Computing devices, or computers, evolved from stand alone devices for performing calculations and word processing functions only for the user to widely connected devices for communicating with other computers connected to a network. Early computers had proprietary communication systems, which could only communicate with computers using the same communication system. As computers became more widely used it became necessary to communicate with a wider circle of computers. Such communication made it necessary to standardize the protocol by which computers communicated with each other. The Open System Interconnect (OSI) model was developed to standardize communication of computers over a network, where different equipment and different applications from different vendors could be used. The OSI model divides the computer communication process into seven layers from a lowest abstraction level to a highest abstraction level as follows: (1) a physical layer, (2) a data link layer, (3) a network layer, (4) a transport layer, (5) a session layer, (6) a presentation layer, and (7) an application layer.
The seven layers divide the task of moving information from one computer to another over a network into seven smaller, more manageable tasks. Each task associated with computer communication is assigned to one of the seven OSI layers. Each task performed by a layer is self-contained so that it can be implemented independent of any other layer. This allows the different layers to be updated without adversely affecting the operation of any other layer.
The physical layer defines the physical means of sending data over the network. The physical layer defines how data is to be transmitted in machine-readable format.
The data link layer defines procedures for operating communication links, framing data packets, and detecting and correcting transmission errors in packets.
The network layer defines how data are to be transferred between network devices, how packets are to be routed, and how to control flow and prevent congestion of the network.
The transport layer defines how the end-to-end delivery of data in a network is to be managed.
The session layer defines how sessions and dialogues between network devices are to be managed and how establishment and termination of logic links between users are to be controlled.
The presentation layer defines how to mask differences between data formats of dissimilar systems, defines an architecture-independent data transfer format, and defines how to encode and decode data (e. g., encrypt/decrypt, compress/decompress).
The application layer defines an interface to user processes for communication and data transfer in the network, and provides standardized services such as virtual terminal, file, and job transfer and operations.
The OSI architecture includes seven layers: physical layer, a data link layer, a network layer, a transport layer, a session layer, a presentation layer, and an application layer. The layers work together to effect communication from one computer to another, but at different levels of abstraction from the highest level (i.e., the application layer in which human-readable communication such as electronic mail, or email, is transmitted) to the lowest level (i.e., the physical layer in which a machine-readable version of the human-readable communication is transmitted to an intended computer). The layers between the highest layer and the lowest layer (i. e., the presentation layer, the session layer, the transport layer, the network layer, and the data link layer) each convert the output of the next higher layer to effect the eventual conversion of the human-readable communication to machine-readable and machine-transportable format. The intended computer reverses the application of these layers to convert the machine-readable communication to the human-readable communication.
The transport layer, the session layer, the presentation layer, and the application layer deal with communication between the source computer and the destination computer. The physical layer, the data link layer, and the network layer deal with communications between network devices.
A topic of concern to many computer users is the time that it takes for computer communication to occur. A unit of measure of computer communication performance is latency. A message is typically transmitted in packet form over a computer network (i.e., a message is distributed amongst a number of packets, each packet is transmitted over the computer network, and the receiver reconstructs the message by putting the packets back together). Latency of a transmitted packet is defined as the amount of time from the time that a packet is sent by a source computer to a destination computer and the time that a reply message, commonly referred to as an acknowledgement message, is received by the source computer indicating that the packet was received by the destination computer.
Another topic of concern is determining if a message received was sent via an intermediary, or “stepping stone,” computer. Hackers often disguise their identity by using intermediary computers that they have compromised. Tracing a message through intermediary computers to determine its true origin can be difficult. Therefore, there is a need for a method of determining if an intermediary computer was used to send a message.
In an article entitled “Holding Intruders Accountable on the Internet,” Stuart Staniford-Chen and L. Todd Herberlein disclose a method of tracing intruders into a computer system by computing summaries (i.e., checksums) of the message content of each connection to a computer, comparing the summaries, and determining that two connections concern the same intruder if the summaries are sufficiently similar. The present method does not rely on the connection contents of a message as does this article.
In an article entitled “Detecting Stepping Stones,” Yin Zhang and Vern Paxson disclose a method of detecting intermediary computers without using message content. The authors say that methods of detecting intermediary computers using message content are easily avoided by encrypting the message content. Instead, the authors propose a method of detecting intermediary computers by recording the ON and OFF periods of communications between computers, where an ON period is defined as the time between when a non-empty packet is sent and when communication is considered in an OFF period, and where an OFF period is defined as when there is no data traffic on a flow for more than a user-definable period of time. The present method does not rely on ON and OFF periods.
In an article entitled “Finding a Connection Chain for Tracing Intruders,” Kunikazu Yoda and Hiroaki Etoh disclose a method of finding a connection chain of intermediary computers that an intruder may have used to hide his identity before breaking into his target computer. The authors disclose a method of tracing intruders that requires recording timestamps of packets at many places on the Internet. The present method does not require the recording of timestamps at many places on the Internet.
U.S. Pat. No. 6,560,648, entitled “METHOD AND APPARATUS FOR NETWORK LATENCY PERFORMANCE MEASUREMENT,” discloses a device for and method of measuring latency of a computer network by using a known method of measuring latency, called a PING, and using a new method of measuring latency, called an Extended PING. The present invention does not require the use of an Extended PING as does U.S. Pat. No. 6,560,648. U.S. Pat. No. 6,560,648 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 6,601,098, entitled “TECHNIQUE FOR MEASURING ROUNDTRIP LATENCY TO COMPUTING DEVICES REQUIRING NO CLIENTSIDE PROXY PRESENCE,” discloses a device for and method of measuring latency by recording a first timestamp after a first request for a first Uniform Resource Locator (URL) is received, sending a code for moving a page temporarily for the URL, recording a second timestamp after receiving a second request concerning the URL, and using the difference of the two timestamps as the latency. The present invention does not send a code for moving a page temporarily for a URL as does U.S. Pat. No. 6,601,098. U.S. Pat. No. 6,601,098 is hereby incorporated by reference into the specification of the present invention.