Technique of analyzing an information system state
First Claim
1. A method of analyzing a state of an information system connected between a plurality of information processors through a communication line, comprising the steps of:
- capturing communication packets to be sent through the communication line;
identifying a data source and a data destination using a key;
searching for the key such that a header portion of the key corresponds to an internet protocol address and port number;
adding attribute values for each of a plurality of communication protocols for the information system used with multiple protocols to create a total attribute value for a source of the communication packets;
adding up all the attribute values for all the communication packets to detect abnormalities in the information system;
generating the key when the key is not detected;
counting packets corresponding to the key for determining communication conditions between the data source and the data destination;
extracting a first attribute value representing communication attributes from each of the captured communication packets to add attribute values for each destination of the captured communication packets;
extracting a second attribute value representing communication attributes from each of the captured communication packets to add the attribute values for each source of the captured communication packets;
determining which of a server function and a client function uses a communication port of each of the plurality of information processors, on the basis of a first total attribute value for the captured communication packets addressed to the communication port and a second total attribute value for the captured communication packets sent from the communication port, for the communication port of each of the plurality of information processors;
deriving a correspondence among the plurality of information processors in the information system;
outputting data regarding the correspondence among the plurality of information processors in the information system to a report device;
instructing a load-distributing device to distribute a processing load when the number of the plurality of information processors is larger than a predetermined value; and
changing a configuration of the plurality of information processors by changing settings regarding load distribution for the plurality of information processors when the number of the plurality of information processors is larger than the predetermined value.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for analyzing an information system connected between a plurality of information processors through a communication line, including: a capturing unit for capturing communication packets sent through the communication line; a first counting unit for extracting an attribute value representing communication attributes from each of the captured communication packets to add attribute values for each destination of the communication packets; a second counting unit for extracting an attribute value representing communication attributes from each of the captured communication packets to add attribute values for each source of the communication packets; and a determining unit for determining which of a server function and a client function uses a TCP/UDP port of each of the information processors on the basis of the total attribute value for communication packets addressed to the TCP/UDP port and the total attribute value for communication packets sent from the TCP/UDP port.
128 Citations
1 Claim
-
1. A method of analyzing a state of an information system connected between a plurality of information processors through a communication line, comprising the steps of:
-
capturing communication packets to be sent through the communication line; identifying a data source and a data destination using a key; searching for the key such that a header portion of the key corresponds to an internet protocol address and port number; adding attribute values for each of a plurality of communication protocols for the information system used with multiple protocols to create a total attribute value for a source of the communication packets; adding up all the attribute values for all the communication packets to detect abnormalities in the information system; generating the key when the key is not detected; counting packets corresponding to the key for determining communication conditions between the data source and the data destination; extracting a first attribute value representing communication attributes from each of the captured communication packets to add attribute values for each destination of the captured communication packets; extracting a second attribute value representing communication attributes from each of the captured communication packets to add the attribute values for each source of the captured communication packets; determining which of a server function and a client function uses a communication port of each of the plurality of information processors, on the basis of a first total attribute value for the captured communication packets addressed to the communication port and a second total attribute value for the captured communication packets sent from the communication port, for the communication port of each of the plurality of information processors; deriving a correspondence among the plurality of information processors in the information system; outputting data regarding the correspondence among the plurality of information processors in the information system to a report device; instructing a load-distributing device to distribute a processing load when the number of the plurality of information processors is larger than a predetermined value; and changing a configuration of the plurality of information processors by changing settings regarding load distribution for the plurality of information processors when the number of the plurality of information processors is larger than the predetermined value.
-
Specification