According to certain embodiments, a method determines a number of transmitted packets that a first node transmitted to a second node via a link and a number of received packets that the second node received from the first node via the link. The number of transmitted packets and the number of received packets are determined for each interval of a plurality of intervals. The method further comprises determining a plurality of packet loss values. Each packet loss value is associated with a respective interval and is determined based on the number of transmitted packets and the number of received packets associated with the respective interval. The method further comprises determining variability based on the plurality of packet loss values and configuring a value associated with reordering detection based on whether the variability exceeds a threshold.

A method is disclosed for the collection of performance metrics by establishing service operations administration and maintenance (OAM) sessions between an actuator and a plurality of reflectors in a communication network. Test packets from an actuator simultaneously reach a plurality of reflectors along a test path. Each single test packet results into a plurality of test results, one per reflector, with quasi-synchronous performance metrics to sectionalize a network and more efficiently isolate fault or performance problems without the need for additional test packets to isolate the issue. Another method is disclosed wherein an actuator generates and transmits a plurality of simultaneous test packets, one per NID device, resulting into a plurality of test results, one per reflector, with quasi-synchronous performance metrics to sectionalize a network and more efficiently isolate fault or performance problems without the need for additional test packets to isolate the issue.

Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.

Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

Systems and methods are provided for automatically discovering applications/clusters in a network and mapping dependencies between the applications/clusters. A network monitoring system can capture network flow data using sensors executing on physical and/or virtual servers of the network and sensors executing on networking devices connected to the servers. The system can determine a graph including nodes, representing at least the servers, and edges, between pairs of the nodes of the graph indicating the network flow data includes one or more observed flows between pairs of the servers represented by the pairs of the nodes. The system can determine a dependency map, including representations of clusters of the servers and representations of dependencies between the clusters, based on the graph. The system can display a first representation of a first cluster of the dependency map and information indicating a confidence level of identifying the first cluster.

Optimal determination of wireless network pathway configurations may be provided. A computing device may establish Multi-Access Point (AP) coordination between at least a first AP and a second AP. The first AP can determine an uplink operation is scheduled. When an uplink is scheduled, the first AP can switch its antenna to a narrow beamwidth. The first AP can then receive uplink transmissions from at least a client in the coverage area of the narrow beamwidth. After the uplink transmission, the first AP can then switch the antenna to a larger beamwidth for a next Multi-AP coordination operation.

A network path scoring system is disclosed herein that scores quality of network paths to facilitate identification of poorly performing network paths or circuits for investigation. The scoring system builds a profile of additional latencies of a network path binned by circuit load based on historical latency data for the network path. The additional latencies are determined with respect to a base latency of the network path. The network path scoring system determines a weighted average of the additional latencies of a subset of the load bins and a weighted average of expected latencies of the subset of load bins, and a score is calculated with these weighted averages.

This disclosure describes techniques for providing information associated with an inter-cluster segment. For instance, system(s) may determine dependencies for first services associated with a first cluster and second dependencies for second services associated with a second cluster. The system(s) may then determine information for interconnections between the first cluster and the second cluster. The information may include at least dependencies for third services included in the inter-cluster segment and/or performance information for the third services. The system(s) may then generate a user interface that includes the first dependencies for the first services, the second dependencies for the second services, and the information for the inter-cluster segment. This way, a user is able to use the user interface to identify both problems occurring within the clusters and/or problems that are caused by the third services in the inter-cluster segment.

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.