Method of non-intrusive analysis of secure and non-secure web application traffic in real-time
First Claim
1. A system for non-intrusive real-time analysis of secure communications between a first application running on a first computer and a second application running on a second computer, the first and second applications using a communication channel, the system comprising:
- a non-intrusive and secure communications capture device, connected to the communications channel;
a network module, connected to the communications capture device and configured to process communications from a physical layer to a network layer substantially in real-time; and
a session reconstruction unit, connected to the network module and configured to process communications to an application layer in real-time, to group communications into transactions and to arrange transactions in a hierarchical data structure according to dependencies within the information contained in the transactions, the session reconstruction unit further comprising;
a stream creation unit, connected to the network module and configured to receive a plurality of communications and group them into a plurality of streams, and to add connection meta information to each stream, wherein each stream represents a single network connection;
a message decoder, connected to the stream creation unit and configured to create a plurality of transactions from the communications included in the plurality of streams;
a transaction storage, connected to the message decoder, configured to store the plurality of transactions; and
a session reconstruction module, connected to the transaction storage, and configured to receive a transaction of interest, and to retrieve a set of transactions from the transaction storage, the set of transactions being such that each transaction belonging to the set of transactions has a predefined relationship with the transaction of interest, and to group the set of transactions in the hierarchical data structure according to dependencies within the information contained in the transactions.
8 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method and system for monitoring and analysis of networked systems, that is non-intrusive and real time. Both secure and non-secure traffic may be analyzed. The provided method involves non-intrusively copying data from a communication medium, reconstructing this data to a higher level of communication, such as the application level, grouping the data into sets, each set representing a session, and organizing the data for chosen sessions in hierarchical fashion which corresponds to the hierarchy of the communicated information. If monitored communications are encrypted, they are non-intrusively decrypted in real time. Hierarchically reconstructed session data is used by one or more plug-in applications, such as alarms, archival applications, visualization applications, script generation applications, abandonment monitoring applications, error detection applications, performance monitoring applications, and others.
105 Citations
10 Claims
-
1. A system for non-intrusive real-time analysis of secure communications between a first application running on a first computer and a second application running on a second computer, the first and second applications using a communication channel, the system comprising:
-
a non-intrusive and secure communications capture device, connected to the communications channel; a network module, connected to the communications capture device and configured to process communications from a physical layer to a network layer substantially in real-time; and a session reconstruction unit, connected to the network module and configured to process communications to an application layer in real-time, to group communications into transactions and to arrange transactions in a hierarchical data structure according to dependencies within the information contained in the transactions, the session reconstruction unit further comprising; a stream creation unit, connected to the network module and configured to receive a plurality of communications and group them into a plurality of streams, and to add connection meta information to each stream, wherein each stream represents a single network connection; a message decoder, connected to the stream creation unit and configured to create a plurality of transactions from the communications included in the plurality of streams; a transaction storage, connected to the message decoder, configured to store the plurality of transactions; and a session reconstruction module, connected to the transaction storage, and configured to receive a transaction of interest, and to retrieve a set of transactions from the transaction storage, the set of transactions being such that each transaction belonging to the set of transactions has a predefined relationship with the transaction of interest, and to group the set of transactions in the hierarchical data structure according to dependencies within the information contained in the transactions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification