The present invention relates to the field of application analyzers for computer networks. More specifically, the present invention relates to a system and method for decoding packets in a packet stream, to identify the applications generating the packet stream, the transactions of the application, and the parameters of the transactions in real time, at high speeds in the order of Gigabits/sec.
The growing popularity of computer networks such as the Internet has resulted in a large number of applications being deployed on such networks. These applications generate network traffic, which have various Quality of Service (QoS) requirements depending on the nature of the application. That is to say, while applications like Simple Mail Transfer Protocol (SMTP) and Hyper Text Transfer Protocol (HTTP) are sensitive to loss, other applications like Voice over Internet Protocol (VoIP) are sensitive to delay. Similarly, while applications like real-time video conferencing generate high priority traffic that require a minimum guaranteed bandwidth, those like File Transfer Protocol (FTP) generate small bursts of low priority traffic that do not require a minimum guaranteed bandwidth.
To ensure that these varying traffic requirements are met, it is essential for network administrators to have a means to identify the traffic based on the application generating it.
For this purpose, network administrators deploy protocol/application analyzers to identify application traffic. These are devices that capture and decode traffic flowing through the network, and identify the applications generating this traffic. They also provide information about the transactions of an application. For example, analyzers can identify that an HTTP application has transactions like HTTP_GET (fetching an HTML page) and HTTP_PUT (sending data to an HTML page), by analyzing application traffic.
Typical analyzer implementations do not adopt a generic approach to identify application traffic. The application identification algorithm is hard-coded into the analyzer, and decoding newer application traffic requires upgradation of the algorithm. Some implementations do adopt a generic approach, but these are limited to decoding each individual packet of a packet stream independently. Such implementations are therefore slow, and are unable to extract/associate the decoded knowledge across multiple packets, when seen as a stream.