Networks can include multiple network devices such as routers, switches, hubs, servers, client computers (e.g., desktop PCs, laptops, workstations), and peripheral devices networked together across a local area network (LAN) and/or a wide area network (WAN). In such networks, data is typically exchanged between a requesting device, such as a client, and a responding device, such as a server. These data exchanges may involve large amounts of traffic.
Today, network technicians may want to analyze network traffic. Because the computer networking environments are very complex and the amount of data exchanged is very large, the network technician may be interested in analyzing only selected traffic between clients and servers, and in particular situations only between specific client/server sets. Such analysis is often done using network monitoring and analyzing devices that are positioned in the network near the client and the server. Using the monitoring device, the network traffic may be observed and a determination may be made as to the client, the server and the protocol, and if the observed traffic is of the desired type and represents client/server traffic within a group of interest to the technician, the traffic or information about the traffic is passed on for further processing or analysis.
Network technicians often want to analyze network traffic to determine where application bottlenecks are occurring. For example, a network technician may want to locate the cause of a slow down in the performance of an application, such as a browser, by monitoring the traffic and determining the time associated with each the client, network and server to complete certain transactions. Such information may enable the technician to isolate where the slow down is occurring and thus be able to take a more informed approach to fixing the problem.
One problem with analyzing network traffic is that network conditions can change and cause an excessive amount of network data to be transmitted. When the network data rate is increased and causes excessive network data rates, an application performance monitoring system can be forced to perform incomplete comprehensive analysis because there are data gaps for seemingly arbitrary periods of time. Data gaps refers to missing data (e.g., stats, analysis, etc.). Thus, the resulting network traffic analysis could produce incorrect results because all the data is analyzed in time without causing delay in the transport of the network data traffic.