Apparatus and method for network analysis
First Claim
Patent Images
1. A method of extracting information from a network session comprising a plurality of packets to create a record conforming to an event-based language comprising the steps of:
- receiving a session comprising a plurality of packets that have previously been exchanged in a session between a first entity and a second entity;
extracting information from the session;
translating the information into an event statement describing an event between a first entity and a second entity;
creating a record containing the event statement, wherein the event statement describes an application used for the event, and an action describing the event;
further translating the information into a session statement describing the session of which the event is a part, wherein the record also contains the session statement;
translating the information into a property statement describing properties of the event, wherein the record also contains the property statement;
translating the information into a route statement describing a route through a network traveled by the event, the session or a part of the session, wherein the record also contains the route statement;
translating the information into an alias statement describing additional information related to an identity of the first entity or the second entity, wherein the record also contains the alias statement;
wherein the record is a condensed and simple representation of the session from which the information was extracted,wherein at least the translating steps are preformed in an analyzer that is in communication with a parser.
16 Assignments
0 Petitions
Accused Products
Abstract
A system for and method of extracting information from multiple sessions of disparate protocols into a common language is disclosed. A method of creating a record conforming to an event-based language is also disclosed. A system configured to create a record conforming to an event-based language is also disclosed.
33 Citations
13 Claims
-
1. A method of extracting information from a network session comprising a plurality of packets to create a record conforming to an event-based language comprising the steps of:
-
receiving a session comprising a plurality of packets that have previously been exchanged in a session between a first entity and a second entity; extracting information from the session; translating the information into an event statement describing an event between a first entity and a second entity; creating a record containing the event statement, wherein the event statement describes an application used for the event, and an action describing the event; further translating the information into a session statement describing the session of which the event is a part, wherein the record also contains the session statement; translating the information into a property statement describing properties of the event, wherein the record also contains the property statement; translating the information into a route statement describing a route through a network traveled by the event, the session or a part of the session, wherein the record also contains the route statement; translating the information into an alias statement describing additional information related to an identity of the first entity or the second entity, wherein the record also contains the alias statement; wherein the record is a condensed and simple representation of the session from which the information was extracted, wherein at least the translating steps are preformed in an analyzer that is in communication with a parser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification