Network traffic analyzer

US 7,562,134 B1
Filed: 10/25/2000
Issued: 07/14/2009
Est. Priority Date: 10/25/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of monitoring a packet-switched network using traffic logs, comprising:

creating a histogram file associated with one of a node and a link within the packet-switched network;

at a first location within the packet-switched network, generating a traffic log specific to a particular packet of a plurality of packets based upon detection of a content of the packet, the traffic log containing a plurality of values detected within the packet comprising a time, wherein the time is time of the traffic log was created, a network entry point of the packet, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;

transferring the traffic log from the first location to a second location;

storing the traffic log generated by the network at the second location;

analyzing the stored traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry point to the network exit point;

creating a histogram file by reading plurality of values in the traffic log;

the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;

updating the histogram file according to the time of creation of the traffic log, the packet state, the network entry point and the network exit point of each packet of said plurality of packets;

wherein the histogram file displays network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for and method of analyzing the performance of a packet-switched network, the network automatically generating a traffic log each time a packet enters or exits the network and each traffic log including at least the time the traffic log was created, the addresses of the packet sender and packet recipient, and the entry and exit network nodes. A server collects a plurality of traffic logs, parses the available information therein and generates a plurality of histograms, each histogram being based on information gleaned from the plurality of traffic logs. The histograms may be representative of packet traffic passing through a host connected to the network, packet traffic passing through a node in the network or the amount of data that travels over a link between two nodes of the network. To increase the delivery speed of the histogram data from the server to a client, the histograms are preferably stored as flat files to achieve direct and rapid access to stored data.

152 Citations

84 Claims

1. A method of monitoring a packet-switched network using traffic logs, comprising:
- creating a histogram file associated with one of a node and a link within the packet-switched network;
  
  at a first location within the packet-switched network, generating a traffic log specific to a particular packet of a plurality of packets based upon detection of a content of the packet, the traffic log containing a plurality of values detected within the packet comprising a time, wherein the time is time of the traffic log was created, a network entry point of the packet, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;
  
  transferring the traffic log from the first location to a second location;
  
  storing the traffic log generated by the network at the second location;
  
  analyzing the stored traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry point to the network exit point;
  
  creating a histogram file by reading plurality of values in the traffic log;
  
  the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  updating the histogram file according to the time of creation of the traffic log, the packet state, the network entry point and the network exit point of each packet of said plurality of packets;
  
  wherein the histogram file displays network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the histogram file is a flat file, whereby direct and rapid access to stored data is effected.
  - 3. The method of claim 1, wherein two histogram files are created, a first histogram being representative of traffic being passed into the network and a second histogram being representative of the traffic being passed from the network.
  - 4. The method of claim 1, wherein the histogram file is representative of traffic passing to a node connected to the entry or exit point.
  - 5. The method of claim 1, further comprising repeating steps (b)-(d) for at least a predetermined period.
  - 6. The method of claim 1, wherein the histogram plots packets per minute versus time.
  - 7. The method of claim 1, further comprising broadcasting from a server computer data representative of the histogram to a client computer.
  - 8. The method of claim 1, wherein the network is a Mobitex network.
  - 9. The method of claim 1, further comprising displaying a histogram based on data in the histogram file.
  - 10. The method of claim 1, further comprising creating at least one histogram for each node of the network.
  - 11. The method of claim 10, further comprising selecting for display the at least one histogram for a particular node.
  - 12. The method of claim 1, further comprising monitoring a central location of the network for new traffic logs.

13. A method of monitoring packet traffic through a node of a packet-switched network using traffic logs, comprising:
- generating a traffic log specific to a particular packet based upon detection of a content of the packet at a first location within the network based upon detection of the content of a packet of a plurality of packets, the traffic log containing a plurality of values being read from the packet, the plurality of values including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested state which is specified by the contents of the package;
  
  transferring the traffic log from the first location to a second location;
  
  storing the traffic log generated by the network at the second location;
  
  analyzing the stored traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry and exit points of the packet;
  
  determining a network path between the entry and exit points of the packet;
  
  determining whether the node falls along the network path;
  
  creating a histogram file by reading plurality of values in the traffic log;
  
  the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  updating the histogram file using the time of creation of the traffic log, the packet state, the network entry point and the network exit point of each packet of said plurality of packets;
  
  wherein the histogram file is displays network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method of claim 13, wherein the histogram file is a flat file.
  - 15. The method of claim 13, wherein two histogram files are created, a first histogram being representative of traffic being passed towards a higher level of the network and a second histogram being representative of the traffic being passed towards a lower level of the network or outside the network.
  - 16. The method of claim 13, further comprising repeating steps (b)-(f) for at least a 24 hour period.
  - 17. The method of claim 13, wherein the histogram plots packets per minute versus time.
  - 18. The method of claim 13, further comprising broadcasting, from a server computer, data representative of the histogram to a client computer.
  - 19. The method of claim 13, wherein the network is a Mobitex network.
  - 20. The method of claim 13, further comprising displaying a histogram based on data in the histogram file.
  - 21. The method of claim 13, further comprising creating at least one histogram for each node of the network.
  - 22. The method of claim 13, further comprising selecting for display the at least one histogram for a particular node.
  - 23. The method of claim 13, further comprising monitoring a central location of the network for new traffic logs.

24. A method of monitoring packet traffic passing through a link connecting two nodes of a packet-switched network using traffic logs, comprising:
- generating a traffic log specific to a particular packet based upon detection of a content of the packet at a first location within the network based upon detection of the contents of a packet of a plurality of packets, the traffic log containing a plurality of values detected within the packet, the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested state which is specified by the content of the packet;
  
  transferring the traffic log from the first location to a second location;
  
  storing the traffic log generated by the network;
  
  analyzing the traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry and exit points of the packet;
  
  determining a network path between the entry and exit points;
  
  determining whether the link falls along the network path;
  
  determining a number of bytes carried by the packet associated with the traffic log;
  
  creating a histogram file by reading the plurality of values in the traffic log;
  
  the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  updating the histogram file using the time of creation of the traffic log, the packet state, and the number of bytes when the link falls along the network path, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 25. The method of claim 24, wherein the histogram file is a flat file.
  - 26. The method of claim 24, wherein two histogram files are created, a first histogram being representative of traffic being passed towards a higher level of the network and a second histogram being representative of the traffic being passed towards a lower level of the network or outside the network.
  - 27. The method of claim 24, further comprising repeating steps (b)-(g) for at least a 24 hour period.
  - 28. The method of claim 24, wherein the histogram plots bytes per second versus time.
  - 29. The method of claim 24 further comprising broadcasting from a server computer to a client computer data representative of the histogram.
  - 30. The method of claim 24, wherein the network is a Mobitex network.
  - 31. The method of claim 24, further comprising displaying a histogram based on data in the histogram file.
  - 32. The method of claim 24, further comprising creating at least one histogram for each link of the network.
  - 33. The method of claim 24, further comprising selecting for display the at least one histogram for a particular link.
  - 34. The method of claim 24, further comprising monitoring a central location of the network for new traffic logs.

35. A method of monitoring the operations of a packet-switched network, the method comprising:
- the packet-switched network automatically generating a traffic log specific to a particular packet based upon detection of a content of each packet of a plurality of packets, when a packet enters or exits the network by detecting values from the packet, the traffic log including plurality of values;
  
  the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;
  
  creating a histogram file by reading the plurality of values in the traffic log;
  
  the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  detecting when a new traffic log is available at a network control center;
  
  downloading the new traffic log to a server computer that maintains a plurality of histogram files;
  
  updating at least one histogram file of the server computer using information available from the new traffic log by analyzing the new traffic log to determine plurality of values detected from the packet that are stored by the new traffic log that are relevant to the at least one updated histogram, the plurality of values including the time creation of the new traffic log, a packet state, wherein the packet includes a traffic state indication of at least one of the following data elements;
  
  an “
  
  OK”
  
  state, an “
  
  illegal”
  
  state, a “
  
  congested”
  
  state and an “
  
  error”
  
  state, the network entry point and the network exit point of each packet of said plurality of packets;
  
  deleting the new traffic log; and
  
  making the at least one updated histogram file available to a client computer from the server computer, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The method of claim 35, wherein the histogram file is a flat file.
  - 37. The method of claim 35, wherein the histogram is representative of traffic passing through or via at least one of a host connected to the network, a node in the network and a link connecting two nodes of the network.
  - 38. The method of claim 35, wherein the network is a Mobitex network.
  - 39. The method of claim 35, further comprising broadcasting the histogram file to a plurality of client computers.
  - 40. The method of claim 35, wherein step (c) comprises incrementing a value in the histogram file.

