Method and apparatus for monitoring file transfers and logical connections in a computer database featuring a file transfer record database
First Claim
Patent Images
1. A computer-implemented method comprising:
- a) determining if a packet represents a part of a file transfer;
b) if the packet represents a part of a file transfer;
1) determining if the packet is part of a new file transfer or a one of a third multiplicity of existing file transfers;
2) creating a new record if the packet is part of the new file transfer;
3) if the first packet is a part of one of the third multiplicity of existing file transfers;
A) locating a first existing record in a file transfer record database for the existing file transfer which the packet is part of;
B) updating a second timestamp of the first existing record to a value representative of a current time;
C) updating a total number of bytes exchanged by a number of bytes of user data associated with the packet.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of monitoring logical connections in a computer network is described. All packets exchanged via the network are intercepted and analyzed. Upon receipt of a packet, a connection management engine determines whether packet is part of an existing logical connection. If it is not, a new record is created and stored in a connection record database. Otherwise, the existing record for the logical connection in the connection record database is updated.
Also described is a method of monitoring file transfers in a computer network. File transfers are monitored using an file transfer record database, which allows each packet of the file transfer to be placed in proper context. Upon interception of a packet, an application management engine (AME) first determines whether the packet is part of a file transfer. If it is not, the AME ignores the packet. On the other hand, if the packet is part of a file transfer, then the AME determines whether if the packet is part of a new file transfer or a one of a multiplicity of existing file transfers. The AME creates a new record if the packet is the start of a new file transfer. If the packet is part of an existing file transfer, then the AME searches the file transfer record database to locate the record for the file transfer, which the packet is part of. Once located, the record is updated.
Apparatus for monitoring file transfers and logical connections are also described.
-
Citations
12 Claims
-
1. A computer-implemented method comprising:
-
a) determining if a packet represents a part of a file transfer;
b) if the packet represents a part of a file transfer;
1) determining if the packet is part of a new file transfer or a one of a third multiplicity of existing file transfers;
2) creating a new record if the packet is part of the new file transfer;
3) if the first packet is a part of one of the third multiplicity of existing file transfers;
A) locating a first existing record in a file transfer record database for the existing file transfer which the packet is part of;
B) updating a second timestamp of the first existing record to a value representative of a current time;
C) updating a total number of bytes exchanged by a number of bytes of user data associated with the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
a) comparing a first value of the first type field to a second value representative of file transfer; and
b) identifying the packet as part of a file transfer if the first value and the second value are equal.
-
-
3. The method of claim 1 wherein the step of determining if the packet is part of a new file transfer comprises the steps of:
-
a) comparing the source station identifier and the destination station identifier of the protocol control information to the pair of stations identified in each record; and
b) identifying the packet as part of the new file transfer if there is no record in the file transfer record database identifying a pair of stations matching the source station and the destination station identifiers of the protocol control information.
-
-
4. The method of claim 3 wherein the protocol control information of the packet includes application layer information, the application layer information including a second type field, and wherein determining whether the packet is part of a new file transfer further comprises the step of:
-
a) comparing a third value of the second type field of the application layer to a fourth value representative of an open file request; and
b) identifying the packet as part of the new connection if the third value equals the fourth value.
-
-
5. The method of claims 1 wherein the step of creating a new record comprises the steps of:
-
a) storing a first value representative of the source station identifier of the packet;
b) storing a second value representative of the destination station identifier of the packet;
c) storing the total number of bytes of user data associated with the packet.
-
-
6. The method of claim 1 wherein the computer network includes a station database identifying each station in the computer network and wherein the first value representative of the source station identifier is a first pointer into the station database.
-
7. The method of claim 6 wherein the second value representative of the destination station identifier is a second pointer into the station database.
-
8. A computer-implemented method comprising:
-
a) determining if a packet represents a part of a file transfer by comparing a first value of a first type field to a second value representative of file transfer;
b) discarding the packet if the packet is not part of a file transfer;
c) identifying the packet as part of a new file transfer by comparing a third value of a second type field to a fourth value representative of an open file request;
d) creating a new record for file transfer associated with the packet if a third value equals the fourth value;
e) if the third value does not equal the fourth value searching a file transfer record database for a first set of records including a pair of station identifiers matching a source station identifier and a destination station identifier of the packet;
f) creating a new record for the packet if no record is found including a pair of station identifiers matching the source station identifier and the destination station identifier of the packet;
g) if the first set of records are found, searching the first set of records for a desired record having a file transfer id matching a one of a source network entity identifier and a destination network entity identifier of the packet;
h) creating a new record for the packet if no record is found including a file transfer matching one of the source network entity identifier and the destination network entity identifier of the packet; and
i) if a desired record is located, updating a second timestamp of the desired record to a value representative of a current time and updating a total number of bytes exchanged by a number of bytes of user data associated with the packet. - View Dependent Claims (9, 10, 11, 12)
a) storing a first value representative of the source station identifier of the packet;
b) storing a second value representative of the destination station identifier of the packet;
c) storing an applications program identifier representative of a one of the source network entity identifier and the destination network entity identifier of the packet;
d) storing a file transfer id representative of the file transfer id of the packet; and
e) storing the total number of bytes of user data associated with the packet.
-
-
10. The method of claim 8 wherein the computer network includes a station database identifying each station in the computer network and wherein the first value representative of the source station identifier is a first pointer into the station database.
-
11. The method of claim 10 wherein the second value representative of the destination station identifier is a second pointer into the station database.
-
12. The method of claim 8 wherein the computer network includes an applications program database identifying each applications program operating in the computer network, and wherein the applications program identifier is a third pointer into the applications programs database.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsThomas, Christopher S., Welch, Frank K. Jr., Baggleman, Thomas M., Sternberg, Jay E.
-
Primary Examiner(s)AMSBURY, WAYNE P
-
Assistant Examiner(s)Trinh, William
-
Application NumberUS09/133,014Time in Patent Office1,021 DaysField of Search707/10, 709/224, 709/223, 709/238, 709/240, 709/241, 709/242US Class Current709/224CPC Class CodesH04L 43/00 Arrangements for monitoring...H04L 43/026 using flow identificationH04L 43/106 using time related informat...H04L 67/06 specially adapted for file ...H04L 69/329 in the application layer [O...H04L 9/40 Network security protocols
