Technique of analyzing an information system state

US 7,752,307 B2
Filed: 07/02/2007
Issued: 07/06/2010
Est. Priority Date: 07/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method of analyzing a state of an information system connected between a plurality of information processors through a communication line, comprising the steps of:

capturing communication packets to be sent through the communication line;

identifying a data source and a data destination using a key;

searching for the key such that a header portion of the key corresponds to an internet protocol address and port number;

adding attribute values for each of a plurality of communication protocols for the information system used with multiple protocols to create a total attribute value for a source of the communication packets;

adding up all the attribute values for all the communication packets to detect abnormalities in the information system;

generating the key when the key is not detected;

counting packets corresponding to the key for determining communication conditions between the data source and the data destination;

extracting a first attribute value representing communication attributes from each of the captured communication packets to add attribute values for each destination of the captured communication packets;

extracting a second attribute value representing communication attributes from each of the captured communication packets to add the attribute values for each source of the captured communication packets;

determining which of a server function and a client function uses a communication port of each of the plurality of information processors, on the basis of a first total attribute value for the captured communication packets addressed to the communication port and a second total attribute value for the captured communication packets sent from the communication port, for the communication port of each of the plurality of information processors;

deriving a correspondence among the plurality of information processors in the information system;

outputting data regarding the correspondence among the plurality of information processors in the information system to a report device;

instructing a load-distributing device to distribute a processing load when the number of the plurality of information processors is larger than a predetermined value; and

changing a configuration of the plurality of information processors by changing settings regarding load distribution for the plurality of information processors when the number of the plurality of information processors is larger than the predetermined value.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for analyzing an information system connected between a plurality of information processors through a communication line, including: a capturing unit for capturing communication packets sent through the communication line; a first counting unit for extracting an attribute value representing communication attributes from each of the captured communication packets to add attribute values for each destination of the communication packets; a second counting unit for extracting an attribute value representing communication attributes from each of the captured communication packets to add attribute values for each source of the communication packets; and a determining unit for determining which of a server function and a client function uses a TCP/UDP port of each of the information processors on the basis of the total attribute value for communication packets addressed to the TCP/UDP port and the total attribute value for communication packets sent from the TCP/UDP port.

128 Citations

1 Claim

1. A method of analyzing a state of an information system connected between a plurality of information processors through a communication line, comprising the steps of:
- capturing communication packets to be sent through the communication line;
  
  identifying a data source and a data destination using a key;
  
  searching for the key such that a header portion of the key corresponds to an internet protocol address and port number;
  
  adding attribute values for each of a plurality of communication protocols for the information system used with multiple protocols to create a total attribute value for a source of the communication packets;
  
  adding up all the attribute values for all the communication packets to detect abnormalities in the information system;
  
  generating the key when the key is not detected;
  
  counting packets corresponding to the key for determining communication conditions between the data source and the data destination;
  
  extracting a first attribute value representing communication attributes from each of the captured communication packets to add attribute values for each destination of the captured communication packets;
  
  extracting a second attribute value representing communication attributes from each of the captured communication packets to add the attribute values for each source of the captured communication packets;
  
  determining which of a server function and a client function uses a communication port of each of the plurality of information processors, on the basis of a first total attribute value for the captured communication packets addressed to the communication port and a second total attribute value for the captured communication packets sent from the communication port, for the communication port of each of the plurality of information processors;
  
  deriving a correspondence among the plurality of information processors in the information system;
  
  outputting data regarding the correspondence among the plurality of information processors in the information system to a report device;
  
  instructing a load-distributing device to distribute a processing load when the number of the plurality of information processors is larger than a predetermined value; and
  
  changing a configuration of the plurality of information processors by changing settings regarding load distribution for the plurality of information processors when the number of the plurality of information processors is larger than the predetermined value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
X Corp. (f/k/a Twitter, Inc.) (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Takara, Maho
Primary Examiner(s)
Backer; Firmin
Assistant Examiner(s)
ALGIBHAH, HAMZA N

Application Number

US11/772,302
Publication Number

US 20080159165A1
Time in Patent Office

1,100 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 43/18   Protocol analysers

H04L 69/16   Implementation or adaptatio...

H04L 69/162   involving adaptations of so...

H04L 69/22   Parsing or analysis of headers

Technique of analyzing an information system state

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

1 Claim

Specification

Solutions

Use Cases

Quick Links

Technique of analyzing an information system state

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

1 Claim

Specification

Subscription Required

Solutions

Use Cases

Quick Links