41. A method of analyzing the performance of a packet-switched network where packets traverse multiple networks, the method comprising:
- the packet-switched network automatically generating a traffic log specific to a particular packet based upon detection of a content of the packet of a plurality of packets, each time a packet exits the packet-switched network, the traffic log including plurality of values;
  
  the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;
  
  collecting at a centralized location a plurality of traffic logs from the packet-switched network, with each traffic log containing the plurality of values relevant to a different packet that has exited the packet-switched network;
  
  analyzing each of the plurality of traffic logs to determine the plurality of values about each of the plurality of packets that have exited the packet-switched network; and
  
  automatically generating a plurality of histograms by reading the plurality of values in the plurality of traffic logs, wherein each histogram is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  each histogram being based on information gleaned from the plurality of traffic logs about the packets that have exited the packet-switched network, wherein each histogram is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (42, 43, 44, 45, 46)
- - 42. The method of claim 41, wherein at least one histogram is representative of packet traffic passing through a node of the network.
  - 43. The method of claim 41, wherein at least one histogram is representative of data traffic travelling over a link in the network.
  - 44. The method of claim 41, wherein the histograms are stored as flat files.
  - 45. The method of claim 41, wherein steps (a) and (b) are carried out on a server computer and at least one histogram is supplied to a client computer.
  - 46. The method of claim 41, further comprising displaying at least one histogram on a computer display.

47. A system for monitoring a packet-switched network that automatically generates traffic logs, comprising:
- a network control center at which the traffic logs are collected, each traffic log being specific to a particular packet based upon detection of a content of the packet and containing a plurality of values detected within a packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point and a network exit point and a packet state, wherein the packet state includes a congested state which is specified by the content of the packet; and
  
  a computer operable to;
  
  create a histogram file by reading the plurality of values in the traffic log;
  
  the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  store a traffic log generated by the network,analyze the traffic log to determine the time of creation of the traffic log and the network entry and exit points of a the associated packet, andupdate the histogram file using the time of creation of the traffic log, the packet state, and the entry and exit points of the packet, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 48. The system of claim 47, wherein the histogram file is a flat file.
  - 49. The system of claim 47, wherein the computer creates two histogram files, a first histogram being representative of traffic being passed into the network and a second histogram being representative of the traffic being passed from the network.
  - 50. The system of claim 47, wherein the histogram file is representative of traffic passing through a host connected to the entry or exit point.
  - 51. The system of claim 47, wherein the histogram is a plot of packets per minute versus time.
  - 52. The system of claim 47, wherein the computer is a server computer and the server computer broadcasts data representative of the histogram to a client computer.
  - 53. The system of claim 47, wherein the network is a Mobitex network.
  - 54. The system of claim 47, wherein a client computer displays a histogram based on data in the histogram file.
  - 55. The system of claim 47, wherein the computer creates at least one histogram for each host of the network.
  - 56. The system of claim 47, wherein the computer monitors the network control center for new traffic logs.

57. A system for monitoring packet traffic through a node of a packet-switched network that automatically generates plurality traffic logs, comprising:
- a server connected to a network control center; and
  
  a client connected to the server, wherein the server is operable tocreate a histogram file for at least one node in the network by reading plurality of values in each traffic log of the plurality traffic logs, the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  store the traffic log specific to a particular packet based upon detection of a content of the packet and generated by the network that contains a plurality of values detected within a packet, the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a packet state, wherein the packet state includes a congested state which is specified by the content of the packet;
  
  analyze the traffic log to determine the time of creation of the traffic log and the network entry and exit points of the packet, determine a network path between the entry and exit points, determine whether the node falls along the network path; and
  
  update the histogram file using at least the time of creation of the traffic log, the packet state when the node falls along the network path, the entry and exit points of the packet, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65)
- - 58. The system of claim 57, wherein the histogram file is a flat file.
  - 59. The system of claim 57, wherein the server creates two histogram files, a first histogram being representative of traffic being passed towards a higher level of the network and a second histogram being representative of the traffic being passed towards a lower level of the network or outside the network.
  - 60. The system of claim 57, wherein the histogram is a plot of packets per minute versus time.
  - 61. The system of claim 57, wherein the server broadcasts to the client data representative of the histogram.
  - 62. The system of claim 57, wherein the network is a Mobitex network.
  - 63. The system of claim 57, wherein the client displays a histogram based on data in the histogram file.
  - 64. The system of claim 57, wherein the server creates at least one histogram for each node of the network.
  - 65. The system of claim 57, wherein the client is operable to select for display the at least one histogram for a particular node.

66. A system for monitoring packet traffic passing through a link connecting two nodes of a packet-switched network that automatically generates plurality of traffic logs, comprising:
- a server; and
  
  a client connected to the server, wherein the server is programmed to(i) create a histogram file for at least one link in the network by reading plurality of values in each traffic log of the plurality traffic logs, the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  store the plurality of traffic logs;
  
  each traffic log of the plurality of traffic logs specific to a particular packet based upon detection of a content of the packet and generated by the network that contains a plurality of values being read from within a packet including;
  
  a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point, a network exit point, a packet state, wherein the packet state includes a congestion state which is specified by the content of the packet;
  
  analyze the traffic log to determine the time of creation of the traffic log and the network entry and exit points of the packet, (iv) determine a network path between the entry and exit points, determine whether the link falls along the network path, analyze the traffic log to determine the number of bytes carried by the packet associated with the traffic log; and
  
