Network monitoring system

US 8,150,471 B2
Filed: 10/10/2003
Issued: 04/03/2012
Est. Priority Date: 10/15/2002
Status: Active Grant

First Claim

Patent Images

1. A network monitoring system that monitors a communication within a network including a plurality of terminals, the terminals including at least a client and a server, the terminals communicating a plurality of action contents with each other, each action content having a group of associated packets, the network monitoring system comprising:

a data acquisition section that acquires a plurality of packets flown on the network;

a data analysis section that analyzes each of the packets to extract the group of associated packets from all the packets and that acquires an action content from the group of associated packets, the data analysis section extracting a plurality of groups of the associated packets and acquiring a plurality of action contents therefrom;

a display-information generation section that generates display information by chronologically aligning the plurality of action contents to correspond to respective times when the action contents are actually communicated; and

a display unit that displays an association graph indicating the terminals within the network and that overlaps additional objects on the association graph the additional objects being generated in accordance with the display, the additional objects being overlapped on the association graph in a chronological order corresponding to the respective times when the action contents are actually communicated,wherein the additional objects include;

the type of operating system employed by the client,the type of operating system employed by the server,an account name of a user accessing the client, andan icon representing the account name.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network monitoring system according, first, a data acquisition section acquires a plurality of packets flowing on a network. Then, a data analysis section acquires action explanation information for explaining a single action from the plural packets acquired by the data acquisition section. Then, a display-information generation section displays the single action on the network on the single screen based on the action explanation information acquired by this data analysis section.

16 Citations

View as Search Results

27 Claims

1. A network monitoring system that monitors a communication within a network including a plurality of terminals, the terminals including at least a client and a server, the terminals communicating a plurality of action contents with each other, each action content having a group of associated packets, the network monitoring system comprising:
- a data acquisition section that acquires a plurality of packets flown on the network;
  
  a data analysis section that analyzes each of the packets to extract the group of associated packets from all the packets and that acquires an action content from the group of associated packets, the data analysis section extracting a plurality of groups of the associated packets and acquiring a plurality of action contents therefrom;
  
  a display-information generation section that generates display information by chronologically aligning the plurality of action contents to correspond to respective times when the action contents are actually communicated; and
  
  a display unit that displays an association graph indicating the terminals within the network and that overlaps additional objects on the association graph the additional objects being generated in accordance with the display, the additional objects being overlapped on the association graph in a chronological order corresponding to the respective times when the action contents are actually communicated,wherein the additional objects include;
  
  the type of operating system employed by the client,the type of operating system employed by the server,an account name of a user accessing the client, andan icon representing the account name.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 25)
- - 2. The network monitoring system according to claim 1, wherein the action content is defined in advance.
  - 3. The network monitoring system according to claim 1, wherein the data analysis section identifies kinds of the packets acquired by the data acquisition section and acquires the action content from the packets on the basis of the identified kinds of packets.
  - 4. The network monitoring system according to claim 1, wherein the action content includes:
    - sending source computer information and destination computer information included in a connection packet;
      
      user information included in an authentication packet;
      
      action object information included in an object specification packet;
      
      action information included in a command packet; and
      
      data included in a data packet.
  - 5. The network monitoring system according to claim 1, further comprising:
    - an analysis data storage section that stores the action content acquired by the data analysis section, wherein;
      
      the display-information generation section regenerates information of when the action contents are communicated from the action content stored by the analysis data storage section.
  - 6. The network monitoring system according to claim 5, wherein:
    - the action content stored by the analysis data storage section includes time information, which corresponds to the time at which a single action occurred; and
      
      the display-information generation section determines the time interval that each individual action occurred using the time information stored by the analysis data storage section.
  - 7. The network monitoring system according to claim 5, wherein the display-information generation section continuously regenerates the association graph and overlapping additional objects after each predetermined period, which period is accurate within 500 milliseconds.
  - 8. The network monitoring system according to claim 1, wherein the display-information generation section extracts and generates information of each action occurring on the network in accordance with a display setting set by a user.
  - 25. The network monitoring system of claim 1, wherein the display unit displays a graphical representation of a communication connection between the client and the server.

