Abstract: The invention concerns a method for identifying a protocol of a data stream exchanged between two entities of a telecommunication network, the processing method comprising the following steps: on receiving data of the data stream, grammatical parsing of said data stream in order to identify a protocol of the data stream; in the event of failure to identify the protocol of the data stream by grammatical parsing, consulting a signature engine mapping protocols with corresponding signatures, and sequentially applying signatures to the data flow in order to identify a data stream protocol.

Abstract: The invention relates to a method for processing a data stream exchanged between a client and an entity via a telecommunications network, the data stream including a set of data packets, the processing method including the following steps: upon intercepting (201) a data packet belonging to a data stream—the data stream including a source and a recipient, the client being the source or the recipient of the data stream—copying (204) the data packet and transferring (205) the data packet to the recipient; transmitting said copy to a stream analyser capable of analyzing the data stream; receiving (206) a data stream analysis result from the stream analyser; and processing (207; 208) the data stream in accordance with the receiver analysis result.

Abstract: In a phase of configuration, a state machine is constructed with states and transitions configured according to at least one type of data to be extracted from a data stream travelling around an IP network. The transitions between states are activated by conditions defined as a function of rules of organization of the data of the stream according to an application layer protocol. One or more states are moreover selected for the extraction of data from the stream. Thereafter, in a phase of real-time analysis of the stream, the stream data arising from IP packets travelling successively around the network are observed. When the state machine is in a current state, a search is conducted as to whether a condition of activation of a transition to a target state is realized by the data observed from the stream, and when such an activation condition is realized, the state machine is toggled into the target state.

Abstract: The invention relates to a data collection device for monitoring streams in a data network using a packet transmission mode, including an extractor for extracting data contained in packets belonging to a stream defined by a transmitter, a receiver, and a protocol. The collection device also includes a syntax analyzer which receives data in real time from the extractor and breaks the data down into elements according to the syntactic rules of the protocol, said syntactic rules enabling the elements to be represented as a tree structure. The syntax analyzer combines respective tree state indicators with at least some of the elements, wherein the tree state indicator combined with an element locates said element within the tree structure. An interface transmits the tree state indicators, together with the elements with which the latter have been combined, to a stream analyzer external to the collection device.

Abstract: In a phase of configuration, a state machine (20) is constructed with states and transitions configured according to at least one type of data to be extracted from a data stream travelling around an IP network. The transitions between states are activated by conditions defined as a function of rules of organization of the data of the stream according to an application layer protocol. One or more states are moreover selected for the extraction of data from the stream. Thereafter, in a phase of real-time analysis of the stream, the stream data arising from IP packets travelling successively around the network are observed. When the state machine is in a current state, a search is conducted as to whether a condition of activation of a transition to a target state is realized by the data observed from the stream, and when such an activation condition is realized, the state machine is toggled into the target state.

Abstract: The invention relates to a data collection device for monitoring streams in a data network using a packet transmission mode, including an extractor for extracting data contained in packets belonging to a stream defined by a transmitter, a receiver, and a protocol. The collection device also includes a syntax analyzer which receives data in real time from the extractor and breaks the data down into elements according to the syntactic rules of the protocol, said syntactic rules enabling the elements to be represented as a tree structure. The syntax analyzer combines respective tree state indicators with at least some of the elements, wherein the tree state indicator combined with an element locates said element within the tree structure. An interface transmits the tree state indicators, together with the elements with which the latter have been combined, to a stream analyzer external to the collection device.

Abstract: A distributed system for analyzing traffic flow on a communications network architecture where a computer provides information over a data network to a concentrator, which provides a bridge between the computer and the end user terminals. The interface between the terminals and the concentrator is provided through access points for each workstation. The system to analyze the traffic is distributed into three components that perform, respectively, classification of the traffic flow, processing of the results of the classification, and handling of the processed results.

Abstract: The present invention provides a traffic analyzing system on a communications link having analyzer circuits connected to each other by a number of links, where each analyzer circuit has a data rate lower than the data rate of the communications link, and are adapted to perform respective different levels of analysis on packets. The information extracted from the packets analyzed at a first level of analysis by a first analyzer circuit is forwarded to a second level of analysis performed at a second analyzer circuit, where the additional analysis performed by the second analyzer circuit depends on the analysis performed by the first analyzer circuit. Such a system and associated method allows for an efficient, practical, and improved traffic flow analyses for computer networks to evaluate high-speed and heavy traffic flow, as well as for improved protocol analysis for emerging technologies.

Abstract: The invention concerns a digital processing system fed by at least one filter having three possible states resulting from one or more conditions on one or more protocol attributes, specified for a semantic stream. Each protocol attribute is specified by an ordered sequence of protocol names used in the semantic stream and a parameter name carried by a protocol whereof the name is indicated in the ordered sequence of protocol names. The digital processing device comprises a filtering engine which applies the filter on the communication data until the data provide protocol attribute values wherefrom results a valid or invalid state of the filter and an action motor which triggers the action when the state of the filter is valid.

Abstract: A method for protocol identification by recognizing determinative data among data transmitted through a detected connection using lists of explicit and implicit son protocols associated with each protocol. The kernel of an information system associates to each detected connection a data structure arranged so that it comprises an ordered sequence of the protocol names. The kernel builds the data structure by retrieving the son protocol names in the list associated to the last protocol name of said ordered sequence, the son protocol name for which the associated self identification mechanism recognizes determinant data among transmitted data by adding the retrieved son protocol name to the end of the sequence and by restarting to retrieve the son protocol name for which the associated self identification mechanism recognizes determinant data among transmitted data.

Abstract: The present invention provides a traffic analyzing system on a communications link having analyzer circuits connected to each other by a number of links, where each analyzer circuit has a data rate lower than the data rate of the communications link, and are adapted to perform respective different levels of analysis on packets. The information extracted from the packets analyzed at a first level of analysis by a first analyzer circuit is forwarded to a second level of analysis performed at a second analyzer circuit, where the additional analysis performed by the second analyzer circuit depends on the analysis performed by the first analyzer circuit. Such a system and associated method allows for an efficient, practical, and improved traffic flow analyses for computer networks to evaluate high-speed and heavy traffic flow, as well as for improved protocol analysis for emerging technologies.