  (vii) update the histogram file using the time of creation of the traffic log, the packet state, the number of bytes when the link falls along the network path, the entry and exit points of the packet, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
- View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74)
- - 67. The system of claim 66, wherein the histogram file is a flat file.
  - 68. The system of claim 66, wherein the server creates two histogram files, a first histogram being representative of traffic being passed towards a higher level of the network and a second histogram being representative of the traffic being passed towards a lower level of the network or outside the network.
  - 69. The system of claim 66, wherein the histogram is a plot of bytes per second versus time.
  - 70. The system of claim 66, wherein the server broadcasts to the client data representative of the histogram.
  - 71. The system of claim 66, wherein the network is a Mobitex network.
  - 72. The system of claim 66, wherein the client displays a histogram based on data in the histogram file.
  - 73. The system of claim 66, wherein the server creates at least one histogram for each link of the network.
  - 74. The system of claim 66, wherein the client is operable to select for display the at least one histogram for a particular link.

75. A system for monitoring the operations of a packet-switched network, the network automatically generating a traffic log when a packet enters or exits the network, the system comprising:
- a server, in communication with a network control center, for;
  
  create a histogram file for at least one link in the network by reading plurality of values in the traffic log, the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
  
  detecting when a new traffic log specific to a particular packet based upon detection of a content of the packet is available at the network control center, the new traffic log contains a plurality of values being read from within a packet including;
  
  a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point, a network exit point, a packet state, wherein the packet state includes a congestion state which is specified by the content of the packet;
  
  downloading the new traffic log;
  
  updating at least one histogram file using information available from the new traffic log by analyzing the traffic log to determine values being detected and read from the content of the packet, wherein the values include a packet state, wherein the packet state includes a congestion state specified by the content of the packet, the time of creation of the traffic log, the entry and exit points of the packet, and wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected; and
  
  ;
  
  a client computer for displaying the histogram.
- View Dependent Claims (76, 77, 78, 79, 80)
- - 76. The system of claim 75, wherein the histogram file is a flat file.
  - 77. The system of claim 75, wherein the histogram is representative of traffic passing through or via at least one of a host connected to the network, a node in the network and a link connecting two nodes of the network.
  - 78. The system of claim 75, wherein the network is a Mobitex network.
  - 79. The system of claim 75, wherein the histogram includes information representative of a state of each of the packets associated, respectively, with each of the traffic logs.
  - 80. The system of claim 75, wherein the server broadcasts the histogram file to a plurality of client computers.

81. A system for analyzing the performance of a packet-switched network where packets traverse multiple networks, the system comprising:
- the network automatically generating a traffic log specific to a particular packet based upon detection of a content of the packet each time a packet enters or exits the packet-switched network, each traffic log including a time the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, the address of packet sender and packet recipient, entry and exit packet-switched network nodes and a packet state, wherein the packet state includes a congested indication;
  
  a traffic log database containing a plurality of traffic logs, each traffic log of the plurality containing a plurality of values detected in and read from the contents of the packet; and
  
  a computer, operable to;
  
  download the plurality of traffic logs from the traffic log database;
  
  analyze each of the plurality of traffic logs to determine values detected from each of the packets;
  
  generate a pair of histograms by reading plurality of values in the plurality of traffic logs, the plurality of values including;
  
  a time the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, the address of packet sender and packet recipient, entry and exit packet-switched network nodes and a packet state, wherein the packet state includes a congested indication andstore plurality pairs of histograms, wherein the pair of histograms is representative of packet traffic passing to and from a host connected to the packet-switched network, the pair of histograms is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a packet-switched network node and a packet-switched network node link before network customers are affected.
- View Dependent Claims (82, 83, 84)
- - 82. The system of claim 81, wherein all histograms are stored as flat files.
  - 83. The system of claim 81, wherein the computer is a server computer.
  - 84. The system of claim 81, wherein the at least one histogram is supplied to a client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Kling, Brian D., Fingerhut, Howard W., Kashinsky, Jeffrey D.
Primary Examiner(s)
Lin; Kenny S
Assistant Examiner(s)
DOAN, DUYEN MY

Application Number

US09/695,402
Time in Patent Office

3,184 Days
Field of Search

709223-225, 370/252, 370/253, 370230-235, 705/400, 705/404, 705/412
US Class Current

709/224
CPC Class Codes

H04L 43/045 for graphical visualisation...

H04L 43/06 Generation of reports

Network traffic analyzer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

152 Citations

84 Claims

Specification

Solutions

Use Cases

Quick Links

Network traffic analyzer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

84 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links