System and method for collecting desired information for network transactions at the kernel level

US 7,437,451 B2
Filed: 05/16/2002
Issued: 10/14/2008
Est. Priority Date: 05/16/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for compiling desired information for network transactions comprising:

capturing network-level information in a kernel-level module of a processor-based device arranged on a server-side of a client-server communication network;

relating, by said kernel-level module, said captured network-level information to a corresponding one of at least one transaction conducted between a client and a server via said client-server communication network, wherein said transaction comprises a request from said client to said server and a response to said client from said server; and

using said captured network-level information to compile, in said kernel-level module, desired information for said corresponding.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the present invention, a method for compiling desired information for network transactions is provided. The method comprises capturing network-level information in a kernel-level module of a processor-based device arranged on the server-side of a client-server communication network, and using the captured network-level information to compile, in the kernel-level module, desired information for at least one network transaction conducted between a client and a server via the client-server communication network. Another embodiment of the present invention provides a method for compiling desired information for network transactions that comprises implementing a kernel-level module in a STREAMS-based network stack of a server, wherein the kernel-level module is operable to monitor a network connection to the server to compile desired information for network transactions conducted through the network connection.

45 Citations

View as Search Results

50 Claims

1. A method for compiling desired information for network transactions comprising:
- capturing network-level information in a kernel-level module of a processor-based device arranged on a server-side of a client-server communication network;
  
  relating, by said kernel-level module, said captured network-level information to a corresponding one of at least one transaction conducted between a client and a server via said client-server communication network, wherein said transaction comprises a request from said client to said server and a response to said client from said server; and
  
  using said captured network-level information to compile, in said kernel-level module, desired information for said corresponding.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein said processor-based device is said server.
  - 3. The method of claim 1 wherein said network-level information comprises network packets for said at least one network transaction.
  - 4. The method of claim 1 further comprising:
    - said kernel-level module monitoring a TCP connection of said processor-based device to compile said desired information from incoming and outgoing network packets for a network transaction of said TCP connection.
  - 5. The method of claim 1 wherein said desired information comprises a web transaction log.
  - 6. The method of claim 1 wherein said at least one network transaction is a transaction of a client access of a web page on said server.
  - 7. The method of claim 6 wherein said desired information comprises information from which said client access of a web page can be reconstructed.
  - 8. The method of claim 1 further comprising:
    - adjusting scheduling of responses from the server to clients based at least in part on the captured network-level information.
  - 9. The method of claim 1 further comprising:
    - communicating said desired information from the kernel-level to user-level space of said processor-based device.
  - 10. The method of claim 9 further comprising:
    - in said user-level space, using said desired information to reconstruct a client access of said server.
  - 11. The method of claim 10 wherein said client access of said server comprises a client access of a web page.
  - 12. The method of claim 1 further comprising:
    - implementing at least an IP module and a TCP module in the kernel-level of said processor-based device to form a TCP/IP stack.
  - 13. The method of claim 12 wherein said kernel-level module that captures said network-level information is arranged communicatively between said IP module and TCP module.
  - 14. The method of claim 1 wherein said transaction comprises an HTTP transaction.
  - 15. The method of claim 1 wherein said transaction comprises a plurality of packets, said relating comprising:
    - correlating said plurality of packets to their corresponding transaction.
  - 16. The method of claim 1 wherein said transaction comprises a plurality of packets, and wherein said desired information is determined from said plurality of packets, said relating comprising:
    - correlating said desired information to the corresponding transaction that comprises said packets from which said desired information is determined.
  - 17. The method of claim 1 wherein said desired information comprises at least one selected from the group consisting of:
    - Uniform Resource Locator (URL) accessed by said at least one network transaction, value of Referer header field of said at least one network transaction, value of Content Type header field of said at least one network transaction, value of Flow Identification of said at least one network transaction, client'"'"'s Internet Protocol (IP) address of said at least one network transaction, number of bytes of a client request of said at least one network transaction, number of bytes of server response of said at least one network transaction, number of bytes of content of server response of said at least one network transaction, timestamp of SYN packet from the client of said at least one network transaction, timestamp for receipt of the first byte of a client request of said at least one network transaction, timestamp for receipt of the last byte of a client request of said at least one network transaction, timestamp of when the first byte of a response is sent by the server in said at least one network transaction, timestamp of when the last byte of a response is sent by the server to the client in said at least one network transaction, timestamp of receipt of ACK packet by server for the last byte of the server'"'"'s response in said at least one network transaction, response status code of said at least one network transaction, identification of whether Via field is set for said at least one network transaction, number of packets resent by the client in said at least one network transaction, and number of packets resent by the server in said at least one network transaction.

18. A method for compiling desired information for network transactions comprising:
- capturing network-level information in a kernel-level module of a processor-based device arranged on a server-side of a client-server communication network; and
  
  using said captured network-level information to compile, in said kernel-level module, desired information for at least one network transaction conducted between a client and a server via said client-server communication network, wherein said desired information comprises at least one selected from the group consisting of;
  
  Uniform Resource Locator (URL) accessed by said at least one network transaction, value of Referer header field of said at least one network transaction, value of Content Type header field of said at least one network transaction, value of Flow Identification of said at least one network transaction, client'"'"'s Internet Protocol (IP) address of said at least one network transaction, number of bytes of a client request of said at least one network transaction, number of bytes of server response of said at least one network transaction, number of bytes of content of server response of said at least one network transaction, timestamp of SYN packet from the client of said at least one network transaction, timestamp for receipt of the first byte of a client request of said at least one network transaction, timestamp for receipt of the last byte of a client request of said at least one network transaction, timestamp of when the first byte of a response is sent by the server in said at least one network transaction, timestamp of when the last byte of a response is sent by the server to the client in said at least one network transaction, timestamp of receipt of ACK packet by server for the last byte of the server'"'"'s response in said at least one network transaction, response status code of said at least one network transaction, identification of whether Via field is set for said at least one network transaction, number of packets resent by the client in said at least one network transaction, and number of packets resent by the server in said at least one network transaction.

