The present invention relates to network analyzers, and more particularly to decoding network communications utilizing a network analyzer.
Network assessment tools referred to as xe2x80x9canalyzersxe2x80x9d are often relied upon to analyze networks communications at a plurality of layers. One example of such analyzers is the Sniffer(copyright) device manufactured by Network Associates(copyright), Inc. Analyzers have similar objectives such as determining why network performance is slow, understanding the specifics about excessive traffic, and/or gaining visibility into various parts of the network.
In use, network analyzers often take the form of a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently. A network analyzer can also be used legitimately or illegitimately to capture data being transmitted on a network. For example, a network router reads every packet of data passed to it, determining whether it is intended for a destination within the router""s network or whether it should be passed further along the Internet. A router with a network analyzer, however, may be able to read the data in the packet as well as the source and destination addresses. It should be noted that network analyzers may also analyze data other than network traffic. For example, a database could be analyzed for certain kinds of duplication, etc.
Prior Art FIG. 1A illustrates an exemplary architecture 10 showing the use of a network analyzer. In particular, the present example shows the use of a network analyzer in the context of a network using a simple network management protocol (SNMP). As shown, at least one console 12 communicates with a plurality of agents 14 using SNMP.
Coupled to at least one network segment between the console 12 and the agents 14 is a network analyzer 16. In addition to the various network analyzer functionality set forth hereinabove, one particular use of such network analyzer 16 is to decode frames that are communicated between the console 12 and the agents 14 for troubleshooting, etc. Decoding is a well known technique used by network analyzers for understanding the frames of communication.
As frames are decoded by the network analyzer 16 data is stored in a buffer xe2x80x9cobject.xe2x80x9d In the context of the present description, an object may refer to a buffer, memory, a table or any other set of data that is associated with a specific component of a communication protocol. Often, such objects include a hierarchical tree structure. Prior Art FIG. 1B illustrates an exemplary hierarchical tree structure 20 of objects 22.
In order to accomplish this decoding, the network analyzer 16 is equipped with access to at least one management information base (MIB) 18. MIBs 18 are well known data structures that are traditionally compiled in order to generate software programs used by the network analyzer 16 to decode particular objects. Conventionally, different MIBs 18 are provided for decoding different objects.
Prior Art FIG. 1C illustrates a graphical user interface 30 showing a plurality of objects 32 that are displayed as a result of a decode. As shown, associated with each of such objects 32 are numerical identifiers 34 which identify each of the objects resulting from the decoding. Unfortunately, it is difficult to analyze network traffic represented by such objects using the numerical identifiers 34, since they do not provide any intuitive information. In fact, such numerical identifiers 34 must often be manually deciphered in order to gain a true understanding of the decoded frames.
There is thus a need for a technique of gaining an automatic, intuitive understanding of decoded objects outputted as a result of a network analysis.
A system, method and computer program product are provided for translating protocol decode objects. Initially, a plurality of frames is received. Next, the frames are decoded in order to generate protocol decode objects each with a numerical identifier associated therewith. Still yet, the numerical identifier is translated to a textual identifier. The textual identifier associated with the protocol decode objects are then displayed for facilitating the use of the protocol decode objects during network analysis.
In one embodiment, the protocol may include SNMP (ASN.1). Further, the numerical identifier is translated to a textual identifier utilizing a map. To generate such map, a list of management information bases (MIBs) is initially received from a user. Such MIBs may include a hierarchical structure. Next, the list of MIBs is compiled in order to generate a map. Further, a decoder is loaded with the map so that the numerical identifier may be translated to the textual identifier utilizing the map during the decoding.
As an option, the map may include a look-up table. In particular, the map may include a list of the numerical identifiers each with an associated textual identifier. Further, the textual identifier may include alphanumeric text descriptive of the protocol decode objects.