Method and system for network traffic analysis with configuration enhancements

US 7,177,930 B1
Filed: 10/11/2002
Issued: 02/13/2007
Est. Priority Date: 10/11/2002
Status: Active Grant

First Claim

Patent Images

1. A system for network traffic analysis comprising:

a classification engine operable to parse received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, and to provide pre-analysis of the received frames to generate classification information on a flow-basis and on a per packet-basis;

a filter processing engine operable to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames; and

an analysis block operable to perform detailed analysis on layers of protocols of the filtered frames and generate objects representing the analysis, wherein the filter processing engine and the analysis block enable analysis of the received frames in different modes, including;

a first mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on all layers of protocols of the filtered frames;

a second mode wherein the filter processing engine passes all types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames; and

a third mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for network traffic analysis comprises a classification engine operable to parse received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to a highest layer protocol or network address of the frame, and to provide pre-analysis of the received frames to generate classification information on a flow-basis and on a per packet-basis, a filter processing engine operable to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames and an analysis block operable to perform detailed analysis on layers of protocols of the filtered frames and generate objects representing the analysis.

Citations

8 Claims

1. A system for network traffic analysis comprising:
- a classification engine operable to parse received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, and to provide pre-analysis of the received frames to generate classification information on a flow-basis and on a per packet-basis;
  
  a filter processing engine operable to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames; and
  
  an analysis block operable to perform detailed analysis on layers of protocols of the filtered frames and generate objects representing the analysis, wherein the filter processing engine and the analysis block enable analysis of the received frames in different modes, including;
  
  a first mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on all layers of protocols of the filtered frames;
  
  a second mode wherein the filter processing engine passes all types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames; and
  
  a third mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames.
- View Dependent Claims (2)
- - 2. The system of claim 1, wherein the protocols comprise at least one of Internet protocol, file transfer protocol, transmission control protocol, hypertext transmission protocol, post office protocol, user datagram protocol, remote procedure call protocol, or Ethernet protocol.

3. A method of network traffic analysis comprising:
- performing pre-analysis of received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, to generate classification information on a flow-basis and on a per packet-basis;
  
  filtering the received frames to reduce the received frames based on type of each frame indicated by the generated classification information to form information representing filtered frames; and
  
  performing detailed analysis on layers of protocols of the filtered frames and generating objects representing the analysis, wherein the analysis of the received frames is performed in different modes, whereinin a first mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing all layers of protocols of the filtered frames;
  
  in a second mode the step of filtering the received frames includes passing all types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames; and
  
  in a third mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames.
- View Dependent Claims (4)
- - 4. The method of claim 3, wherein the protocols comprise at least one of Internet protocol, file transfer protocol, transmission control protocol, hypertext transmission protocol, post office protocol, user datagram protocol, remote procedure call protocol, or Ethernet protocol.

5. A system for network traffic analysis comprising:
- a processor operable to execute computer program instructions;
  
  a memory operable to store computer program instructions executable by the processor; and
  
  computer program instructions stored in the memory and executable to perform the steps of;
  
  performing pre-analysis of received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, to generate classification information on a flow-basis and on a per packet-basis;
  
  filtering the received frames to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames; and
  
  performing detailed analysis on layers of protocols of the filtered frames and generating objects representing the analysis, wherein the analysis of the received frames is performed in different modes, whereinin a first mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing all layers of protocols of the filtered frames;
  
  in a second mode the step of filtering the received frames includes passing all types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of the filtered frames; and
  
  in a third mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames.
- View Dependent Claims (6)
- - 6. The system of claim 5, wherein the protocols comprise at least one of Internet protocol, file transfer protocol, transmission control protocol, hypertext transmission protocol, post office protocol, user datagram protocol, remote procedure call protocol, or Ethernet protocol.

7. A computer program product for network traffic analysis comprising:
- a computer readable medium;
  
  computer program instructions, recorded on the computer readable medium, executable by a processor, for performing the steps ofperforming pre-analysis of received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, to generate classification information on a flow-basis and on a per packet-basis;
  
  filtering the received frames to reduce the received frames based on type of each frame indicated by the generated classification information to form information representing filtered frames; and
  
  performing detailed analysis on layers of protocols of the filtered frames and generating objects representing the analysis, wherein the analysis of the received frames is performed in different modes, whereinin a first mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing all layers of protocols of the filtered frames;
  
  in a second mode the step of filtering the received frames includes passing all types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames; and
  
  in a third mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames.
- View Dependent Claims (8)
- - 8. The computer program product of claim 7, wherein the protocols comprise at least one of Internet protocol, file transfer protocol, transmission control protocol, hypertext transmission protocol, post office protocol, user datagram protocol, remote procedure call protocol, or Ethernet protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network General Technology
Original Assignee
Network General Technology
Inventors
LoPresti, Robert
Primary Examiner(s)
Najjar; Saleh
Assistant Examiner(s)
Patel; Dhairya A.

Application Number

US10/268,774
Time in Patent Office

1,586 Days
Field of Search

709/224, 709/223, 709/228
US Class Current

709/224
CPC Class Codes

H04L 41/142 using statistical or mathem...

H04L 43/028 by filtering

Method and system for network traffic analysis with configuration enhancements

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for network traffic analysis with configuration enhancements

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links