Generic discovery for computer networks

US 9,967,162 B2
Filed: 01/27/2014
Issued: 05/08/2018
Est. Priority Date: 12/06/2004
Status: Active Grant

First Claim

Patent Images

1. A component discovery method comprising:

intercepting data communications occurring between a first computer system in a computer network and a second computer system in the computer network;

identifying a sub-set of the intercepted data communications as important based on communication ports used in the data communications;

identifying at least a first application on the first computer system by analyzing the important data communications; and

generating a first hypothesis of an operational relationship between the first computer system and the second computer system based on the first application and the communication ports used by the important data communications.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A generic discovery methodology collects data pertaining to components of a computer network using various discovery technologies. From the collected data, the methodology identifies, filters and analyzes information related to inter-component communications. Using the communication and application information, the methodology determines reliable relationships for those components having sufficient information available. To qualify more components, the methodology implements a decision service to generate hypothetical relationships between components that are known and components that are unqualified or unknown. The hypothetical relationships are presented to a user for selection, and each hypothetical relationship is preferably associated with an indication of its reliability.

168 Citations

21 Claims

1. A component discovery method comprising:
- intercepting data communications occurring between a first computer system in a computer network and a second computer system in the computer network;
  
  identifying a sub-set of the intercepted data communications as important based on communication ports used in the data communications;
  
  identifying at least a first application on the first computer system by analyzing the important data communications; and
  
  generating a first hypothesis of an operational relationship between the first computer system and the second computer system based on the first application and the communication ports used by the important data communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the important data communications include communications using pre-determined ports.
  - 3. The method of claim 1, wherein communications using pre-determined ports are excluded from the important data communications.
  - 4. The method of claim 1, wherein the first application is identified by determining that communication ports used by the first application in the important data communications match a range of ports used to communicate with a known application.
  - 5. The method of claim 1, wherein the first application is identified by determining that communication ports used by the first application in the important data communications match ports known to be used to establish simultaneous connections with multiple other computer systems in the computing network.
  - 6. The method of claim 1, further comprising:
    - intercepting data communications occurring between applications on the first computer system; and
      
      identifying a second application on the first computer system by;
      
      determining that at least some of the intercepted communications occur between the first application and the second application, anddetermining that a type of the at least some important communications between the first application and the second application matches a known type of communications,wherein the first hypothesis is further based on the identity of the second application.
  - 7. The method of claim 1, wherein analyzing the important data communications includes:
    - determining listening ports used in the important communications;
      
      determining open port ranges used in the important communications;
      
      determining client ports used in the important communications; and
      
      determining ports of the first computer system used to communicate with port ranges of the second computer system.
  - 8. The method of claim 1, wherein analyzing the important data communications includes:
    - determining a network address of the first computer system and the second computer system.
  - 9. The method of claim 1, further comprising building a model of an infrastructure of the computer network using the first hypothesis.
  - 10. The method of claim 1, further comprising:
    - generating a second hypothesis of a second operational relationship between the first computer system and the second computer system based on the first application and the communication ports used by the important data communications; and
      
      enabling a user to select a relationship from at least two generated hypotheses of relationships.

11. A network discovery system, comprising:
- a communication network; and
  
  a plurality of components operatively coupled to the communication network, the plurality of components including a first computer system and a second computer system, and at least one component being a computing device having at least one programmable control device and a storage device operatively coupled to the programmable control device, the storage device having stored therein instructions that, when executed by the programmable control device, cause the computing device to;
  
  intercept data communications occurring between the first computer system and the second computer system,identify a sub-set of the intercepted data communications as important based on communication ports used in the data communications,determine an identity of at least a first application on the first computer system by analyzing the important data communications, andgenerate a first hypothesis of an operational relationship between the first computer system and the second computer system based on the identity of the first application and the communication ports used by the important data communications.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The network discovery system of claim 11, wherein the instructions further include instructions that, when executed by the programmable control device, cause the computing device to identify the first application by determining that communication ports used by the first application in the important data communications match a range of ports used to communicate with a known application.
  - 13. The network discovery system of claim 11, wherein the instructions further include instructions that, when executed by the programmable control device, cause the computing device to identify the first application by determining that communication ports used by the first application in the important data communications match ports known to be used to establish simultaneous connections with multiple other computer systems in the communication network.
  - 14. The network discovery system of claim 11, wherein the instructions further include instructions that, when executed by the programmable control device, cause the computing device to:
    - intercept data communications occurring between applications on the first computer system; and
      
      determine an identity of a second application on the first computer system by;
      
      determining that at least some of the intercepted communications occur between the first application and the second application, anddetermining that a type of the at least some important communications between the first application and the second application matches a known type of communications associated with the identity of the second application,wherein the first hypothesis is further based on the identity of the second application.
  - 15. The network discovery system of claim 11, wherein analyzing the important data communications includes:
    - determining listening ports used in the important communications;
      
      determining open port ranges used in the important communications;
      
      determining client ports used in the important communications; and
      
      determining ports of the first computer system used to communicate with port ranges of the second computer system.
  - 16. The network discovery system of claim 11, wherein analyzing the important data communications includes:
    - determining a network address of the first computer system and the second computer system.
  - 17. The network discovery system of claim 11, wherein the instructions further include instructions that, when executed by the programmable control device, cause the computing device to build a model of an infrastructure of the communication network using the first hypothesis.
  - 18. The network discovery system of claim 11, wherein the instructions further include instructions that, when executed by the programmable control device, cause the computing device to:
    - generate a second hypothesis of a second operational relationship between the first computer system and the second computer system based on the first application and the communication ports used by the important data communications; and
      
      enable a user to select a relationship from at least two generated hypotheses of relationships.

19. A non-transitory computer-readable device comprising instructions stored on the computer-readable device for causing a programmable control device to:
- identify TCP connections between a first computer system in a computer network and a second computer system in the computer network;
  
  identify a set of communications using the TCP connections as important communications based on port information extracted from the communications;
  
  identifying at least a first application on the first computer system by analyzing the important communications; and
  
  generating a first hypothesis of an operational relationship between the first computer system and the second computer system based on the first application and the ports used by the important communications.
- View Dependent Claims (20, 21)
- - 20. The non-transitory computer-readable device of claim 19, wherein identifying the first application on the first computer system includes:
    - determining the port information for a particular data communication occurs in a known range; and
      
      determining that the first computer system and the second computer system are known to host particular application types.
  - 21. The non-transitory computer-readable device of claim 19, wherein identifying the first application on the first computer system includes:
    - determining that at least some of the important communications are made within contiguous port numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BMC Software Incorporated (KKR & Co., Inc.)
Original Assignee
BMC Software Incorporated (KKR & Co., Inc.)
Inventors
Spinelli, Lionel, Chabrier, Jean-Claude, Germain, Pierre
Primary Examiner(s)
Chou, Alan S

Application Number

US14/164,524
Publication Number

US 20140143416A1
Time in Patent Office

1,562 Days
Field of Search

709224
US Class Current
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 41/14   Network analysis or design

H04L 43/0811   by checking connectivity

H04L 43/10   Active monitoring, e.g. hea...

H04L 67/51   Discovery or management the...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Generic discovery for computer networks

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Generic discovery for computer networks

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others