Generic discovery for computer networks
First Claim
1. A generic discovery method comprising:
- collecting at least partial data pertaining to components of a computer network;
determining communication information and application information from the collected data, at least some of the communication information being taken from intercepted network communications occurring between the components, the application information pertaining to at least some applications executing on the components;
identifying a first application installed on a first component of the computer network based on the communication information and the application information;
determining, based on the communication information, ports used on the first component that are characteristic of a type of communication protocol associated with the first application;
determining a subset of the determined ports that are used in communications intercepted between the first component and a second component of the computer network;
generating at least a first hypothesis of a relationship between one or more second applications of the second component and the first application by determining that the second applications are capable of communicating with the first application via the communication protocol;
generating at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports;
generating a schematic of components based at least on the first hypothesis and the second hypothesis;
matching a template of known components to at least a portion of the schematic; and
using characteristics associated with the template to determine that components represented in the portion of the schematic constitute the known components.
11 Assignments
0 Petitions
Accused Products
Abstract
A generic discovery methodology collects data pertaining to components of a computer network using various discovery technologies. From the collected data, the methodology identifies, filters and analyzes information related to inter-component communications. Using the communication and application information, the methodology determines reliable relationships for those components having sufficient information available. To qualify more components, the methodology implements a decision service to generate hypothetical relationships between components that are known and components that are unqualified or unknown. The hypothetical relationships are presented to a user for selection, and each hypothetical relationship is preferably associated with an indication of its reliability.
-
Citations
30 Claims
-
1. A generic discovery method comprising:
-
collecting at least partial data pertaining to components of a computer network; determining communication information and application information from the collected data, at least some of the communication information being taken from intercepted network communications occurring between the components, the application information pertaining to at least some applications executing on the components; identifying a first application installed on a first component of the computer network based on the communication information and the application information; determining, based on the communication information, ports used on the first component that are characteristic of a type of communication protocol associated with the first application; determining a subset of the determined ports that are used in communications intercepted between the first component and a second component of the computer network; generating at least a first hypothesis of a relationship between one or more second applications of the second component and the first application by determining that the second applications are capable of communicating with the first application via the communication protocol; generating at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports; generating a schematic of components based at least on the first hypothesis and the second hypothesis; matching a template of known components to at least a portion of the schematic; and using characteristics associated with the template to determine that components represented in the portion of the schematic constitute the known components. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A program storage device, readable by a programmable control device, comprising instructions stored on the program storage device for causing the programmable control device to:
-
collect at least partial data pertaining to components of a computer network; determine communication information and application information from the collected data, at least some of the communication information being extracted from intercepted network communications occurring between the components, the application information pertaining to at least some applications executing on the components; identifying a first application installed on a first component of the computer network based on the communication information and the application information; determining, based on the communication information, ports used on the first component that are characteristic of a type of communication protocol associated with the first application; determining a subset of the determined ports that are used in communications intercepted between the first component and a second component of the computer network; generate at least a first hypothesis of a relationship between one or more second applications of the second component and the first application by determining that the second applications are capable of communicating with the first application via the communication protocol; generate at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports; generate a schematic of components based at least on the first hypothesis and the second hypothesis; match a template of known components to at least a portion of the schematic; and use characteristics associated with the template to determine that components represented in the portion of the schematic constitute the known components. - View Dependent Claims (15)
-
-
16. Network discovery system, comprising:
-
a communication network; a plurality of components operatively coupled to the communication network; a programmable control device operatively coupled to the communication network; and a storage device operatively coupled to programmable control device, the storage device having stored therein program instructions for causing the programmable control device to; collect at least partial data pertaining to components of a computer network, determine communication information and application information from the collected data, at least some of the communication information being taken from intercepted communications occurring between the network components, the application information pertaining to at least some applications executing on the components, identify a first application installed on a first component of the computer network based on the communication information and the application information; determine, based on the communication information, ports used on the first component that are characteristic of a type of communication protocol associated with the first application; determine a subset of the determined ports that are used in communications intercepted between the first component and a second component of the computer network; generate at least a first hypothesis of a relationship between one or more second applications of the second component and the first application by determining that the second applications are capable of communicating with the first application via the communication protocol; generate at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports; generate a schematic of components based at least on the first hypothesis and the second hypothesis; match a template of known components to at least a portion of the schematic; and use characteristics associated with the template to determine that components represented in the portion of the schematic constitute the known components. - View Dependent Claims (17)
-
-
18. A computer-implemented network discovery method, comprising:
-
collecting data from a computer network, including from intercepted network communications occurring between components; identifying determinable information pertaining to at least some components, ports, communications, and applications that can be determined from the collected data; determining which one or more ports on a first component were associated in the intercepted communications with which of one or more applications executing on the first component by associating a port characteristic with a type of communication protocol or application and determining that the first application is of the type; determining which one or more of the associated ports were used to communicate with one or more ports of a second component; and assessing which one or more second applications are capable of communicating with or are compatible with the first application on the first component based on the ports of the first component and the ports of the second component used in the intercepted communications; and generating at least a first hypothetical relationship between the first component and the second component based on the assessing; generating at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports; and generating at least a third hypothetical relationship by; generating a schematic of components of the computer network using the determinable information and the collected data, matching a template of known components in a known relationship to at least a portion of the schematic, and using characteristics associated with the template to generate the at least one hypothetical relationship between components of the schematic matching the template. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A network discovery system, comprising:
-
a storage system for storing program instructions; and a programmable control device operatively coupled to the storage system, wherein the program instructions stored on the storage system cause the programmable control device to; collect data from a computer network, including from intercepted network communications occurring between components, determine that one or more ports of a first component were associated in the intercepted communications with a first application executing on the first component by associating a port characteristic with a type of communication protocol or application and determining that the first application is of the type, determine that one or more of the ports of the first component were used to communicate with one or more ports on a second component, assess which one or more second applications are capable of communicating with or are compatible with the first application on the first component based on the ports of the first component and the ports of the second component used in the intercepted communications, generate at least a first hypothetical relationship between the first component and the second component based on the assessing; generating at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports; and generating at least one other hypothetical relationship by; generating a schematic of components of the computer network using the determinable information and the collected data, matching a template of known components in a known relationship to at least a portion of the schematic, and using characteristics associated with the template to generate the at least one hypothetical relationship between components of the schematic matching the template.
-
-
28. A program storage device, readable by a programmable control device, comprising instructions stored on the program storage device for causing the programmable control device to:
-
collect data from a computer network, including from intercepted network communications occurring between components; determine that one or more ports of a first component were associated in the intercepted communications with a first application executing on the first component by associating a port characteristic with a type of communication protocol or application and determining that the first application is of the type; determine that one or more of the ports of the first component were used to communicate with one or more ports on a second component; assess which one or more second applications are capable of communicating with or are compatible with the first application on the first component based on the ports of the first component and the ports of the second component used in the intercepted communications; generate at least a first hypothetical relationship between the first component and the second component based on the assessing; generating at least a second hypothesis of an application executing on a third component based on determining a collection of ports used in the intercepted network communications on the third component and what one or more fourth components or applications were communicating with the collection of ports; and generating at least one other hypothetical relationship by; generating a schematic of components of the computer network using the determinable information and the collected data, matching a template of known components in a known relationship to at least a portion of the schematic, and using characteristics associated with the template to generate the at least one hypothetical relationship between components of the schematic matching the template. - View Dependent Claims (29, 30)
-
Specification