Network analysis system and method

US 7,962,606 B2
Filed: 01/24/2006
Issued: 06/14/2011
Est. Priority Date: 01/24/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A packet-based network analysis system, comprising:

a correlator processor configured to;

receive from a plurality of capture devices packet records corresponding to packets communicated over a network and store the packet records in a data store, each packet record generated by a capture device in response to the capture device receiving a packet communicated over the network and having a timestamp corresponding to a time the capture device received the packet;

determine if a received packet record received by a first capture device at a particular time corresponds to a retransmitted packet and/or a duplicate packet by comparing the received packet record to the packet records stored in the data store, wherein;

determining the received packet record received by the first capture device at the particular time corresponds to a retransmitted packet comprises determining that the received packet record has been previously received by the first capture device prior to the particular time and previously stored in the data store as a packet record; and

determining the received packet record received by the first capture device at the particular time corresponds to a duplicate packet comprises determining that;

the received packet record has been received by a second capture device and is stored in the data store as a packet record; and

the received packet record has not previously been received by the first capture device prior to the particular time;

in response to determining that the received packet record corresponds to a retransmitted packet based on the comparison of the received packet record to a packet record stored in the data store, classify the packet record stored in the data store as a retransmitted packet record;

in response to determining that the received packet record corresponds to a duplicate packet based on a comparison of the received packet record to a packet record stored in the data store;

designate the second capture device as a master capture device;

calculate and store a timing offset between the master capture device and the first capture device from the timestamp of the received packet record received by the first capture device corresponding to the duplicate packet and the timestamp of the received packet record received by the second capture device only when the received packet record received by the first capture device corresponds to only a duplicate packet record; and

apply the timing offset to the timestamps of subsequent packet records received by the first capture device to timestamp synchronize packet records received by the first capture device to the master capture device only when the received packet record received by the first capture device corresponds to only a duplicate packet record; and

discard the received packet record and classify the packet record stored in the data store as a duplicate packet record; and

generate correlated packet records from the packet records stored in the data store, the correlated packet records representative of the order in which the packets were transmitted in the network;

wherein;

determining a received packet record received by the first capture device that corresponds to a retransmitted packet further corresponds to a duplicate packet record by determining that the received packet record has been previously received by the first capture device and previously stored in the data store as a packet record and has been previously received by a second capture device, wherein a timing offset is not applied to the retransmitted packet that further corresponds to a duplicate packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for analyzing a packet-based network includes a correlator processor that is configured to receive packet records corresponding to packets communicated over a network and store the packet records in a data store. The correlator processor is also configured to generate correlated packet records from the packet records stored in the data store, the correlated packet records representative of the order in which the packets were transmitted in the network.

75 Citations

View as Search Results

15 Claims

1. A packet-based network analysis system, comprising:
- a correlator processor configured to;
  
  receive from a plurality of capture devices packet records corresponding to packets communicated over a network and store the packet records in a data store, each packet record generated by a capture device in response to the capture device receiving a packet communicated over the network and having a timestamp corresponding to a time the capture device received the packet;
  
  determine if a received packet record received by a first capture device at a particular time corresponds to a retransmitted packet and/or a duplicate packet by comparing the received packet record to the packet records stored in the data store, wherein;
  
  determining the received packet record received by the first capture device at the particular time corresponds to a retransmitted packet comprises determining that the received packet record has been previously received by the first capture device prior to the particular time and previously stored in the data store as a packet record; and
  
  determining the received packet record received by the first capture device at the particular time corresponds to a duplicate packet comprises determining that;
  
  the received packet record has been received by a second capture device and is stored in the data store as a packet record; and
  
  the received packet record has not previously been received by the first capture device prior to the particular time;
  
  in response to determining that the received packet record corresponds to a retransmitted packet based on the comparison of the received packet record to a packet record stored in the data store, classify the packet record stored in the data store as a retransmitted packet record;
  
  in response to determining that the received packet record corresponds to a duplicate packet based on a comparison of the received packet record to a packet record stored in the data store;
  
  designate the second capture device as a master capture device;
  
  calculate and store a timing offset between the master capture device and the first capture device from the timestamp of the received packet record received by the first capture device corresponding to the duplicate packet and the timestamp of the received packet record received by the second capture device only when the received packet record received by the first capture device corresponds to only a duplicate packet record; and
  
  apply the timing offset to the timestamps of subsequent packet records received by the first capture device to timestamp synchronize packet records received by the first capture device to the master capture device only when the received packet record received by the first capture device corresponds to only a duplicate packet record; and
  
