1. Field of Invention
The present invention relates generally to the field of network management software products, and more particularly, to the field of user interfaces for network protocol analyzers.
2. Background of the Invention
As computer networking has exploded throughout the past decade, network protocol analyzers have become useful software products for capturing, analyzing and displaying information about packets that are transmitted over a network. A protocol analyzer typically has the capability to promiscuously capture packets (frames) generated by other stations (nodes) on the network, decode each packet into a meaningful description, and then display lists of these packets in the sequence in which they were captured from the network. The data that can be displayed with each frame typically includes:
a time at which the packet was captured, relative to some reference time, such as the time for one of the packets, where the time is either determined from a system clock, or the delta time between successive packets; PA1 a length of the packet, in bytes; PA1 one or more source node addresses, at one or more protocol layers (e.g. a TCP/IP packet on an ethernet would have both an ethernet and IP address of the source station); PA1 one or more destination node addresses, again optionally at multiple protocol layers; and PA1 a set of protocol decodes, preferably at each layer that the protocol analyzer is capable of decoding.
In conventional network analyzers, this information for a packet trace is displayed to the user in a packet trace table. FIG. 1 illustrates a conventional packet trace table. The table includes a sequential list of packets, one packet per row, with columns for time, source and destination addresses, length, and the protocol decodes. The table is quite understandable to a network professional who understands the protocols and is tasked with solving network protocol and network device problems.
The maturation and standardization of networking protocols as well as the availability of cheaper, more powerful desktop, laptop and server computers has facilitated the migration from mainframe applications to distributed applications. As distributed applications are developed and deployed there is often the need to understand their network behavior.
Cases where an application's network behavior must be understood include troubleshooting poor performance of the application, determining how the application can be "tuned" to improve response time or increase network efficiency, and profiling the application to determine its impact on the network. A protocol analyzer is used in these situations because of its ability to capture and display the packets that the application sends over the network. However, the packet trace table displayed by conventional protocol analyzers makes it difficult to understand the overall traffic patterns over time.
For example, troubleshooting slow response time of an application may be difficult with a packet trace display. The significant delays in the sequence are not easily located. The user must scroll through the entire table, which may contain thousands or tens of thousands of rows, searching for a large time gap between a pair of adjacent packets. Tuning an application to improve its response time is difficult with a packet trace table for a similar reason, however in this case the additive effect of a number of smaller gaps is what is being identified. Often the resulting analysis is a tedious and time consuming manual identification and addition of the gaps.
Tuning an application to increase its network efficiency is also cumbersome when a packet trace table is displayed as a sequential list of packets. Particularly in multi-tier applications (applications where the client communicates with one server, which in turn communicates with another server, and so on) and multi-server applications (where the client communicates with multiple servers) it is difficult to quickly understand the source and destination of a packet.
Accordingly, it is desirable to provide a user interface for a protocol analyzer that makes the display of time based behavior of network packet traffic easy to understand, and thereby supports improved analysis of such behaviors.