The present invention provides an apparatus and a method for monitoring and interpretation of application protocols for network data transmission systems.
More particularly, the present invention allows a reconstruction of the application communications which occurred within the network portion taken into consideration. Therefore, it becomes possible to reconstruct a tree structure containing statistic information related for example to the data exchanges between a plurality of users of a certain service and the service itself. Such a tree structure containing statistic information allows a certification of the data and of the communication correctness at various layers comprising the application one, as well as the monitoring of possible anomalies and the construction of diagnostical statistics.
Data transmission from a source device to a destination device can occur in different manners. However, to assure a data exchange having the lowest possible chance of errors, it is necessary to adopt a series of rules or control procedures. Said rules or procedures are known as xe2x80x9ccommunication protocolsxe2x80x9d.
A well known communication protocol is the xe2x80x9cOpen System Interconnectionxe2x80x9d (OSI) of the International Standards Organization (ISO). Said protocol is divided into seven layers, shown in FIG. 1. Layer 7 (application) on the source side contains information related to the sole message (M) to be sent to the destination side. The successive layers on the source side add control information to the message:. layer 6 (presentation) divides the data of the original message into blocks (M1 and M2); layer 5 (session) adds a title (S) to indicate the sender, the receiver and some information related to the sequence; layer 4 (transport) adds information (T) related to the logic connection between the sender and the receiver; layer 3 (network) adds information related to the path (N) and divides the message into packets representing the standard communication unit in a network; layer 2 (data link) adds a title portion (B) and a tail portion (E) to the message to assure the correct order of the various packets and to correct transmission errors; the single message bits and control information bits added by the various layers are transmitted on the physical medium through layer 1. The downward pointing arrow F1 on the sender side indicates the manner according to which the outgoing message is constructed. Every addition to the message is verified and removed from the corresponding layer on the destination side. The upward pointing arrow F2 on the destination side indicates the manner according to which the incoming message is reconstructed.
The OSI model schematically described up to this point is just a conceptual model. A typical protocol normally adopted is for example the TCP/IP (Transmission Control Protocol/Internet Protocol). Said protocol, just like other communication protocols adopted, can be explained with reference to the layers structure of the OSI model. In fact, in each of said protocols, a certain source layer will divide the data it receives from an upper layer adding to said data a header and/or a tail and will forward all this to a lower layer. On the destination side the opposite operations will occur.
Therefore, during the present description, reference will be made to the conceptual OSI model for ease of reference; it is to be understood that what it will be described, will be easily suitable for every application protocol with obvious modifications, typical of the relation existing-between each-application protocol and the OSI standard.
Monitoring systems for data transmitted between a sender node and a destination node are already known. However, said systems can only analyze the OSI layers 2 (data link) and 3 (network). The monitoring and the successive interpretation of the data at said layers allow only the monitoring of anomalies in the exchange protocol among the various components of a network data transmission system.
In particular, documents xe2x80x9cThe Network Advisor Analysis and Real-Time Environmentxe2x80x9d and xe2x80x9cNetwork Advisor Protocol Analysis: Decodesxe2x80x9d by Sunil Bhat, Hewlett-Packard Journal, vol. 43 no. 5, Oct. 1, 1992, pages 29-33 and 34-40 respectively, are known. Such documents refer to analysis of the network status, between a source node and a destination node and are directed towards error and/or malfunction monitoring at a protocol level (IP, UDP etc) used by various applications.
Therefore, a typical disadvantage of said prior art systems is their incapability of decoding the application piece of information transported on the network, i.e. the piece of information related to the layers 4 to 7 of the OSI standard.
The present invention overcomes said prior art problem. A first object of the present invention is to allow the reconstruction of the information exchange between the source and the destination node as far as data and time are concerned. The time reconstruction will be allowed by a dating unit. The data reconstruction will be allowed by the comparison with predetermined data representing possible interpretations of the information exchange.
A second object of the present invention is to provide a safe and reliable certification tool of the application sequences on public communication networks, once said sequences are reconstructed.
Another object of the present invention is to monitor and record the possible presence of errors in the applications operating in the communication network wherein the data were monitored and interpreted.
A further object of the present invention is to allow a record for administrative, accounting and safety purposes of the monitored and interpreted data exchange.
The present invention provides an apparatus for monitoring and interpretation of application protocols for network data transmission systems comprising:
a data packets monitoring device at a layer corresponding to the OSI layer 2, said data packets comprising control frames and information frames, wherein the control and information frames contain a header portion and a body portion, said header portion allowing the distinction between an information frame and a control frame;
a control unit receiving as an input the data coming from the monitoring device and comprising means for the discrimination of the control frames from the information frames;
a dating unit connected to the control unit and associating a monitoring time to the control frames and to the information frames;
a discriminated data storing unit, storing the control and the information frames and the monitoring time thereof, bidirectionally connected to the control unit; and
a predetermined data storing unit, bidirectionally connected to the control unit, said predetermined data representing possible interpretations of the information or control frames contained in the discriminated data storing unit and being comparable, by the control unit, with the data contained in the body portion of the information or control frames stored in the discriminated data storing unit, as to allow:
an ordering, according to the time and to the kind of communication, of the body portions of the control and information frames; and
a reconstruction of tree structures containing statistic information according to the kind of communication (multiprotocol reconstruction), for a certification of the communications and a monitoring of possible anomalies.
Furthermore, a method for monitoring and interpretation of application protocols for network data transmission systems is provided, comprising the following steps:
monitoring data packets at a layer corresponding to the OSI layer 2, said data packets comprising control frames and information frames, wherein the control and information frames contain a header portion and a body portion, said header portion allowing the distinction between an information frame and a control frame;
discriminating the control frames from the information frames;
associating a monitoring time to the control frames and information frames;
storing the discriminated control frames and information frames together with their monitoring time; and
storing predetermined data representing possible interpretations of information or control frames, said predetermined data being comparable with the data contained in the body portion of the stored discriminated information or control frames;
ordering the body portions of the control or information frames according to the time and to the kind of communication; and
reconstructing tree structures containing statistic information according to the kind of communication (multiprotocol reconstruction), for a certification of communications and a monitoring of possible anomalies.
Additional features of the present invention are provided in the dependent claims.
Therefore, the apparatus and the method according to the present invention can analyze every layer of the ISO/OSI standard up to the application one as well as similar layers for other standards. In this manner, the reconstruction of the information exchanges occurred in a certain time interval between applications operating in remote processors is made possible.
The apparatus and the method according to the present invention operate in a xe2x80x9ctransparentxe2x80x9d manner, as data transmission between source and destination is not influenced by the monitoring and the successive interpretation of the same data.
The apparatus and the method according to the present invention can also operate on wireless telecommunication networks.