Network traffic analyzer
First Claim
1. A method of monitoring a packet-switched network using traffic logs, comprising:
- creating a histogram file associated with one of a node and a link within the packet-switched network;
at a first location within the packet-switched network, generating a traffic log specific to a particular packet of a plurality of packets based upon detection of a content of the packet, the traffic log containing a plurality of values detected within the packet comprising a time, wherein the time is time of the traffic log was created, a network entry point of the packet, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;
transferring the traffic log from the first location to a second location;
storing the traffic log generated by the network at the second location;
analyzing the stored traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry point to the network exit point;
creating a histogram file by reading plurality of values in the traffic log;
the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
updating the histogram file according to the time of creation of the traffic log, the packet state, the network entry point and the network exit point of each packet of said plurality of packets;
wherein the histogram file displays network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for and method of analyzing the performance of a packet-switched network, the network automatically generating a traffic log each time a packet enters or exits the network and each traffic log including at least the time the traffic log was created, the addresses of the packet sender and packet recipient, and the entry and exit network nodes. A server collects a plurality of traffic logs, parses the available information therein and generates a plurality of histograms, each histogram being based on information gleaned from the plurality of traffic logs. The histograms may be representative of packet traffic passing through a host connected to the network, packet traffic passing through a node in the network or the amount of data that travels over a link between two nodes of the network. To increase the delivery speed of the histogram data from the server to a client, the histograms are preferably stored as flat files to achieve direct and rapid access to stored data.
152 Citations
84 Claims
-
1. A method of monitoring a packet-switched network using traffic logs, comprising:
-
creating a histogram file associated with one of a node and a link within the packet-switched network; at a first location within the packet-switched network, generating a traffic log specific to a particular packet of a plurality of packets based upon detection of a content of the packet, the traffic log containing a plurality of values detected within the packet comprising a time, wherein the time is time of the traffic log was created, a network entry point of the packet, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication; transferring the traffic log from the first location to a second location; storing the traffic log generated by the network at the second location; analyzing the stored traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry point to the network exit point; creating a histogram file by reading plurality of values in the traffic log;
the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;updating the histogram file according to the time of creation of the traffic log, the packet state, the network entry point and the network exit point of each packet of said plurality of packets;
wherein the histogram file displays network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of monitoring packet traffic through a node of a packet-switched network using traffic logs, comprising:
-
generating a traffic log specific to a particular packet based upon detection of a content of the packet at a first location within the network based upon detection of the content of a packet of a plurality of packets, the traffic log containing a plurality of values being read from the packet, the plurality of values including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested state which is specified by the contents of the package; transferring the traffic log from the first location to a second location; storing the traffic log generated by the network at the second location; analyzing the stored traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry and exit points of the packet; determining a network path between the entry and exit points of the packet; determining whether the node falls along the network path; creating a histogram file by reading plurality of values in the traffic log;
the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;updating the histogram file using the time of creation of the traffic log, the packet state, the network entry point and the network exit point of each packet of said plurality of packets;
wherein the histogram file is displays network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of monitoring packet traffic passing through a link connecting two nodes of a packet-switched network using traffic logs, comprising:
-
generating a traffic log specific to a particular packet based upon detection of a content of the packet at a first location within the network based upon detection of the contents of a packet of a plurality of packets, the traffic log containing a plurality of values detected within the packet, the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested state which is specified by the content of the packet; transferring the traffic log from the first location to a second location; storing the traffic log generated by the network; analyzing the traffic log to determine the time of creation of the traffic log and one or more nodes of a path traversed by the packet through the packet switched network from the network entry and exit points of the packet; determining a network path between the entry and exit points; determining whether the link falls along the network path; determining a number of bytes carried by the packet associated with the traffic log; creating a histogram file by reading the plurality of values in the traffic log;
the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;updating the histogram file using the time of creation of the traffic log, the packet state, and the number of bytes when the link falls along the network path, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method of monitoring the operations of a packet-switched network, the method comprising:
-
the packet-switched network automatically generating a traffic log specific to a particular packet based upon detection of a content of each packet of a plurality of packets, when a packet enters or exits the network by detecting values from the packet, the traffic log including plurality of values;
the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;creating a histogram file by reading the plurality of values in the traffic log;
the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;detecting when a new traffic log is available at a network control center; downloading the new traffic log to a server computer that maintains a plurality of histogram files; updating at least one histogram file of the server computer using information available from the new traffic log by analyzing the new traffic log to determine plurality of values detected from the packet that are stored by the new traffic log that are relevant to the at least one updated histogram, the plurality of values including the time creation of the new traffic log, a packet state, wherein the packet includes a traffic state indication of at least one of the following data elements;
an “
OK”
state, an “
illegal”
state, a “
congested”
state and an “
error”
state, the network entry point and the network exit point of each packet of said plurality of packets;deleting the new traffic log; and making the at least one updated histogram file available to a client computer from the server computer, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (36, 37, 38, 39, 40)
-
-
41. A method of analyzing the performance of a packet-switched network where packets traverse multiple networks, the method comprising:
-
the packet-switched network automatically generating a traffic log specific to a particular packet based upon detection of a content of the packet of a plurality of packets, each time a packet exits the packet-switched network, the traffic log including plurality of values;
