Method and apparatus for monitoring file transfers and logical connections in a computer network
First Claim
1. A computer-implemented method of monitoring logical connections in a computer network, the computer network including a multiplicity of stations, a pair of stations exchanging packets via the computer network during a connection, each packet including protocol control information and user data, the protocol control information including a number of bytes of user data associated with the packet, a source station identifier, and a destination station identifier, the computer network including a connection record database having a multiplicity of records, each record including identifiers for a pair of stations associated with an existing logical connection, a last activity timestamp, and a number of bytes transferred during the logical connection, the method comprising the steps of:
- a) determining whether a packet is part of a logical connection upon receipt of the packet, the determination including examining whether the protocol control information includes transport layer information,b) identifying the logical connection that packet is part of by searching the connection record database for a record including a pair of stations matching the source station identifier and the destination station identifier of the packet;
c) creating a new record for the packet if no record is found identifying a pair of stations matching the source station identifier and the destination station identifier of the packet; and
d) updating the record for the logical connection which the packet is part of, the updating including changing the last activity timestamp of the record to a value representative of a current time and increasing the number of bytes transferred during the connections by the number of bytes of user data associated with the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of monitoring logical connections in a computer network is described. All packets exchanged via the network are intercepted and analyzed. Upon receipt of a packet, a connection management engine determines whether packet is part of an existing logical connection. If it is not, a new record is created and stored in a connection record database. Otherwise, the existing record for the logical connection in the connection record database is updated.
Also described is a method of monitoring file transfers in a computer network. File transfers are monitored using an file transfer record database, which allows each packet of the file transfer to be placed in proper context. Upon interception of a packet, an application management engine (AME) first determines whether the packet is part of a file transfer. If it is not, the AME ignores the packet. On the other hand, if the packet is part of a file transfer, then the AME determines whether if the packet is part of a new file transfer or a one of a multiplicity of existing file transfers. The AME creates a new record if the packet is the start of a new file transfer. If the packet is part of an existing file transfer, then the AME searches the file transfer record database to locate the record for the file transfer, which the packet is part of. Once located, the record is updated.
Apparatus for monitoring file transfers and logical connections are also described.
73 Citations
27 Claims
-
1. A computer-implemented method of monitoring logical connections in a computer network, the computer network including a multiplicity of stations, a pair of stations exchanging packets via the computer network during a connection, each packet including protocol control information and user data, the protocol control information including a number of bytes of user data associated with the packet, a source station identifier, and a destination station identifier, the computer network including a connection record database having a multiplicity of records, each record including identifiers for a pair of stations associated with an existing logical connection, a last activity timestamp, and a number of bytes transferred during the logical connection, the method comprising the steps of:
-
a) determining whether a packet is part of a logical connection upon receipt of the packet, the determination including examining whether the protocol control information includes transport layer information, b) identifying the logical connection that packet is part of by searching the connection record database for a record including a pair of stations matching the source station identifier and the destination station identifier of the packet; c) creating a new record for the packet if no record is found identifying a pair of stations matching the source station identifier and the destination station identifier of the packet; and d) updating the record for the logical connection which the packet is part of, the updating including changing the last activity timestamp of the record to a value representative of a current time and increasing the number of bytes transferred during the connections by the number of bytes of user data associated with the packet. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method of monitoring logical connections in a computer network, the computer network including a first multiplicity of stations, during a connection a pair of stations exchanging packets via the computer network, each packet including protocol control information and user data, the protocol control information including a number of bytes of user data associated with the packet, information including a source station identifier, a destination station identifier, and a network protocol identifier, said protocol control information including source network entity identifier and a destination network entity identifier, and a type field, each packet including a pair of transport entity identifiers, the computer network including a connection record database having a second multiplicity of records, each record including identifiers for a pair of stations associated with an existing logical connection, a pair of transport entity identifiers, a start of activity timestamp, a last activity timestamp, and a total number of bytes transferred during the logical connection, the method comprising the steps of:
-
a) determining whether a packet is part of a logical connection upon receipt of the packet; b) ignoring the packet if it is not part of a logical connection; c) searching the connection record database for a third multiplicity of records identifying a pair of stations matching the source station identifier and the destination station identifier; d) creating a new record for the packet if no record is found with a pair of station identifiers matching the source station identifier and the destination station identifier of the packet; e) searching the third multiplicity of records for a first set of records including a pair of network entity identifiers matching the source and destination network entity identifiers of the packet; f) creating a new record for the packet if no record is found including a pair of network entity identifiers matching the source and destination network entity identifiers of the packet; g) searching the first set of records for a selected record, the selected record including a pair of transport entity identifiers matching a source and destination transport entity identifiers of the packet; h) creating a new record for the packet if no record is found including a pair of transport entity identifiers matching the source and destination transport entity identifiers of the packet; and i) updating the selected record, the updating including changing the last activity timestamp of the selected record to a value representative of a current time and updating the total number of bytes of user data transferred during the connection by the number of bytes of user data associated with the packet. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method of monitoring logical connections in a computer network, the computer network including a first multiplicity of stations, during a connection a pair of stations exchanging packets via the computer network, each packet including protocol control information and user data, the protocol control information including datalink layer information, network layer information, transport layer information, and a total number of bytes of user data associated with the packet, the datalink layer information including a source station identifier, a destination station identifier, and a network protocol identifier, the network layer information including a source network entity identifier and a destination entity identifier, and a type field, each packet including one of connection id and a pair of transport entity identifiers, the computer network including a connection record database having a second multiplicity of records, each record including identifiers for a pair of stations associated with an existing logical connection, one of a connection id and a pair of transport entity identifiers, a start of activity timestamp, a last activity timestamp, and a total number of bytes transferred during the logical connection, the method comprising the computer-implemented steps of:
-
a) determining whether a packet is part of a logical connection upon receipt of the packet; b) ignoring the packet if it is not part of a logical connection; c) searching the connection record database for a third multiplicity of records identifying a pair of stations matching the source station identifier and the destination station identifier; d) creating a new record for the packet if no record is found with a pair of station identifiers matching the source station identifier and the destination station identifier of the packet; e) searching the third multiplicity of records for a first set of records including a pair of network entity identifiers matching the source and destination network entity identifiers of the packet; f) creating a new record for the packet if no record is found including a pair of network entity identifiers matching the source and destination network entity identifiers of the packet; g) determining whether the packet uses a Novell protocol by examining the type field of the network layer information of the packet; h) if the packet uses the Novell protocol; 1) searching the first set of records for a selected record, the selected record including a connection id matching the connection id of the packet,; 2) creating a new record for the packet if no record is found including a connection id matching the connection id of the packet; i) if the packet does not use the Novell protocol; 1) searching the first set of records for a selected record, the selected record including a pair of transport entity identifiers matching a source and destination transport entity identifiers of the packet; 2) creating a new record for the packet if no record is found including a pair of transport entity identifiers matching the source and destination transport entity identifiers of the packet; and j) updating the selected record by changing the last activity timestamp of the selected record to a value representative of a current time and updating the total number of bytes of user data transferred during the connection by the number of bytes of user data associated with the packet. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented method of monitoring logical connections in a computer network, the computer network including a plurality of stations including, at least a pair of stations configured to exchange packets via the computer network during a connection, each packet including protocol control information and user data, the protocol control information including a number of bytes of user data associated with the packet, each packet including a pair of transport entity identifiers, the computer network including a connection record database having at least one record, each record including a pair of transport entity identifiers, a start of activity timestamp, a last activity timestamp, and a total number of bytes transferred during the logical connection, the method comprising the steps of:
-
a) determining whether a packet is part of a logical connection upon receipt of the packet; b) searching the connection record database for a selected record, the selected record including a pair of transport entity identifiers matching a source and destination transport entity identifiers of the packet; c) creating a new record for the packet if no record is found including a pair of transport entity identifiers matching the source and destination transport entity identifiers of the packet; and d) updating the selected record by changing the last activity timestamp of the selected record to a value representative of a current time and updating the total number of bytes of user data transferred during the connection by the number of bytes of user data associated with the packet. - View Dependent Claims (21, 22)
-
-
23. A computer-implemented method of monitoring logical connections in a computer network, the computer network including a plurality of stations, including at least a pair of stations configured to exchange packets via the computer network during a connection, each packet including protocol control information and user data, the protocol control information including a number of bytes of user data associated with the packet, each packet including one of a connection id and a pair of transport entity identifiers, the computer network including a connection record database having at least one record, each record including one of a connection id and a pair of transport entity identifiers, a start of activity timestamp, a last activity timestamp, and a total number of bytes transferred during the logical connection, the method comprising the steps of:
-
a) determining whether a packet is part of a logical connection; b) determining whether the packet uses a Novell protocol; c) if the packet does not use the Novell protocol; 1) searching the connection record database for a selected record, the selected record including a pair of transport entity identifiers that match a source and destination transport entity identifiers of the packet; 2) creating a new record for the packet if no record is found including a pair of transport entity identifiers that match the source and destination transport entity identifiers of the packet; and d) updating the selected record by changing the last activity timestamp of the selected record to a value representative of a current time and updating the total number of bytes of user data transferred during the connection by the number of bytes of user data associated with the packet. - View Dependent Claims (24, 25, 26, 27)
-
Specification