  discard the received packet record and classify the packet record stored in the data store as a duplicate packet record; and
  
  generate correlated packet records from the packet records stored in the data store, the correlated packet records representative of the order in which the packets were transmitted in the network;
  
  wherein;
  
  determining a received packet record received by the first capture device that corresponds to a retransmitted packet further corresponds to a duplicate packet record by determining that the received packet record has been previously received by the first capture device and previously stored in the data store as a packet record and has been previously received by a second capture device, wherein a timing offset is not applied to the retransmitted packet that further corresponds to a duplicate packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The packet-based network analysis system of claim 1, further comprising:
    - a capture device configured to monitor packets communicated over the network and create the corresponding packet records.
  - 3. The packet-based network analysis system of claim 2, wherein:
    - the capture device is configured to create corresponding packet records by including a subset of a packet in each corresponding packet record.
  - 4. The packet-based network analysis system of claim 1, wherein:
    - the correlator processor is configured to compare the received packet record to the packet records stored in the data store by comparing packet data in the received packet record to packet data of the packet records stored in the data store.
  - 5. The packet-based network analysis system of claim 4, wherein:
    - the correlator processor is configured to compare packet data in the received packet record to packet data of the packet records stored in the data store by generating cyclic redundancy checksums for the packets.
  - 6. The packet-based network analysis system of claim 1, further comprising:
    - a plurality of capture devices configured to monitor packets communicated over the network and create the corresponding packet records, and wherein each capture device includes a capture clock and each capture device is further configured to include a timestamp in each packet record corresponding to the capture clock time the capture device detects the start of frame of a packet.
  - 7. The packet-based network analysis system of claim 1, wherein:
    - the correlator processor is configured to calculate a second timing offset of a duplicate packet record representative of the time difference between which a duplicate packet was received by the second capture device and received by a third capture device.
  - 8. The packet-based network analysis system of claim 7, wherein:
    - the correlator processor is further configured to apply the second timing offset for all subsequent packet records received by the third capture device.
  - 9. The packet-based network analysis system of claim 1, wherein:
    - timing offsets are calculated for every duplicate packet received.
  - 10. The packet-based network analysis system of claim 1, wherein:
    - the network comprises a ZigBee network.
  - 11. The packet-based network analysis system of claim 1, wherein:
    - the correlated packet records that are representative of the order in which the packets were transmitted in the network comprise hop data and timing data representative of the packet path and packet transmission times in the network for each corresponding packet.
  - 12. The packet-based network analysis system of claim 11, wherein:
    - each correlated packet record comprises hop data and timing data for only one hop of a corresponding packet path in the network.

13. A correlator processor for analyzing packet transmissions in a packet-based network, the correlator processor comprising:
- a data store;
  
  a communication subsystem; and
  
  a processing subsystem in data communication with the communication subsystem and the data store;
  
  wherein the correlator processor is configured to;
  
  receive from a plurality of capture devices packet records corresponding to packets communicated over a network and store the packet records in a data store, each packet record generated by a capture device in response to the capture device receiving a packet communicated over the network; and
  
  generate correlated packet records from the packet records stored in the data store, the correlated packet records comprising hop data and timing data representative of the packet path and packet transmission times in the network for each corresponding packet, the correlated packet records filtered of duplicate packet records for duplicate packet transmissions and duplicate packet retransmissions;
  
  wherein the correlator processor is configured to;
  
  determine if a received packet record received by a first capture device at a particular time corresponds to a retransmitted packet and/or a duplicate packet by comparing the received packet record to the packet records stored in the data store, wherein;
  
  determining the received packet record received by the first capture device at the particular time corresponds to a retransmitted packet comprises determining that the received packet record has been previously received by the first capture device prior to the particular time and previously stored in the data store as a packet record; and
  
  determining the received packet record received by the first capture device at the particular time corresponds to a duplicate packet comprises determiningthe received packet record has been received by a second capture device and is stored in the data store as a packet record; and
  
  the received packet record has not previously been received by the first capture device prior to the particular time;
  
  in response to determining that the received packet record corresponds to a retransmitted packet based on the comparison of the received packet record to a packet record stored in the data store, classify the packet record stored in the data store as a retransmitted packet record;
  
  in response to determining that the received packet record corresponds to a duplicate packet based on a comparison of the received packet record to a packet record stored in the data store, discard the received packet record;
  
  thereby filtering the packet records for duplicate packet transmissions and duplicate packet retransmissions;
  
  wherein;
  
