Proactive Network Analysis System

US 20100020715A1
Filed: 08/03/2009
Published: 01/28/2010
Est. Priority Date: 07/29/2004
Status: Active Grant

First Claim

Patent Images

1. A proactive network analysis system providing an integrated compilation of network tools for diagnosing network problems, measuring network performance, and monitoring network status, the system comprising:

a distributed network packet capture data stream collector providing selective recordings of network traffic, including capturing of data packets and a user selectable display of individual fields within captured packets;

a traffic analyzer providing selected samples of specified end-to-end paths, wherein the sampling is at one of the network layer, the IP layer, OS layer, or application layer; and

a syslog recorder analyzer and archiving unit to collect and summarize log events from the network, wherein the syslog recorder analyzer and archiving unit provides Web-based analysis and reporting.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proactive network analysis system is a single unit for diagnosing network problems, measuring network performance, and monitoring network status in a comprehensive manner. The system is a compilation of individual tools including a distributed network packet capture data stream collector; a traffic analyzer; a performance graphing unit; a syslog recorder analyzer and archiving unit; a system availability monitor; a device configuration archiving unit; and a throughput measurement tool. The system can further provide an access list generator, an access list analyzer, a router DNS name generator and a service level agreement measurement device.

43 Citations

View as Search Results

20 Claims

1. A proactive network analysis system providing an integrated compilation of network tools for diagnosing network problems, measuring network performance, and monitoring network status, the system comprising:
- a distributed network packet capture data stream collector providing selective recordings of network traffic, including capturing of data packets and a user selectable display of individual fields within captured packets;
  
  a traffic analyzer providing selected samples of specified end-to-end paths, wherein the sampling is at one of the network layer, the IP layer, OS layer, or application layer; and
  
  a syslog recorder analyzer and archiving unit to collect and summarize log events from the network, wherein the syslog recorder analyzer and archiving unit provides Web-based analysis and reporting.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 15, 16, 17)
- - 2. The integrated proactive network analysis system of claim 1 further comprising an access list generating tool which generates a correct Access List entries to implement system policies.
  - 3. The integrated proactive network analysis system of claim 2 further comprising an Access List Analyzer tool which is configured to review an Access List and indicate which Access List entries are inconsistent and configured to provide for removal of inconsistent entries.
  - 4. The integrated proactive network analysis system of claim 1 further comprising a Layer 3 Topology mapping tool to map out the layer 3 topology of a given network, and configured to display results in tabular form, organized on a ‘
    - WAN Island’
      
      approach.
  - 6. The integrated proactive network analysis system of claim 3 further comprising an Intelligent Content Filter to filter and disallow bad webpages, wherein bad webpages are identified by their content using a ‘
    - bayesian’
      
      analysis that determines bad webpages based upon the frequency of bad content.
  - 7. The integrated proactive network analysis system of claim 6 wherein the system is configured to issue alert messages based on the text of syslog messages and configured to accept SNMP traps.
  - 8. The integrated proactive network analysis system of claim 6 further including a HTTP Latency Check tool that allows users to specify a URL, and get an exact measurement of the time it takes for a web page to load.
  - 9. The integrated proactive network analysis system of claim 6 further including a network mapper for network exploration and security auditing, wherein the network mapper uses raw IP packets to determine at least what hosts are available on the network, what services by application name and version those hosts are offering, what operating systems and OS versions they are running, and what type of packet filters and firewalls are in use.
  - 15. The integrated proactive network analysis system of claim 6 further including a device configuration archiving unit configured to document and automate network device configuration management allowing the network administrator to gather a baseline of current configurations, audit changes in configurations, rollback to previous known good configurations in the event of a disaster, and perform a risk assessment or impact analysis of planned changes.
  - 16. The integrated proactive network analysis system of claim 15 further including a system availability monitor which continuously monitors the components of the network testing specific component availability, wherein in the event of a failure or unavailability of a component, the unavailability of the component is recorded and the network administrator advised.
  - 17. The integrated proactive network analysis system of claim 15 further including a performance graphing unit that displays network activity graphically.

5. A proactive network analysis system providing an integrated compilation of network tools for diagnosing network problems, measuring network performance, and monitoring network status, the system comprising:
- a distributed network packet capture data stream collector providing selective recordings of network traffic;
  
  a traffic analyzer providing selected samples of specified end-to-end paths, wherein the sampling is at one of the network layer, the IP layer, OS layer, or application layer;
  
  a syslog recorder analyzer and archiving unit to collect and summarize log events from the network; and
  
  a remote access server identification tool to identify Remote Access Servers on the network, wherein the tool uses the following process;
  
  a. Check each known Layer 3 switch,b. On the router, get an ARP cache,c. Find any MAC address that has multiple IP addresses associated with it,d. Ignore known MAC addresses or vendor IDs,e. Ping the IP addresses, and check the TTL on the resultant response, wherein a primary server will have an TTL that is greater than remotely attached devices and based on the differing values of the TTL field, a RAS server can be identified with high probability.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The integrated proactive network analysis system of claim 5 wherein the system supports a patch mechanism, wherein the patch mechanism allows users to backup their settings, migrate their setting to other similar network management systems and import their settings from other similar network management systems.
  - 11. The integrated proactive network analysis system of claim 5 further including a service level agreement tool that tracks the level of service provided by a network provider and compares the result to the promises of the service level agreement.
  - 12. The integrated proactive network analysis system of claim 5 further including a DNS name generator tool that takes, as input, a router configuration file and outputs a meaningful name for each of the IP addresses in the configuration file.
  - 13. The integrated proactive network analysis system of claim 5 further including a Generating Access List tool that generates the correct Access List entries to implement the desired policies and provides reports that can be presented to the Security Audit staff for their review and approval of those policies.
  - 14. The integrated proactive network analysis system of claim 5 further including a Bandwidth estimation tool.

18. An integrated proactive network analysis system with diagnostic and management tools combined into a single system, the integrated system comprising:
- a distributed network packet capture data stream collector capturing of data packets and a user selectable display of individual fields within captured packets;
  
  a traffic analyzer assessing end-to-end network conditions by sampling specified end-to-end paths;
  
  a performance graphing unit configured to provide graphic visualization of system data;
  
  a syslog recorder analyzer and archiving unit providing event log consolidation for the network;
  
  a system availability monitor configured to monitor the components of the network testing component availability;
  
  a device configuration archiving unit configured to document and automate network device configuration management; and
  
  a throughput measurement tool.
- View Dependent Claims (19)
- - 19. The integrated proactive network analysis system of claim 18 further comprising an access list generator and an access list analyzer and a remote access server identification tool to identify Remote Access Servers on the network.

20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Solutions4networks
Original Assignee
Solutions4networks
Inventors
McGough, Michele R., Monaco, Jeffrey P.

Granted Patent

US 7,986,632 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 43/022   by sampling

H04L 43/0817   by checking functioning

H04L 43/0888   Throughput

Proactive Network Analysis System

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Proactive Network Analysis System

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links