. The method as claimed in claim 5, wherein the SMTP/POP3 sessions are segregated along with extracted information consisting of username, password, from, to, subject, attached filenames.
  - 12. The method as claimed in claim 5, wherein network traffic with “
    - Keep alive”
      
      parameter is handled as a single session and multiple sessions are handled as separate sessions.
  - 13. The method as claimed in claim 5, wherein the method performs indexing of files for assisting in searching, sorting, aggregating, displaying of graphs and charts and for supporting queries/query scripts/languages.
  - 14. The method as claimed in claim 5, wherein the session is saved in two segments called index file and data file.
  - 15. The method as claimed in claim 14, wherein said index file consist of fixed length records, does not contain the raw packet data only consist of a pointer to corresponding raw packet data record in the data file.
  - 16. The method as claimed in claim 14, wherein said data file consist of variable length records and contains actual raw packet data which is of variable length.
  - 17. The method as claimed in claim 14, wherein the method provides aggregation of packets on the basis of filter criteria and content match.
  - 18. The method as claimed in claim 14, wherein the method performs on the fly filter creation at hardware level.
  - 19. The method as claimed in claim 14, wherein the method performs de-fragmentation of fragmented packets and analysis of the packets on reassembled packets.
  - 20. The method as claimed in claim 14, wherein incomplete sessions are also compiled to the extent available, ensuring each and every packet is accounted for.
  - 21. The method as claimed in claim 14, wherein the method traces the origin of the traffic in the network.
  - 22. The method as claimed in claim 21, wherein the origin of the traffic is identified using MAC address of the source and destination of the session, start and end time of the session and unique tag assigned to processing engine and application layer processor card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Office Automation Company Limited, Toshimitsu Tazaki
Original Assignee
Nippon Office Automation Company Limited, Toshimitsu Tazaki
Inventors
Rao, Umesh

Granted Patent

US 8,144,609 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 43/18 Protocol analysers

H04L 67/14 Session management for real...

Network monitoring system and method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Network monitoring system and method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links