  each packet record generated by a capture device in response to the capture device receiving a packet communicated over the network includes a timestamp corresponding to a time the capture device received the packet; and
  
  the correlator processor is further configured to;
  
  designate the second capture device as a master capture device;
  
  calculate and store a timing offset between the master capture device and the first capture device from the timestamp of the received packet record received by the first capture device corresponding to a duplicate packet record and the timestamp of the received packet record received by the second capture device only when the received packet record received by the first capture device corresponds to only a duplicate packet record; and
  
  apply the timing offset to the timestamps of subsequent packet records received by the first capture device to timestamp synchronize packet records received by the first capture device to the master capture device;
  
  determine a received packet record by the first capture device that corresponds to a retransmitted packet further corresponds to a duplicate packet record by determining that the received packet record has been previously received by the first capture device and previously stored in the data store as a packet record and has been previously received by a second capture device, wherein a timing offset is not applied to the retransmitted packet that further corresponds to a duplicate packet.

14. A computer implemented method for analyzing a packet-based network, comprising:
- receiving from a plurality of capture devices packet records corresponding to packets communicated over the network and storing the packet records, each packet record generated by a capture device in response to the capture device receiving a packet communicated over the network;
  
  determining if a received packet record received by a first capture device at a particular time corresponds to a retransmitted packet and/or a duplicate packet by comparing the received packet record to the packet records stored in the data store, wherein;
  
  determining the received packet record received by the first capture device at the particular time corresponds to a retransmitted packet comprises determining that the received packet record has been previously received by the first capture device prior to the particular time and previously stored in the data store as a packet record;
  
  determining the received packet record received by the first capture device at the particular time corresponds to a duplicate packet comprises determining that;
  
  the received packet record has been received by a second capture device and is stored in the data store as a packet record; and
  
  the received packet record has not previously been received by the first capture device prior to the particular time;
  
  in response to determining that the received packet record corresponds to a retransmitted packet based on the comparison of the received packet record to a packet record stored in the data store, classify the packet record stored in the data store as a retransmitted packet record;
  
  in response to determining that the received packet record corresponds to a duplicate packet based on a comparison of the received packet record to a packet record stored in the data store, discard the received packet record; and
  
  generating correlated packet records from the stored packet records, the correlated packet records representative of the order in which the packets were transmitted in the network;
  
  wherein;
  
  each packet record generated by a capture device in response to the capture device receiving a packet communicated over the network includes a timestamp corresponding to a time the capture device received the packet; and
  
  further comprising;
  
  designating the second capture device as a master capture device;
  
  calculating and storing a timing offset between the master capture device and the first capture device from the timestamp of the received packet record corresponding to a duplicate packet record received by the first capture device and the timestamp of the received packet record received by the second capture device only when the received packet record received by the first capture device corresponds to only a duplicate packet record; and
  
  apply the timing offset to the timestamps of subsequent packet records received by the first capture device to timestamp synchronize packet records received by the first capture device to the master capture device;
  
  determining a received packet record by the first capture device that corresponds to a retransmitted packet further corresponds to a duplicate packet record by determining that the received packet record has been previously received by the first capture device and previously stored in the data store as a packet record and has been previously received by a second capture device, wherein a timing offset is not applied to the retransmitted packet that further corresponds to a duplicate packet.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein:
    - the correlated packet records comprise hop data and timing data representative of the packet path and packet transmission times in the network for each corresponding packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daintree Networks Pty Ltd. (GE Aerospace)
Original Assignee
Daintree Networks Pty Ltd. (GE Aerospace)
Inventors
Barron, Gregory Joseph, Choong, Jason Yew Choo, Cobb, Peter Graeme, Wood, William Raymond
Primary Examiner(s)
Patel; Ashok B
Assistant Examiner(s)
GOLDBERG, ANDREW C

Application Number

US11/338,460
Publication Number

US 20060168205A1
Time in Patent Office

1,967 Days
Field of Search

709/224, 702/182
US Class Current

709/224
CPC Class Codes

H04L 1/1835   Buffer management

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 41/34   Signalling channels for net...

H04L 41/344   Out-of-band transfers

H04L 43/026   using flow identification

H04L 43/045   for graphical visualisation...

H04L 43/106   using time related informat...

H04L 43/12   Network monitoring probes

H04L 67/12   specially adapted for propr...

H04L 67/125   involving control of end-de...

H04L 67/75   Indicating network or usage...

H04W 24/00   Supervisory, monitoring or ...

H04W 40/00   Communication routing or co...

H04W 80/02   Data link layer protocols

Network analysis system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Network analysis system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links