×

Method and system for transport protocol reconstruction and timer synchronization for non-intrusive capturing and analysis of packets on a high-speed distributed network

  • US 7,349,400 B2
  • Filed: 04/29/2003
  • Issued: 03/25/2008
  • Est. Priority Date: 04/29/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. In a packet analysis device, a method for reconstructing a transport protocol data flow from Transmission Control Protocol (TCP) packets transmitted from a first device to a second device in a first direction on a first channel and from the second device to the first device in a second direction on a second channel, a first part of the TCP packets captured by a first packet capturing device on the first channel and time stamped by a first timer and delivered to the packet analysis device and a second part of the TCP packets captured by a second packet capturing device on the second channel and time stamped by a second timer and delivered to the packet analysis device, the method comprising:

  • selecting a TCP packet for evaluation captured by the first packet capturing device in the first direction;

    determining whether there is a missing TCP packet in the second direction;

    responsive to determining that there is a missing TCP packet in the second direction,storing the TCP packet for evaluation in a first list; and

    creating an acknowledgement timer associated with the TCP packet stored in the first list, the acknowledgment timer being created in the packet analysis device remote from the first device and the second device and indicating a maximum time to wait for the missing TCP packet to arrive in the second direction until treating the missing TCP packet as lost;

    determining whether there is a missing TCP packet in the first direction; and

    responsive to determining that there is a missing TCP packet in the first direction,storing the TCP packet in the first list, andcreating a retransmission timer associated with the TCP packet stored in the first list, the retransmission timer being created in the packet analysis device remote from the first device and the second device and indicating a maximum time to wait for retransmission of the missing TCP packet in the first direction until identifying the missing TCP packet as lost.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×