19. A method for compiling desired information for network transactions comprising:
- implementing a kernel-level module in a STREAMS-based network stack of a server, wherein said kernel-level module is operable to monitor a network connection to said server, compile desired information for network transactions conducted through said network connection, and relate said desired information to corresponding ones of said network transactions, wherein each of said network transactions comprises a request and a response.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 20. The method of claim 19 wherein said STREAMS-based network stack comprises an TCP/IP stack.
  - 21. The method of claim 20 wherein said TCP/IP stack comprises an IP module and a TCP module.
  - 22. The method of claim 21 wherein said kernel-level module is arranged communicatively between said IP module and said TCP module.
  - 23. The method of claim 19 wherein said kernel-level module captures network packets for said network transactions.
  - 24. The method of claim 19 wherein said network connection comprises a TCP connection and wherein said kernel-level module compiles said desired information from incoming and outgoing network packets for a network transaction conducted via said TCP connection.
  - 25. The method of claim 19 wherein said desired information comprises a web transaction log.
  - 26. The method of claim 19 wherein said request is a request from a client to said server, and wherein said response is a response to said client from said server.
  - 27. The method of claim 19 wherein said network transactions comprise a client access of a web page on said server.
  - 28. The method of claim 27 wherein said desired information comprises information from which said client access of a web page can be reconstructed.
  - 29. The method of claim 19 further comprising:
    - adjusting scheduling of responses from the server to clients based at least in part on network-level information captured by said kernel-level module for said network connection.
  - 30. The method of claim 19 wherein said kernel-level module is operable to monitor a plurality of concurrent network connections to said server to compile said desired information for said network transactions conducted through said plurality of concurrent network connections.
  - 31. The method of claim 19 wherein said network transactions comprise HTTP transactions.

32. A system for compiling desired information for network transactions comprising:
- a processor-based device communicatively coupled to a client-server communication network and arranged on the server-side of said client-server network; and
  
  said processor-based device comprising a kernel-level module for monitoring network-level information for a server, relating said network-level information to corresponding network transactions conducted with the server, and compiling desired information for said corresponding network transactions, wherein said network transactions each comprise a request to the server and a response from the server.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 33. The system of claim 32 wherein said processor-based device is said server.
  - 34. The system of claim 32 wherein said network-level information comprises network packets for said network transactions.
  - 35. The system of claim 32 wherein said processor-based device has a TCP connection with said client-server communication network, and wherein said kernel-level module is operable to monitor said TCP connection to compile said desired information from incoming and outgoing network packets for a network transaction conducted via said TCP connection.
  - 36. The system of claim 32 wherein said desired information comprises a web transaction log.
  - 37. The system of claim 32 wherein said network transactions comprise a client access of a web page on said server.
  - 38. The system of claim 37 wherein said desired information comprises information from which said client access of a web page can be reconstructed.
  - 39. The system of claim 32 wherein said processor-based device further comprises user-level space, and wherein said kernel-level module is operable to communicate said desired information to said user-level space.
  - 40. The system of claim 39 further comprising:
    - means in said user-level space for using said desired information to reconstruct a client access of said server.
  - 41. The system of claim 40 wherein said client access of said server comprises a client access of a web page.
  - 42. The system of claim 32 further comprising:
    - at least an IP module and a TCP module in the kernel-level of said processor-based device to form a TCP/IP stack.
  - 43. The system of claim 42 wherein said kernel-level module for monitoring network-level information for a server and compiling desired information for network transactions with the server is arranged communicatively between said IP module and TCP module.
  - 44. The system of claim 32 wherein said network transactions comprise HTTP transactions.

45. A method comprising:
- capturing, in a kernel-level module of a processor-based device arranged on a server-side of a client-server communication network, network packets of transactions between at least one client and said server, wherein said transactions each comprise a request and a response;
  
  determining from said network packets desired information about said transactions; and
  
  organizing said desired information by respective transaction to which said desired information relates.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. The method of claim 45 wherein a first transaction comprises a plurality of packets, and wherein said desired information about said first transaction is determined from said plurality of packets.
  - 47. The method of claim 46 further comprising:
    - correlating said desired information determined from the plurality of packets to the first transaction.
  - 48. The method of claim 47 wherein a second transaction comprises another plurality of packets, and wherein said desired information about said second transaction is determined from said another plurality of packets.
  - 49. The method of claim 48 further comprising:
    - correlating said desired information determined from the another plurality of packets to the second transaction.
  - 50. The method of claim 45 wherein said desired information comprises performance information for a respective transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Fu, Yun, Tang, Wenting, Cherkasova, Ludmila
Primary Examiner(s)
Chang; Jungwon

Application Number

US10/147,249
Publication Number

US 20030217130A1
Time in Patent Office

2,343 Days
Field of Search

709/250, 709/218, 709/228, 709/230, 709/237, 709/225, 709/224, 726/6, 726/24, 713/151, 713/200
US Class Current

709/224
CPC Class Codes

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

System and method for collecting desired information for network transactions at the kernel level

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for collecting desired information for network transactions at the kernel level

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links