Modern enterprise infrastructures typically consist of multiple packet-based networks linked together by a variety of network devices such as routers and firewalls. Network data packets originating from an application source often span multiple subnets and pass through multiple network devices. These traversals cause changes in the appearance of the data packets en route. For example, in an Internet Protocol (IP) based network, a data packet includes source and destination Media Access Control (MAC) and IP addresses, which are altered in transit by intermediate routing devices, as well as by Network Address Translation (NAT), Port Address Translation (PAT) and proxy firewall devices.
These address changes do not necessarily occur in a uniform way. For example, dynamic routing, necessary to provide resilience within large networks, can result in a sequence of packets destined for the same endpoint traversing different routes through the network. The packets may therefore be subject to different address translations.
However, efficient support of an application in a distributed environment requires knowledge of the precise appearance of an application's data flow at all points in a network. Simply knowing the source and destination IP addresses and Transport Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination ports is insufficient, as faults may lie in intermediate subnets.
To complicate matters further, many business networks have grown rapidly, often by acquisition. During these expansions, knowledge of application interactions is lost, typically through the loss of the original application development and support teams. In many cases, the full range of applications in use within an organisation is not known.