Methods and apparatus for analyzing and management of application traffic on networks
First Claim
1. A method for analyzing traffic on a network, comprising:
- at one or more monitoring devices connected to the network, monitoring packets exchanged between devices on the network by extracting from the packets header information comprising one or more of a source address, source port, destination address, and destination port;
at a computing device;
storing information that associates ranges of addresses and ports with applications that may be occurring between two devices on the network;
identifying application flows occurring on the network based on header information of packets, wherein an application flow consists of a collection of packets exchanged between two devices on the network for a single application, wherein identifying comprises comparing one or more elements of the header information of packets with the stored information pertaining to possible applications occurring on the network and assigning a packet to an application flow based on said comparing, wherein identifying further comprises examining the header information of a packet to determine whether it identifies a port hop and modifying the stored information to identify a new port associated with an application flow if a port hop is identified in the packet;
wherein when a port hop is detected in a collection of packets associated with an application flow previously identified from an original collection of packets, said assigning comprises assigning the collection of packets to the same application flow as the original collection of packets prior to the port hop in order to track the collection of packets after the port hop and the original collection of packets as one application flow; and
analyzing data pertaining to the application flows that are identified to generate statistics from the identified application flows that indicate performance of the network.
4 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method are provided for analyzing traffic on a network by monitoring packets sent between devices on the network and identifying applications occurring between devices on the network based on information derived from monitoring the packets. Techniques are provided to examine header information of the packets, such as information in the header of Internet Protocol (IP) packets, to identify applications that are occurring on the network. In some cases, information about the packet beyond the header information is examined to match a packet to a particular application. Using these techniques, a list is built of all of the applications occurring between devices on the network. Parameters may be generated to track one or more of the response time, latency and traffic volume associated with a particular device on the network.
-
Citations
40 Claims
-
1. A method for analyzing traffic on a network, comprising:
-
at one or more monitoring devices connected to the network, monitoring packets exchanged between devices on the network by extracting from the packets header information comprising one or more of a source address, source port, destination address, and destination port; at a computing device; storing information that associates ranges of addresses and ports with applications that may be occurring between two devices on the network; identifying application flows occurring on the network based on header information of packets, wherein an application flow consists of a collection of packets exchanged between two devices on the network for a single application, wherein identifying comprises comparing one or more elements of the header information of packets with the stored information pertaining to possible applications occurring on the network and assigning a packet to an application flow based on said comparing, wherein identifying further comprises examining the header information of a packet to determine whether it identifies a port hop and modifying the stored information to identify a new port associated with an application flow if a port hop is identified in the packet; wherein when a port hop is detected in a collection of packets associated with an application flow previously identified from an original collection of packets, said assigning comprises assigning the collection of packets to the same application flow as the original collection of packets prior to the port hop in order to track the collection of packets after the port hop and the original collection of packets as one application flow; and analyzing data pertaining to the application flows that are identified to generate statistics from the identified application flows that indicate performance of the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A tangible computer readable memory medium storing instructions, that when executed by a computer, cause the computer to perform functions of:
-
monitoring packets on a network exchanged between devices on the network by extracting from the packets header information comprising one or more of a source address, source port, destination address, and destination port; storing information that associates ranges of addresses and ports with applications that may be occurring between two devices on the network; identifying application flows occurring on the network based on header information of packets, wherein an application flow consists of a collection of packets exchanged between two devices on the network for a single application, wherein identifying comprises comparing one or more elements of the header information of packets with the stored information pertaining to possible applications occurring on the network and assigning a packet to an application flow based on the comparison, wherein the instructions for identifying comprise instructions for examining the header information of a packet to determine whether it identifies a port hop and to modify the stored information to identify a new port associated with an application flow if a port hop is identified in the packet; when a port hop is detected in a collection of packets associated with an application flow previously identified from an original collection of packets, assigning the collection of packets to the same application flow as the original collection of packets prior to the port hop in order track the collection of packets after the port hop and the original collection of packets as one application flow; and analyzing data pertaining to the application flows that are identified to generate statistics from the identified application flows that indicate performance of the network. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for monitoring a network, comprising:
-
at least one network monitoring device connected in the network so as to monitor packets exchanged between devices on the network by extracting from the packets header information comprising one or more of a source address, source port, destination address, and destination port; and a computer coupled to said at least one network monitoring device that identifies applications occurring between devices on the network based on information derived from said at least one network monitoring device, wherein the computer is configured to; store information that associates ranges of addresses and ports with applications that may be occurring between two devices on the network; identify application flows occurring on the network based on header information of packets, wherein an application flow consists of a collection of packets exchanged between two devices on the network for a single application, by comparing one or more elements of the header information of packets with the stored information pertaining to possible applications occurring on the network and assigning a packet to an application flow based on the comparison, and to examine the header information of a packet to determine whether it identifies a port hop in order to modify the stored information to identify a new port associated with an application flow if a port hop is identified in the packet; when a port hop is detected in a collection of packets associated with an application flow previously identified from an original collection of packets, assign the collection of packets to the same application flow as the original collection of packets prior to the port hop in order track the collection of packets after the port hop and the original collection of packets as one application flow; and analyze data pertaining to the application flows that are identified to generate statistics from the identified application flows that indicate performance of the network. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification