Today's computing networks carry vast amounts of data traffic. This traffic may be associated with applications that use specific data protocols for communications. For example, web browser applications use the Hyper Text Transfer Protocol (HTTP), while a telnet application uses the telnet protocol. The number of applications and their associated protocols is ever increasing, as more and more capabilities become available on computing networks.
In order to manage the traffic on the network, network operators typically require an understanding of the nature of the traffic that is traversing the network. For example, the network operator may wish to determine which applications are using inordinate amounts of the network bandwidth, such that the bandwidth utilized by those applications can be managed. A first step in understanding the nature of the traffic on the network is identification of the applications and their associated protocols that are using the network.
One mechanism for identifying the traffic on the network is to examine the packet headers of the data packets that are traversing the network. For example, HTTP traffic typically uses the well known port 80. A network operator may monitor the data packets traversing the network destined for port 80 and consider that traffic to be HTTP traffic. Many other common applications use a well known port and can be identified through that well known port.
Another mechanism that may be used to identify applications and their associated protocols is the use of an application decoder. An application decoder is essentially a piece of software or hardware that is programmed to behave just as the application would. For example, a stream of data packets could be sent to an HTTP application decoder. The decoder would monitor the contents of the received packets, and if those packets matched the HTTP protocol, it could be determined that the stream of data packets is web traffic. If the contents of the data packets do not match the HTTP protocol, then the traffic is some other type of traffic.