Networks are formed by computers, peripherals, and other types of terminal devices, referred to herein as “nodes,” that are connected together using shared cables and/or radio communication equipment. An example of a well-known network includes a local area network (LAN) that is typically confined to one general location. Wide area networks (WANs) are typically formed over many locations. Large networks, such as the Internet, have become popular for connecting millions of nodes together so that data and information can be shared.
The Open System Interconnection (OSI) Seven-Layer model defines how the architecture of a network is implemented. The Data Link Layer (or simply Link Layer) is the second layer of the OSI Seven-Layer model. A “segment,” as defined herein, refers to a single link in the Data Link Layer in the overall network. Examples of segments include Ethernet switches, dialup links, T1 WAN links, etc. A single segment may be used to connect any number of nodes. For example, a segment may connect anywhere from a couple nodes up to thousands of nodes. Generally, there might be on the order of about 100 nodes connected together by a segment. On a point-to-point network segment, there are only two nodes at the two endpoints of the segment. On an Ethernet segment, however, there can be up to several thousand nodes since an Ethernet segment may consist of multiple Ethernet hubs, switches, and bridges.
Clustered groups of information or data, referred to herein as “frames,” are transmitted across a segment. The source and destination on the segment are usually identified in the layer 2 (Data Link Layer) header. As an example, an Ethernet header contains the addresses of the source and destination of the frame on the Ethernet segment. Frames are routed between different segments by routers based on the destination address in the layer 3 (Network Layer) header. As a frame travels across a network via different segments, information contained within the layer 3 header of the frame is used to route the frame to its destination address. The layer 3 header, e.g., an Internet Protocol (IP) header, indicates the source and destination addresses in the overall network.
In order to perform an analysis of a particular segment of the network, a troubleshooter may utilize a network analyzer. Typical network analyzers decode the characteristics of frames, such as the transmission activity of the frames, through the particular segment under analysis. By passively monitoring the segment, the network analyzer retrieves frames off of the segment. The frames are stored into a frame capture buffer. The frames are then parsed to generate what is known in the art as “decode information,” which includes details (in human-readable form) of the characteristics of each frame travelling through the segment and the movement of the frames from one node to another.
FIG. 1 illustrates a conventional graphical user interface (GUI) 10 showing the decode information that is displayed by a network analyzer. The decode information includes information about the transmission of frames through the segment under analysis. Other characteristics of the frames are also displayed as well including source and destination addresses, the protocol layers within the frame, and relevant information within each protocol layer. Generally, the GUI 10 may include an area divided up into three panes 12, 14, 16, whereby each pane shows the decode information in a particular form. The three panes 12, 14, 16 include, for example, a summary display view 18, a detailed display view 20, and a hexadecimal (hex) display view 22. As can be seen near the top of the GUI 10, one or more of the summary display view 18, detailed display view 20, and hex display view 22 may be selected for display, as indicated by check marks in each of the boxes 24 next to the different display views available. In this example, all three display views have been selected.
The summary display view 18 includes “records,” whereby each record represents one frame. In this example, record numbers 66 through 74 are visible. Each record includes the transmission activity and characteristics of the respective frame. A troubleshooter may view the other records by scrolling up and down the list of records using a well-known vertical scrolling mechanism 25. Each record of the decode information includes the length of the frame (under the heading “Length”), the actual time that the frame transmission was completed (under the heading “Time”), the delta time or difference in time between completion of two subsequent frame transmissions (under the heading “Delta Time”), the frame's source address (under the heading “Src. Address”), destination address (under the heading “Dest. Address”), protocol (under the heading “Protocol”), etc. The summary display view 18 may also be scrolled horizontally using a well-known horizontal scrolling mechanism 26 to view additional decode information not visible within the limited dimensions of pane 12.
From the summary display view 18, a troubleshooter may select a record, as indicated by reference numeral 27, from the list of viewable records to see the detailed information and hexadecimal information of the selected record 27 in the other two panes 14, 16. In this example, the selected record 27 is record number 66. As can be seen in the second and third panes 14, 16 (the detailed display view 20 and hex display view 22, respectively), the selected record number 66 is displayed in a detailed form and a hexadecimal form.
From the information seen on the GUI 10, a troubleshooter may be able to ascertain problems with the analyzed segment of the network. Normally when trying to isolate a problem, a troubleshooter will start at a statistical view, such as a connection statistics view. The troubleshooter may be interested in a number of different attributes, such as, for example, the frames transmitted between two nodes. In another example (not shown in FIG. 1), the statistical view may show that there are 5 frames transmitted from node A to node B and 7 frames transmitted from node B to node A. From this statistical view, if the troubleshooter needs to see the details of the conversation between the two nodes, he would select the connection and “drill and filter” to a decode measurement. The “drill and filter” operation brings up a decode view, which may include the summary display view, showing only the frames that match the source and destination of the connection. By selecting a connection between nodes A and B and executing a drill and filter operation, the troubleshooter is able to bring up the decode view showing only those frames transmitted from node A to node B or from node B to node A.
The drill and filter operation allows a troubleshooter to filter from millions of frames down to just the frames involved in a particular connection. The troubleshooter may also drill and filter according to attributes other than the transmission activity between two nodes. It should be noted, however, that the conventional GUI 10 of FIG. 1 shows the decode information in its raw textual form as detected by the network analyzer, providing all the details of the decode information.
One downside to the conventional network analyzer and the respective display 10 generated therefrom is that the network analyzer may capture about one million frames (or records) from a network segment during a given time interval. Even filtering down to a specific connection may still result in thousands of frames. Therefore, to view the large number of records and detect problems with the network segment, a troubleshooter may be required to sort through an overwhelming amount of information. Furthermore, the textual display of timestamps in the GUI 10 is not easily interpreted. Network transactions involving several nodes may be hard to follow by looking at source and destination addresses. Up until now, the troubleshooter's task has been very tedious and time-consuming. Thus, a need exists in the industry to address the aforementioned deficiencies and inadequacies.