Network sniffer for performing service level management
First Claim
Patent Images
1. A network sniffer for passively capturing data traffic flows between a plurality of clients and a plurality of web servers, the network sniffer comprising:
- a traffic processor for processing data traffic sent from the plurality of clients and from the plurality of web servers, wherein the traffic processor is configured to collect contexts by parsing each request for content from each of the plurality of clients to retrieve a context, wherein the context includes at least one of a web server name and request parameters;
an application learner for identifying transactions sent from the plurality of clients, wherein the application learner is configured to determine if the each request for content belongs to a previously discovered application, and when the each request for content has been determined as belonging to the previously discovered application, the application learner is configured to assign an application identification of the previously discovered application to the context that is retrieved by parsing the each request for content;
a monitor for monitoring and generating statistics respective of the operation of the web servers and their respective web applications; and
a controller for performing a corrective action when a predefined policy has been violated, wherein the predefined policy defines a minimum allowable throughput for an application, wherein the corrective action comprises stalling traffic directed to a server that executes the application, wherein a result of the corrective action is monitored to determine whether at least one monitored parameter is improved due to the corrective action and the controller is updated with a next corrective action to activate when a subsequent request is received based on the monitored result,wherein at least one of the traffic processor, the application learner and the monitor is implemented in hardware or stored in a memory.
3 Assignments
0 Petitions
Accused Products
Abstract
A network sniffer where the sniffer learns the structure of a web application, monitors the operation of the application, and optionally controls the processing of incoming requests to achieve optimal performance as defined in a service level agreement (SLA). The network sniffer is operative for example in enterprise web applications and in enterprise data centers that deploy web applications and optimally is adapted to maintain a consistent level of service of web applications.
77 Citations
62 Claims
-
1. A network sniffer for passively capturing data traffic flows between a plurality of clients and a plurality of web servers, the network sniffer comprising:
-
a traffic processor for processing data traffic sent from the plurality of clients and from the plurality of web servers, wherein the traffic processor is configured to collect contexts by parsing each request for content from each of the plurality of clients to retrieve a context, wherein the context includes at least one of a web server name and request parameters; an application learner for identifying transactions sent from the plurality of clients, wherein the application learner is configured to determine if the each request for content belongs to a previously discovered application, and when the each request for content has been determined as belonging to the previously discovered application, the application learner is configured to assign an application identification of the previously discovered application to the context that is retrieved by parsing the each request for content; a monitor for monitoring and generating statistics respective of the operation of the web servers and their respective web applications; and a controller for performing a corrective action when a predefined policy has been violated, wherein the predefined policy defines a minimum allowable throughput for an application, wherein the corrective action comprises stalling traffic directed to a server that executes the application, wherein a result of the corrective action is monitored to determine whether at least one monitored parameter is improved due to the corrective action and the controller is updated with a next corrective action to activate when a subsequent request is received based on the monitored result, wherein at least one of the traffic processor, the application learner and the monitor is implemented in hardware or stored in a memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for passively capturing data traffic flows between a plurality of clients and a plurality of web servers, the method comprising:
-
processing data traffic sent from the plurality of clients and from the plurality of web servers, comprising collecting contexts by parsing each request for content from each of the plurality of clients to retrieve a context, wherein the context includes at least one of a web server name and request parameters; identifying transactions sent from the plurality of clients, comprising determining if the each request for content belongs to a previously discovered application, and when the each request for content has been determined as belonging to the previously discovered application, assigning an application identification of the previously discovered application to the context that is retrieved by parsing the each request for content; monitoring and generating statistics respective of the operation of the web servers and their respective web applications; performing a corrective action when a predefined policy has been violated, wherein the predefined policy defines a minimum allowable throughput for an application, wherein performing the corrective action comprises stalling traffic directed to a server that executes the application; and monitoring a result of the corrective action to determine whether at least one monitored parameter is improved due to the corrective action and activating a next corrective action when a subsequent request is received based on the monitored result. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A computer program product including a non-transitory computer-readable medium comprising software instructions operable to enable a computer to perform a method for passively capturing data traffic flows between a plurality of clients and a plurality of web servers, the method comprising:
-
processing data traffic sent from the plurality of clients and from the plurality of web servers, comprising collecting contexts by parsing each request for content from each of the plurality of clients to retrieve a context, wherein the context includes at least one of a web server name and request parameters; identifying transactions sent from the plurality of clients, comprising determining if the each request for content belongs to a previously discovered application, and when the each request for content has been determined as belonging to the previously discovered application, assigning an application identification of the previously discovered application to the context that is retrieved by parsing the each request for content; monitoring and generating statistics respective of the operation of the web servers and their respective web applications; performing a corrective action when a predefined policy has been violated, wherein the predefined policy defines a minimum allowable throughput for an application, wherein performing the corrective action comprises stalling traffic directed to a server that executes the application; and monitoring a result of the corrective action to determine whether at least one monitored parameter is improved due to the corrective action and activating a next corrective action when a subsequent request is received based on the monitored result. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
Specification