Real-time adaptive processing of network data packets for analysis

US 9,686,157 B2
Filed: 10/06/2015
Issued: 06/20/2017
Est. Priority Date: 04/08/2010
Status: Active Grant

First Claim

Patent Images

1. A method for processing network data for analysis, comprising:

determining, by a network monitoring device coupled to a computer network, a session associated with data packets received by a network monitoring device at a location in a network;

generating a common header summarizing information in headers of a plurality of data packets in the session by the network monitoring device;

generating a unit of payload metadata summarizing information in payloads of the plurality of the data packets in the session by the network monitoring device; and

generating, for each session, a session record for storing the session record, the session record including the common header and the payload metadata by the network monitoring device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network monitoring system that summarizes a plurality of data packets of a session into a compact session record for storage and processing. Each session record may be produced in real-time and made available during the session and/or after the termination of the session. Depending on protocols, a network monitoring system extracts different sets of information, removes redundant information from the plurality of data packets, and adds performance information to produce the session record. The network monitoring system may retrieve and process a single session record or multiple session records for the same or different protocols to determine cause of events, resolve issues in a network or evaluate network performance or conditions. The session record enables analysis in the units of session instead of individual packets. Hence, the network monitoring system can analyze events, issues or performance of the network more efficiently and effectively.

8 Citations

19 Claims

1. A method for processing network data for analysis, comprising:
- determining, by a network monitoring device coupled to a computer network, a session associated with data packets received by a network monitoring device at a location in a network;
  
  generating a common header summarizing information in headers of a plurality of data packets in the session by the network monitoring device;
  
  generating a unit of payload metadata summarizing information in payloads of the plurality of the data packets in the session by the network monitoring device; and
  
  generating, for each session, a session record for storing the session record, the session record including the common header and the payload metadata by the network monitoring device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising determining a protocol associated with the session, information included in the common header or the payload metadata of each session is determined based on a protocol associated with the session.
  - 3. The method of claim 1, wherein the common header and the payload metadata are generated in real-time responsive to receiving data packets for the session from the network.
  - 4. The method of claim 1, further comprising:
    - generating performance parameters representing performance of the network for transmitting the plurality of the data packets in the session; and
      
      adding the performance parameters in the session record.
  - 5. The method of claim 4, wherein the performance parameters comprise at least one of a packet loss rate, a response time, a number of packets or bytes transmitted, parameters indicative of transmission latency, codec parameters, total transfer time for the session, R-Factor (rating factor), MOS (Mean Opinion Score), a file or page size, a file name, sender/receive information, a total transfer time, a user ID, jitter, and phone number.
  - 6. The method of claim 1, further comprising generating mapping information representing at least one other session associated with the session, the mapping information included in the session record.
  - 7. The method of claim 6, wherein the session and the other session are associated with planes in a same protocol.
  - 8. The method of claim 6, wherein the session is associated with a first protocol and the other session is associated with a second protocol different than the first protocol.
  - 9. The method of claim 1, wherein the session record further stores links to the plurality of the data packets in the session.
  - 10. The method of claim 1, further comprising:
    - receiving a condition for a set of data packets;
      
      identifying one or more session records matching the condition; and
      
      determining a set of data packets associated with the one or more identified session records.
  - 11. The method of claim 1, wherein the common header comprises fields of the headers that remain unchanged throughout each session.

12. A network monitoring device coupled to a computer network for processing network data for analysis, comprising:
- a network interface configured to receive data packets at a location in a network; and
  
  a session tracing engine configured to;
  
  determine a session associated with the received data packets;
  
  generate a common header summarizing information in headers of a plurality of data packets in a session;
  
  generate a unit of payload metadata summarizing information in payloads of the plurality of the data packets in the session; and
  
  generate, for each session, a session record including the common header and the payload metadata.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The network monitoring device of claim 12, wherein the session tracing engine is further configured to determine a protocol associated with the session, at least one of the common header and the payload metadata generated based on the protocol.
  - 14. The network monitoring device of claim 12, wherein the session tracing engine is configured to generate the common header and the payload metadata in real-time responsive to receiving data packets for the session from the network.
  - 15. The network monitoring device of claim 12, wherein the session tracing engine is further configured to:
    - generate performance parameters representing performance of the network for transmitting the plurality of the data packets in the session; and
      
      add the performance parameters in the session record.
  - 16. The network monitoring device of claim 15, wherein the performance parameters comprise at least one of a packet loss rate, a response time, a number of packets or bytes transmitted, parameters indicative of transmission latency, codec parameters, total transfer time for the session, R-Factor (rating factor), MOS (Mean Opinion Score), a file or page size, a file name, sender/receive information, a total transfer time, a user ID, jitter, and phone number.
  - 17. The network monitoring device of claim 12, wherein the session tracing engine is further configured to generate mapping information representing at least one other session associated with the session, the mapping information included in the session record.
  - 18. The network monitoring device of claim 17, wherein the session and the other session are associated with different planes in a same protocol.
  - 19. The network monitoring device of claim 17 wherein the session is associated with a first protocol and the other session is associated with a second protocol different from the first protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetScout Systems Incorporated
Original Assignee
NetScout Systems Incorporated
Inventors
Singhal, Anil K., Kelley, Bruce A., Nadkarni, Rajeev, Byrapuram, Narendra, Saraswati, Abhishek, Singhal, Ashwani
Primary Examiner(s)
SINKANTARAKORN, PAWARIS

Application Number

US14/876,725
Publication Number

US 20160028597A1
Time in Patent Office

623 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/069   using logs of notifications...

H04L 43/026   using flow identification

H04L 43/028   by filtering

H04L 43/062   related to network traffic

H04L 43/08   Monitoring or testing based...

H04L 43/0829   Packet loss

H04L 43/087   Jitter

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/0882   Utilisation of link capacity

H04L 43/16   Threshold monitoring

H04L 69/22   Parsing or analysis of headers

Y02D 30/50   in wire-line communication ...

Real-time adaptive processing of network data packets for analysis

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time adaptive processing of network data packets for analysis

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links