the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point of the packet, a network exit point of the packet, and a packet state, wherein the packet state includes a congested indication;collecting at a centralized location a plurality of traffic logs from the packet-switched network, with each traffic log containing the plurality of values relevant to a different packet that has exited the packet-switched network; analyzing each of the plurality of traffic logs to determine the plurality of values about each of the plurality of packets that have exited the packet-switched network; and automatically generating a plurality of histograms by reading the plurality of values in the plurality of traffic logs, wherein each histogram is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;
each histogram being based on information gleaned from the plurality of traffic logs about the packets that have exited the packet-switched network, wherein each histogram is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (42, 43, 44, 45, 46)
-
-
47. A system for monitoring a packet-switched network that automatically generates traffic logs, comprising:
-
a network control center at which the traffic logs are collected, each traffic log being specific to a particular packet based upon detection of a content of the packet and containing a plurality of values detected within a packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point and a network exit point and a packet state, wherein the packet state includes a congested state which is specified by the content of the packet; and a computer operable to; create a histogram file by reading the plurality of values in the traffic log;
the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period;store a traffic log generated by the network, analyze the traffic log to determine the time of creation of the traffic log and the network entry and exit points of a the associated packet, and update the histogram file using the time of creation of the traffic log, the packet state, and the entry and exit points of the packet, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A system for monitoring packet traffic through a node of a packet-switched network that automatically generates plurality traffic logs, comprising:
-
a server connected to a network control center; and a client connected to the server, wherein the server is operable to create a histogram file for at least one node in the network by reading plurality of values in each traffic log of the plurality traffic logs, the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period; store the traffic log specific to a particular packet based upon detection of a content of the packet and generated by the network that contains a plurality of values detected within a packet, the plurality of values being read from the packet including a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a packet state, wherein the packet state includes a congested state which is specified by the content of the packet; analyze the traffic log to determine the time of creation of the traffic log and the network entry and exit points of the packet, determine a network path between the entry and exit points, determine whether the node falls along the network path; and update the histogram file using at least the time of creation of the traffic log, the packet state when the node falls along the network path, the entry and exit points of the packet, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A system for monitoring packet traffic passing through a link connecting two nodes of a packet-switched network that automatically generates plurality of traffic logs, comprising:
-
a server; and a client connected to the server, wherein the server is programmed to (i) create a histogram file for at least one link in the network by reading plurality of values in each traffic log of the plurality traffic logs, the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period; store the plurality of traffic logs;
each traffic log of the plurality of traffic logs specific to a particular packet based upon detection of a content of the packet and generated by the network that contains a plurality of values being read from within a packet including;
a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point, a network exit point, a packet state, wherein the packet state includes a congestion state which is specified by the content of the packet;analyze the traffic log to determine the time of creation of the traffic log and the network entry and exit points of the packet, (iv) determine a network path between the entry and exit points, determine whether the link falls along the network path, analyze the traffic log to determine the number of bytes carried by the packet associated with the traffic log; and (vii) update the histogram file using the time of creation of the traffic log, the packet state, the number of bytes when the link falls along the network path, the entry and exit points of the packet, wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74)
-
-
75. A system for monitoring the operations of a packet-switched network, the network automatically generating a traffic log when a packet enters or exits the network, the system comprising:
-
a server, in communication with a network control center, for; create a histogram file for at least one link in the network by reading plurality of values in the traffic log, the histogram file is representative of the number of packets of several states and a total number of packets that pass through a given node over a predetermined time period; detecting when a new traffic log specific to a particular packet based upon detection of a content of the packet is available at the network control center, the new traffic log contains a plurality of values being read from within a packet including;
a time, wherein the time is time of the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, a network entry point, a network exit point, a packet state, wherein the packet state includes a congestion state which is specified by the content of the packet;downloading the new traffic log; updating at least one histogram file using information available from the new traffic log by analyzing the traffic log to determine values being detected and read from the content of the packet, wherein the values include a packet state, wherein the packet state includes a congestion state specified by the content of the packet, the time of creation of the traffic log, the entry and exit points of the packet, and wherein the histogram file is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a network node and a network node link before network customers are affected; and
;a client computer for displaying the histogram. - View Dependent Claims (76, 77, 78, 79, 80)
-
-
81. A system for analyzing the performance of a packet-switched network where packets traverse multiple networks, the system comprising:
-
the network automatically generating a traffic log specific to a particular packet based upon detection of a content of the packet each time a packet enters or exits the packet-switched network, each traffic log including a time the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, the address of packet sender and packet recipient, entry and exit packet-switched network nodes and a packet state, wherein the packet state includes a congested indication; a traffic log database containing a plurality of traffic logs, each traffic log of the plurality containing a plurality of values detected in and read from the contents of the packet; and a computer, operable to; download the plurality of traffic logs from the traffic log database; analyze each of the plurality of traffic logs to determine values detected from each of the packets; generate a pair of histograms by reading plurality of values in the plurality of traffic logs, the plurality of values including;
a time the traffic log was created, a turn node, wherein the turn node is node number of the highest level in the packet-switched network through which the packet passed, the address of packet sender and packet recipient, entry and exit packet-switched network nodes and a packet state, wherein the packet state includes a congested indication andstore plurality pairs of histograms, wherein the pair of histograms is representative of packet traffic passing to and from a host connected to the packet-switched network, the pair of histograms is utilized to monitor network conditions in near real-time enabling the detection and correction of network overloads and congestion at one of a packet-switched network node and a packet-switched network node link before network customers are affected. - View Dependent Claims (82, 83, 84)
-
Specification