US Patent 7975059 Generic application level protocol analyzer

A generic application-level protocol analyzer (GAPA) is adaptable to model an application and its response to messages in different protocols, including multiple, layered protocols in a network context. One mode of a GAPA includes an analysis engine having a plurality of objects adaptable to model an application and its response to messages. The objects may include a session dispatching object, a state machine object, a message parsing object, a protocol layering object, and a handler object. The analysis engine may be used to evaluate real-time network streams or to evaluate recorded network traces. The GAPA is adapted to specific applications using a generic application-level protocol analyzer engine language (GAPAL). The GAPAL uses a high-level syntax similar to those in existing protocol specification descriptions. The GAPAL supports binary and text-based protocols. Using the GAPAL, objects are described without writing low-level code to model specific objects or specify message formats.