Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2001-09-28
2004-06-29
Burgess, Glenton B. (Department: 2153)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C709S223000, C714S004110, C345S215000, C370S242000, C370S252000
Reexamination Certificate
active
06757727
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to network analyzers, and more particularly to filtering and analyzing network communications utilizing a network analyzer.
BACKGROUND OF THE INVENTION
Open Systems Interconnection (OSI) (a.k.a. ISO) is a standard description for how messages are transmitted between any two points on a network. The purpose of the description is to guide designers of products so that such products will consistently work with other products. The reference model defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many if not most products involved in telecommunications use the OSI model.
By this design, the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of related functions. Each communicating user is at a computer equipped with these seven layers of function. In a given message between users, there is a flow of data through each layer in a transmitting computer at one end and, at the other end, when the message arrives, another flow of data through the layers in a receiving computer. The actual programming and hardware that furnishes these seven layers of function is usually a combination of the computer operating system, applications (such as a Web browser), TCP/IP or alternative transport and network protocols, and the software and hardware that enable one to put a signal on one of the lines attached to a computer.
Prior art
FIG. 1
illustrates the seven OSI standard layers
10
. As shown, the OSI reference model defines seven layers of functions that take place at each end of a communication.
The layers may be categorized in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers (up to the “network layer” i.e. Layer 3) are used when any message passes through the host computer. Messages intended for the host computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers, but rather forwarded to another host. Table 1 sets forth the seven layers, and a short description thereof.
TABLE 1
Layer 7: The application layer - This is the layer at which
communication partners are identified, quality of service is identified,
user authentication and privacy are considered, and any constraints on
data syntax are identified.
Layer 6: The presentation layer - This is a layer, usually part of an
operating system, that converts incoming and outgoing data from one
presentation format to another (for example, from a text stream into a
popup window with the newly arrived text). It is sometimes called the
syntax layer.
Layer 5: The session layer - This layer sets up, coordinates, and
terminates conversations, exchanges, and dialogs between the
applications at each end. It deals with session and connection
coordination.
Layer 4: The transport layer - This layer manages the end-to-end
control and error-checking. It ensures complete data transfer.
Layer 3: The network layer - This layer handles the routing of the data.
The network layer performs routing and forwarding.
Layer 2: The data-link layer - This layer provides synchronization for
the physical level and does bit-stuffing for strings of 1's in excess of 5. It
furnishes transmission protocol knowledge and management.
Layer 1: The physical layer - This layer conveys the bit stream through
the network at the electrical and mechanical level. It provides the
hardware means of sending and receiving data on a carrier.
Network assessment tools referred to as “analyzers” are often relied upon to analyze networks communications at each of the foregoing layers. One example of such analyzers is the SNIFFER ANALYZER™ device manufactured by NETWORK ASSOCIATES, INC™. All analyzers have similar objectives such as determining why network performance is slow, understanding the specifics about excessive traffic, and/or gaining visibility into various parts of the network.
The SNIFFER ANALYZER™ device analyzes many layers of network protocols. Although the user can provide some amount of filtering to focus in on a particular problem at hand, the creation of such filters is complicated and does not adapt to the problems detected in the network. This causes more analysis to be provided than needed to detect and solve the network problems, which translates into a greater need for memory and CPU cycles (bandwidth) to provide such processing. Moreover, since the analyzer system processes network communications from the bottom layers to the top layers, the analysis must traverse many layers and encounter an enormous amount of processing.
The end result is that the analysis system may not be able to keep up with the analysis, and is forced to ignore what could be relevant network conversations due to bandwidth starvation. In addition, due to the lack of precision filtering capability, more conversations than required result in unneeded analysis, which in turn starves the analysis system of resources.
There is thus a need for technique of more efficiently analyzing network communications, while still focusing on the correct network communications.
DISCLOSURE OF THE INVENTION
A system, method and computer program product are provided for filtering communications over a network. Initially, a user is allowed to select from a plurality of network communication protocol layers associated with communications over a network. This may be accomplished in any manner such as allowing the user to select from the layers themselves, various faults that are inherent to certain layers, etc. An adaptive filter is then generated which is capable of collecting communications only involving the selected network communication protocol layers based on the user selection. Such adaptive filter is then used to collect the communications involving the selected network communication protocol layers. Further, an analysis process is executed for analyzing information at the selected network communication protocol layers of the collected communications for the detection of faults therein.
In one embodiment, the user may be allowed to select from a plurality of faults associated with the communications over the network. Further, a probe may be generated for analyzing the collected communications for the selected faults. It should be noted that the collected communications are then analyzed only for the selected faults utilizing a plurality of the probes which are capable of being utilized by the analysis process. Moreover, the adaptive filter may be stored for use at a later time.
As an option, the user may be allowed to select the network communication protocol layers and the faults utilizing a graphical user interface. Such graphical user interface may be adapted for allowing a user to select from a plurality of network communication protocol layers associated with the communications over the network. Further, the graphical user interface may be adapted for allowing the user to select from a plurality of faults associated with the communications over the network. In use, the adaptive filter and the probe are capable of being constructed based on the user selections.
During the analysis process, it may be determined that a problem exists at a lower one of the network communication protocol layers. If such problem exists, an additional analysis process may be initiated for analyzing information at the lower network communication protocol layer of the collected communications for the detection of faults.
Still yet, an additional adaptive filter may be generated. Such additional adaptive filters may be used to collect the communications associated with the lower network communication protocol layer for analysis by the additional analysis process. In a similar manner, an additional probe may be generated for analyzing the collected communications for faults associated with the lower network communication protocol layer
Burgess Glenton B.
Edelman Bradley
Hamaty Christopher J.
Networks Associates Technology Inc.
Silicon Valley IP Group PC
LandOfFree
Top-down network analysis system and method with adaptive... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Top-down network analysis system and method with adaptive..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Top-down network analysis system and method with adaptive... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3305322