Service providers and enterprises have historically managed their networks by collecting information about data traffic at various points in the network and generating measures of network performance which can be evaluated and used for planning, establishing compliance, troubleshooting, and taking corrective action. Data relating to performance may be aggregated and presented according to certain time frames, applications, sites, devices (e.g., by host), and/or sessions between specific devices to provide the network administrator with insight into the nature and source of problems.
One aspect of network performance management is the capability to generate alerts or alarms when problem conditions develop. Unfortunately, many current monitoring systems and techniques provide information at a relatively high level and are not capable of detecting problems that become evident only by analyzing data traffic at a more granular level. It would be desirable to enhance network monitoring capabilities by providing visibility into patterns of operation and usage within networks that reveal information about individual hosts and applications.