1. The Field of the Invention
This invention relates generally to the field of filtering and searching routines for use in a computer network. In particular, embodiments of the present invention relate to an integrated programmable filtering and searching system for captured network data traffic.
2. The Relevant Technology
Data networks have become very common systems for efficiently transferring data and sharing resources among computer devices. By utilizing a data network, a hundred computers can have access to a large volume of data that cannot fit into the storage devices on any one of the individual computers. In addition, the various computers within the network can exchange data with one another to efficiently capitalize on other network resources such as output devices, human interface devices, high speed internet connections, communication devices, etc. Therefore, data networks are extremely important in maximizing resources among multiple computers.
Data networks generally operate by sending data throughout the network, with individual data packets or frames containing a destination address identifying the device that is to receive the data. Individual devices on the network are capable of identifying the data packets that are addressed to them. In order to effectively monitor the operation and efficiency of the various devices within a data network and the network communication between them, there have been developed various network analyzers that capture a portion of the network traffic, analyze the captured network traffic, and identify problems associated with the traffic.
Generally, monitoring devices such as this perform various filtering and searching routines to speed up the process of analyzing the data. Existing filtering/searching systems are generally either hardware or software based. The hardware based systems usually have some form of digital circuitry that performs the filtering and searching routines before the data is passed on to a processor. The existing hardware based systems are undesirable because of their inability to efficiently adapt to different filtering and searching criteria that may be necessary, since these existing hardware systems utilize permanent digital circuitry. The software based systems rely entirely on some form of processor to filter, search and then analyze all of the data. The main disadvantage of the software based systems is that they are relatively slow and it is necessary to utilize a large amount of processing resources to go through the captured data buffer. In addition, software based systems generally require that the data from the data buffer be transferred between multiple locations before it can finally be filtered, searched and processed within a computer processor. Furthermore, analytical instruments operate on the captured network traffic, which is often hard to analyze quickly because it must be decoded every time a search or filtering operation is applied to a volume of captured data.
Data networks have become increasingly faster with the advent of optical data transfer, in which a large amount of data is carried on individual optical fibers. A single port associated with a network analyzer can generate a capture of several hundred megabytes of data. Multi-port analyzers generate gigabytes of captured data. Indeed, it has been common to experience software-based processing and analysis times in the range of one-half hour for each volume of captured data, which limits the usability of such network analyzers.
Other attempts have been made to perform filtering of data using hardware devices other than a host CPU. However, these filtering processes fail to adequately enhance the efficiency of the filtering and searching of network data, since these filtering processes using hardware cannot be programmed as CPUs can be programmed, and are also applied directly to the captured data.
In general, it is desirable for a data searching and filtering system to be versatile with regards to the types of data and protocol that can be processed. As explained above, there is a need for an efficient integrated programmable data searching and filtering system that is capable of processing data within a network. In addition, the data searching and filtering system should be able to manage the flow of any of a number of types of data and protocols.