This invention relates to the field of network application performance analysis, and in particular to a method and system that facilitates managing network traffic data that is recorded at a variety of sources.
As corporate IT infrastructures continue to grow and become more complex, so does the task of supporting the mix of applications and the networks they run on. There are a variety of problems that can affect the performance of a network application. To start with, the application may not have been engineered to handle certain network conditions. Additionally, dropped packets, excessive delays, and other network errors can cause the application to run slowly or improperly. In some scenarios, there may be hundreds or even thousands of users working with a network-intensive application. Problems with the network can then lead to a serious decrease in productivity as well as a major increase in costs. Accordingly, the industry could benefit from both proactive and reactive approaches for addressing network application performance issues.
Many of the prior art approaches for addressing network application performances issues involve the use of capture agents. A capture agent is a network monitoring tool, commonly referred to as a “sniffer” or “protocol analyzer”, that is used to capture network traffic data. Multiple capture agents can be placed at various points within a network and are configured to monitor the traffic flowing through those points. The captured data can then be analyzed by application developers or expert troubleshooters to improve an application's performance or resolve network or application problems. In some scenarios, however, there may be hundreds or even thousands of capture agents in a network. The task of determining which agents are best associated with a particular application or problem can thus be very cumbersome. The present invention addresses this issue by employing a centrally located capture server that manages the potentially large number of capture agents and provides an array of capture management services.
Some of the capture management services provided by the capture server are configured to improve upon prior art troubleshooting techniques. For example, larger organizations such as corporations, governments, and universities traditionally employ teams of troubleshooters that are tasked with maintaining the integrity of the internal network and its devices. When problems occur, the users typically communicate with the troubleshooters via web-based trouble ticketing systems, which provide services for reporting the details associated with the problems. Such details might include the application with which a user is experiencing a problem and the time at which the problem occurred. These details make up a trouble ticket, which then serves as a primary source for determining an appropriate resolution to the problem. A fundamental drawback to this approach is that the user may know little more about the problem than the simple fact that there is one. Accordingly, the trouble ticket will only reflect the symptoms experienced by the user, and not the network conditions associated with the problem at hand. One objective of the present invention is to automatically identify the captured network traffic data that is associated with a reported problem and to make that data accessible for analysis to anyone investigating the problem.
Some other capture management services provided by the capture server are configured to improve upon prior art network application development techniques. In an ideal world, application developers would have the knowledge, time, and resources to adequately test their software in a variety of network environmental conditions. The real world, however, doesn't offer the necessary time and resources for this degree of testing. Application developers must instead rely upon simulations that can quickly determine how an application will perform in different network environments. These simulations require a baseline set of network traffic data that is captured while running the application in a live network. As the size and complexity of a network increases, so does the task of gathering the relevant network traffic data. The developer must first identify and/or configure the one or more capture agents that are associated with the application under development. Then the developer must coordinate the capturing of network traffic data with the execution of the application. Finally, the relevant traffic data must be extracted from each of the capture agents, downloaded to the developer's workstation, and loaded into the simulation software. Another objective of the present invention is to automate the tasks of identifying the capture agents associated with a particular application, coordinating the capturing of network traffic data, and extracting the relevant data for analysis.
The aforementioned objectives and others are achieved by a system and method for managing captured network traffic data. The invention comprises a plurality of capture agents, each being configured to capture the network traffic associated with one or more applications. Each application is associated with one or more capture agents according to an application profile that is stored and maintained in a capture server. When analysis of an application's network traffic is required, the capture server contacts the corresponding capture agents according to the application profile. The capture server then effects the identification and archiving of the network traffic that corresponds to a user-defined capture condition. A database at the capture server maintains a record that associates the corresponding network traffic with the user-defined capture condition such that the corresponding network traffic can later be retrieved and analyzed using an analysis engine.
Throughout the drawings, the same reference numerals indicate similar or corresponding features or functions. The drawings are included for illustrative purposes and are not intended to limit the scope of the invention.