Browse Prior Art Database

Identifying Reoccurring Computer Transactions, Flowing on a TCP/IP Network, where each Reoccurring Transaction's Content are not identical, by using an Enhanced Network Pattern Matching Technique

IP.com Disclosure Number: IPCOM000241774D
Publication Date: 2015-May-30
Document File: 4 page(s) / 73K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to identify and name a Client-initiated computer transaction when the Client’s protocol is not recognized by the Server’s software monitor. The solution incorporates a network sniffer to identify the transaction’s network signature and applies pattern matching techniques to identify specific transactions from among many.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 43% of the total text.

Page 01 of 4

Identifying Reoccurring Computer Transactions, Flowing on a TCP/IP Network, where each Reoccurring Transaction's Content are not identical, by using an Enhanced Network Pattern Matching Technique

In the IT industry there are a number of techniques employed to identify and give name to a computer transaction that originates on a network from a Client and destined to a Server. Transactions typically embed a well known network protocol into their makeup that allows a software monitor to intercept and decode that protocol. For example, a web browser uses the hypertext transfer protocol (HTTP) network protocol and within that protocol is contained the URL address that can be used as the transaction name. Another example would be a DB2 protocol that within contains the structured query language (SQL) statement that can be used as the transaction name.

A problem occurs when the transaction uses a protocol that is not known to the software monitor. In this case, a transaction name cannot be determined and this accounts for many of the transactions used by corporate customers. When a transaction name cannot be determined, the value of the software monitor is diminished to such an extent that a corporate customer finds little value in its use.

Disclosed is a solution that allows a transaction name to be determined even if a transaction protocol is not known to the software monitor.

The core principle of this invention is broken up into two parts. The first part is about learning the network signature of the flowing transaction by sniffing the network traffic between a Client and Server and recording the content of the transactions payload over several occurrences of the transaction. The second part is about monitoring transaction flows, after the learning has been completed, and picking out and identifying the specific transaction, from a vast number of dissimilar transactions, based on various and unique pattern matching techniques. Since a transaction can reoccur several times, with slightly different payloads (due to different transaction parameters) the pattern matching technique is key to the overall invention.

This invention employs a well known and publically available technology called a Network Sniffer that is available through many vendors as well as for free over the Internet. The sniffer is a monitor that is able to see network payload as it flows between two points on a network. Network payload is defined as the data bytes that flow between two network devices that typically contain protocol and other information about a transaction. By configuring a network switch, a specific Transmission Control Protocol/Internet Protocol (TCP/IP) and Port address can be forwarded to the sniffer, filtering only the transactions from a specific client or device. This reduces the amount of comparisons required by this invention and helps control software performance. For example, using a sniffer between a laptop and a server, the protocol for...