Networks can include multiple network devices such as routers, switches, hubs, servers, client computers (e.g., desktop PCs, laptops, workstations), and peripheral devices networked together across a local area network (LAN) and/or a wide area network (WAN). In such networks, data is typically exchanged between a requesting device, such as a client, and a responding device, such as a server. These data exchanges may involve large amounts of traffic.
Today, network technicians may want to analyze network traffic. Because the computer networking environments are very complex and the amount of data exchanged is very large, the network technician may be interested in analyzing only selected traffic between clients and servers, and in particular situations only between specific client/server sets. Such analysis is often done using network monitoring and analyzing devices that are positioned in the network near the client and the server. Using the monitoring device, the network traffic may be observed and a determination may be made as to the client, the server and the protocol, and if the observed traffic is of the desired type and represents client/server traffic within a group of interest to the technician, the traffic or information about the traffic is passed on for further processing or analysis.
Network technicians often want to analyze network traffic to determine where application bottlenecks are occurring. For example, a network technician may want to locate the cause of a slow down in the performance of an application, such as a browser, by monitoring the traffic and determining the time associated with each the client, network and server to complete certain transactions. Such information may enable the technician to isolate where the slow down is occurring and thus be able to take a more informed approach to fixing the problem.
For purposes herein, the network time includes the time necessary to transfer the data through the network between a client and the server, the server time includes the time spent at the server processing a request that was received from the client and generating a response thereto, and the client time includes the time spent by the application at the client generating such requests, processing the results, and waiting to generate a further request. For example, if a person is using a browser and wants to go to a particular website, the browser sends a request to a web server. The web server is going to process that request and send back data to the browser in order to generate a display in the browser. The time necessary to display the page in the browser refers to the client time, while the time spent at the server processing the request is referred to as the server time. If the time between generating requests and subsequently receiving a response and thereafter displaying such a webpage becomes slow, some network technicians will perform a trouble shooting operation to determine where the slow down is occurring in the network. That is, the network technicians would determine whether the server is slow, the network is too congested, or the client is operating too slowly.
Historically, in order to determine the server time, the client time and the network time, two separate sets of monitoring devices were required at both ends of a network segment to monitor the traffic between the client and the server. In other words, a monitoring device was required in proximity to the client on one end of the segment and another monitoring device in proximity to the server was required at the other end of the segment and were used to collect data by which the network technicians could determine where the slow downs were occurring.
It is often very difficult for individual companies wishing to perform such monitoring to have resources at both ends of the segment. It would be beneficial if a company wishing to perform such monitoring were able to determine network time, server time and client time from only one end of the segment.