System and method for heuristic determination of network protocols
First Claim
Patent Images
1. A non-transitory computer readable medium, comprising:
- an engine software module for at least one of sequencing and reassembling network communications; and
a plurality of protocol interpreter software modules coupled to the engine software module for identifying protocols associated with network communications, wherein each of the plurality of protocol interpreter software modules is adapted for identifying a particular protocol associated with a network communication based on a port number associated with the network communication, and heuristically identifying the particular protocol associated with a network communication using a plurality of heuristic functions if the particular protocol is not identified via the port number, the heuristic functions being organized based on priorities of the heuristic functions, and wherein the priorities are used to call the heuristic functions in a specific order until the particular protocol is identified; and
wherein each of the plurality of protocol interpreter modules is further adapted for registering the protocol interpreter software module with the engine software module and indicating to the engine software module how the particular protocol is to be reassembled by the engine software module, and wherein registering the protocol interpreter software module with the engine software module includes registering a heuristic table including the plurality of heuristic functions and the associated priorities with the engine software module.
9 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for heuristically identifying protocols during network analysis utilizing a network analyzer. First provided is a sequencing and reassembly (SAR) engine module for sequencing and/or re-assembling network communications. Coupled to the engine module is a plurality of protocol interpreter modules for interpreting protocols associated with the network communications. At least one of the protocol interpreter modules is adapted for heuristically identifying protocols associated with the network communications.
34 Citations
25 Claims
-
1. A non-transitory computer readable medium, comprising:
-
an engine software module for at least one of sequencing and reassembling network communications; and a plurality of protocol interpreter software modules coupled to the engine software module for identifying protocols associated with network communications, wherein each of the plurality of protocol interpreter software modules is adapted for identifying a particular protocol associated with a network communication based on a port number associated with the network communication, and heuristically identifying the particular protocol associated with a network communication using a plurality of heuristic functions if the particular protocol is not identified via the port number, the heuristic functions being organized based on priorities of the heuristic functions, and wherein the priorities are used to call the heuristic functions in a specific order until the particular protocol is identified; and wherein each of the plurality of protocol interpreter modules is further adapted for registering the protocol interpreter software module with the engine software module and indicating to the engine software module how the particular protocol is to be reassembled by the engine software module, and wherein registering the protocol interpreter software module with the engine software module includes registering a heuristic table including the plurality of heuristic functions and the associated priorities with the engine software module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20, 23)
-
-
8. A network analyzer comprising:
-
a memory configured to store data, and a processor operable to execute instructions associated with the data, the network analyzer being configured to; register at least one of a plurality of protocol interpreter software modules with an engine software module for identifying protocols associated with network communications, wherein each of the plurality of protocol interpreter software modules is adapted for identifying a particular protocol associated with a network communication based on a port number associated with the network communication, and wherein registering the at least one protocol interpreter software module with the engine software module includes registering a heuristic table including the plurality of heuristic functions and the associated priorities with the engine software module; indicate, by the at least one protocol interpreter software module, to the engine software module how the particular protocol is to be reassembled by the engine software module; receive a network communication; identify a particular protocol associated with the network communication based on a port number associated with the network communication; and heuristically identify the particular protocol associated with the network communication using a plurality of heuristic functions if the particular protocol is not identified via the port number, the heuristic functions being organized based on priorities of the heuristic functions, and wherein the priorities are used to call the heuristic functions in a specific order until the particular protocol is identified. - View Dependent Claims (9, 10, 11, 12, 13, 21, 24)
-
-
14. A method, comprising:
-
registering at least one of a plurality of protocol interpreter software modules with an engine software module for identifying protocols associated with network communications, wherein each of the plurality of protocol interpreter software modules is adapted for identifying a particular protocol associated with a network communication based on a port number associated with the network communication, and wherein registering the at least one protocol interpreter software module with the engine software module includes registering a heuristic table including the plurality of heuristic functions and the associated priorities with the engine software module; indicating, by the at least one protocol interpreter software module, to the engine software module how the particular protocol is to be reassembled by the engine software module; receiving a network communication; identifying a particular protocol associated with a network communication based on a port number associated with the network communication; and heuristically identifying the particular protocol associated with the network communication using a plurality of heuristic functions if the particular protocol is not identified via the port number, the heuristic functions being organized based on priorities of the heuristic functions, and wherein the priorities are used to call the heuristic functions in a specific order until the particular protocol is identified. - View Dependent Claims (15, 16, 17, 18, 19, 22, 25)
-
Specification