PACKET TIME STAMP PROCESSING METHODS, SYSTEMS, AND APPARATUS

US 20150009840A1
Filed: 07/03/2014
Published: 01/08/2015
Est. Priority Date: 07/03/2013
Status: Abandoned Application

First Claim

Patent Images

1. A network monitor for monitoring a network device coupled to a network, the network device receiving packets and adding a first time stamp to the packets, the network monitor comprising:

a connection port configured to receive at least one packet from the network device;

a presentation device; and

a processor coupled to the connection port and the presentation device, the processor configured to add a second time stamp to the at least one packet, compare the first time stamp and the second time stamp of each of the at least one packet, and identify an anomaly associated with the at least one packet in response to a difference metric generated based on the first and second time stamps of a set of one or more packets exceeding a threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus for monitoring network devices and identifying packet anomalies are described herein. Anomalies may be identified by receiving packets from a network device at a network monitor, each packet having a first time stamp added by the network device, adding a second time stamp to the packets by the network monitor, comparing the first time stamp and the second time stamp of each packet, and identifying an anomaly associated with a packet in response to a difference metric generated based on the first and second time stamps exceeding a threshold.

Citations

20 Claims

1. A network monitor for monitoring a network device coupled to a network, the network device receiving packets and adding a first time stamp to the packets, the network monitor comprising:
- a connection port configured to receive at least one packet from the network device;
  
  a presentation device; and
  
  a processor coupled to the connection port and the presentation device, the processor configured to add a second time stamp to the at least one packet, compare the first time stamp and the second time stamp of each of the at least one packet, and identify an anomaly associated with the at least one packet in response to a difference metric generated based on the first and second time stamps of a set of one or more packets exceeding a threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The network monitor of claim 1, further comprising:
    - a user interface coupled to the processor;
      
      the user interface configured to receive a threshold instruction from a user for setting the threshold; and
      
      the processor further configured to set the threshold responsive to the threshold instruction.
  - 3. The network monitor of claim 1, wherein the set includes two or more packets and wherein the processor is configured to identify the anomaly when the average difference between the first and second time stamps of the two or more packets exceeds the threshold.
  - 4. The network monitor of claim 1, wherein the threshold is between 10 milliseconds and 90 milliseconds.
  - 5. The network monitor of claim 1, wherein the anomaly is indicative of at least one of excessive processing latency by the network device, a bad connection between the network device and the network monitor, or a corruption of the first time stamp.
  - 6. The network monitor of claim 1, wherein the processor of the network monitor is further configured to analyze the received at least one packets based on the second time stamp added by the network monitor.
  - 7. The network monitor of claim 1, wherein the processor of the network monitor is further configured to compare a type of each of the at least one packet to a set of one or more predefined packet types associated with the threshold and wherein the processor of the network monitor is configured to identify the anomaly further based on a match between the type of the at least one packet and the one or more predefined packet types in the set.
  - 8. The network monitor of claim 7, wherein the processor of the network monitor is further configured to compare the type of each of the at least one packet to another set of one or more predefined packet types associated with another threshold and wherein the processor of the network monitor is configured to identify the anomaly further based on a match between the type of the at least one packet and the one or more predefined packet types in the other set and the difference metric generated based on the first and second time stamps of the set of one or more packets exceeding the other threshold.
  - 9. The network monitor of claim 7, further comprising:
    - a user interface coupled to the processor;
      
      the user interface configured to receive a monitoring instruction from a user for identifying packet types associated with the set of one or more packets; and
      
      the processor further configured to define the set of one or more packets responsive to the monitoring instruction.

10. A network monitoring method comprising:
- receiving at least one packet from a network device at a network monitor, each packet having a first time stamp added by the network device;
  
  adding a second time stamp to the at least one packet by the network monitor;
  
  comparing the first time stamp and the second time stamp of each of the at least one packet; and
  
  identifying an anomaly associated with the at least one packet in response to a difference metric generated based on the first and second time stamps of a set of one or more packets exceeding a threshold.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, further comprising:
    - receiving a threshold instruction from a user for setting the threshold; and
      
      setting the threshold responsive to the threshold instruction.
  - 12. The method of claim 10, wherein the set includes two or more packets and wherein the anomaly is identified when the average difference between the first and second time stamps of the two or more packets exceeds the threshold.
  - 13. The method of claim 10, further comprising:
    - determining that the anomaly is indicative of at least one of excessive processing latency by the network device, a bad connection between the network device and the network monitor, or a corruption of the first time stamp.
  - 14. The method of claim 10, further comprising:
    - analyzing the received at least one packet based on the second time stamp added by the network monitor.
  - 15. The method of claim 10, further comprising:
    - comparing a type of each of the at least one packet to a set of one or more predefined packet types associated with the threshold;
      
      wherein the anomaly is identified further based on a match between the type of the at least one packet and the one or more predefined packet types in the set.
  - 16. The method of claim 15, further comprising:
    - comparing the type of each of the at least one packet to another set of one or more predefined packet types associated with another threshold;
      
      wherein the anomaly is identified further based on a match between the type of the at least one packet and the one or more predefined packet types in the other set and the difference metric between the compared first and second time stamps of the set of one or more packets exceeding the other threshold.
  - 17. The method of claim 15, further comprising:
    - receiving a monitoring instruction from a user for identifying packet types associated with the set of one or more packets; and
      
      defining the set of one or more packets responsive to the monitoring instruction.

18. A network monitoring system comprising:
- a network device coupled to a network, the network device configured to receive packets and to add a first time stamp to the packets; and
  
  a network monitor coupled to the network device, the network monitor configured to receive at least one packet with the added first time stamp from the network device, add a second time stamp to the at least one packet, compare the first time stamp and the second time stamp of each of the at least one packet, and identify an anomaly associated with the at least one packet in response to a difference metric generated based on the first and second time stamps of a set of one or more packets exceeding a threshold.
- View Dependent Claims (19, 20)
- - 19. The network monitoring system of claim 18 wherein the network monitor is further configured to compare a type of each of the at least one packet to a set of one or more predefined packet types associated with the threshold and to identify the anomaly further based on a match between the type of the at least one packet and the one or more predefined packet types in the set.
  - 20. The network monitoring system of claim 18, wherein the set includes two or more packets and wherein the anomaly is identified when the average difference between the first and second time stamps of the two or more packets exceeds the threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Niksun, Inc.
Original Assignee
Niksun, Inc.
Inventors
PRUTHI, PARAG, Le, Viet, Heybey, Andrew, Mac Stoker, Christopher

Application Number

US14/323,603
Publication Number

US 20150009840A1
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 43/0852   Delays

H04L 43/106   using time related informat...

H04L 43/16   Threshold monitoring

PACKET TIME STAMP PROCESSING METHODS, SYSTEMS, AND APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PACKET TIME STAMP PROCESSING METHODS, SYSTEMS, AND APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links