9. A network monitoring method for monitoring a communication within a network including a plurality of terminals, the terminals including at least a client and a server, the terminals communicating a plurality of action contents with each other, each action content having a group of associated packets, the method comprising:
- acquiring a plurality of packets flown on the network;
  
  analyzing each of the packets to extract the group of associated packets from all the packets and acquiring an action content from the group of associated packets, and extracting a plurality of groups of the associated packets and acquiring a plurality of action contents therefrom;
  
  generating display information by chronologically aligning the plurality of action contents to correspond to respective times when the action contents are actually communicated; and
  
  displaying an association graph indicating the terminals within the network and overlapping additional objects on the association graph, the additional objects being generated in accordance with the display, the additional objects being overlapped on the association graph in a chronological order corresponding to the respective times when the action contents are actually communicated,wherein the additional objects include;
  
  the type of operating system employed by the client,the type of operating system employed by the server,an account name of a user accessing the client, andan icon representing the account name.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 26)
- - 10. The network monitoring method according to claim 9, wherein the action content is defined in advance.
  - 11. The network monitoring method according to claim 9, wherein in the acquisition of the action content, kinds of the packets acquired by the packet acquisition are identified and the action content is acquired from the packets on the basis of the identified kinds of packets.
  - 12. The network monitoring method according to claim 9, wherein the action content includes:
    - sending source computer information and destination computer information included in a connection packet;
      
      user information included in an authentication packet;
      
      action object information included in an object specification packet;
      
      action information included in a command packet; and
      
      data included in a data packet.
  - 13. The network monitoring method according to claim 9, further comprising:
    - storing the acquired action content, wherein;
      
      information of when the action contents are communicated is regenerated from the stored action content.
  - 14. The network monitoring method according to claim 13, wherein:
    - the stored action content includes time information, which corresponds to the time at which a single action occurred; and
      
      the time interval that each individual action occurred is determined using the stored time information.
  - 15. The network monitoring method according to claim 13, further comprising continuously regenerating the association graph and overlapping additional objects after each predetermined period, which period is accurate within 500 milliseconds.
  - 16. The network monitoring method according to claim 9, wherein information of each action occurring on the network is extracted and generated in accordance with a display setting set by a user.
  - 26. The network monitoring method of claim 9, further comprising displaying a graphical representation of a communication connection between the client and the server.

17. A network monitoring program recorded on a non-transitory computer readable storage medium and executable by a computer, the program making the computer monitor a communication within a network including a plurality of terminals, the terminals including at least a client and a server, the terminals communicating a plurality of action contents with each other, each action content having a group of associated packets, and perform a process comprising:
- acquiring a plurality of packets flown on the network;
  
  analyzing each of the packets to extract the group of associated packets from all the packets and acquiring an action content from the group of associated packets, and extracting a plurality of groups of the associated packets and acquiring a plurality of action contents therefrom;
  
  generating display information by chronologically aligning the plurality of action contents to correspond to respective times when the action contents are actually communicated; and
  
  displaying an association graph indicating the terminals within the network and overlapping additional objects on the association graph, the additional objects being generated in accordance with the display, the additional objects being overlapped on the association graph in a chronological order corresponding to the respective times when the action contents are actually communicated,wherein the additional objects includethe type of operating system employed by the client,the type of operating system employed by the server,an account name of a user accessing the client, andan icon representing the account name.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 27)
- - 18. The network monitoring program according to claim 17, wherein the action content is defined in advance.
  - 19. The network monitoring program according to claim 17, wherein in the acquisition of the action content, kinds of the packets acquired by the packet acquisition are identified and the action content is acquired from the packets on the basis of the identified kinds of packets.
  - 20. The network monitoring program according to claim 17, wherein the action content includes:
    - sending source computer information and destination computer information included in a connection packet;
      
      user information included in an authentication packet;
      
      action object information included in an object specification packet;
      
      action information included in a command packet; and
      
      data included in a data packet.
  - 21. The network monitoring program according to claim 17, wherein:
    - the process further comprises storing the acquired action content; and
      
      information of when the action contents are communicated is regenerated from the stored action content.
  - 22. The network monitoring program according to claim 21, wherein:
    - the stored action content includes time information, which corresponds to the time at which a single action occurred; and
      
      the time interval that each individual action occurred is determined using the stored time information.
  - 23. The network monitoring program according to claim 21, wherein the process further comprises continuously regenerating the association graph and overlapping additional objects after each predetermined period, which period is accurate within 500 milliseconds.
  - 24. The network monitoring program according to claim 17, wherein information of each action occurring on the network is extracted and generated in accordance with a display setting set by a user.
  - 27. The network monitoring program of claim 17, further comprising displaying a graphical representation of a communication connection between the client and the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yamatake Corporation
Original Assignee
Yamatake Corporation
Inventors
Arimoto, Michiharu, Seki, Hidenobu, Komoriya, Yoshiaki, Sanai, Daiji, Mishima, Takashi
Primary Examiner(s)
Shaw, Peling
Assistant Examiner(s)
CLOUD, JOIYA M

Application Number

US10/682,507
Publication Number

US 20040117481A1
Time in Patent Office

3,098 Days
Field of Search

709/223, 709/224
US Class Current

455/566
CPC Class Codes

H04L 41/22   comprising specially adapte...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

Network monitoring system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Network monitoring system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links