WO2017045057A1 - Analysis and reporting on mobile application performance using time-correlated video and network activity - Google Patents

Analysis and reporting on mobile application performance using time-correlated video and network activity Download PDF

Info

Publication number
WO2017045057A1
WO2017045057A1 PCT/CA2015/050916 CA2015050916W WO2017045057A1 WO 2017045057 A1 WO2017045057 A1 WO 2017045057A1 CA 2015050916 W CA2015050916 W CA 2015050916W WO 2017045057 A1 WO2017045057 A1 WO 2017045057A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
mobile application
computer system
mobile
profiling information
Prior art date
Application number
PCT/CA2015/050916
Other languages
French (fr)
Inventor
Denis MISHIN
Original Assignee
Appscope Software Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Appscope Software Ltd. filed Critical Appscope Software Ltd.
Priority to PCT/CA2015/050916 priority Critical patent/WO2017045057A1/en
Publication of WO2017045057A1 publication Critical patent/WO2017045057A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3409Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/10Scheduling measurement reports ; Arrangements for measurement reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/835Timestamp

Definitions

  • the present disclosure relates to the field of application debugging, more particularly, to the mobile application debugging and profiling.
  • Modern applications would they be native or browser-based apps have their logic distributed across code running on a device such as mobile phone, tablet or regular personal computer, multiple network servers and numerous 3rd party services which provide authentication, tracking or additional infrastructure mechanism.
  • the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising (Fig.7): capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system's binding time into first cyclic buffer; redirecting said mobile application network traffic from said mobile device to a remote computer system, recording network activity of the mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system' s time; sending said video stream stored in said first cyclic buffer and said profiling information to said remote computer system; preparing an interactive report on said remote computer system contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.
  • remote computer system includes network capture and network analysis functionality.
  • At least two remote computer systems are used where the first computer system is used for network traffic data collection (capturing) and the other for analysis and generating reports.
  • mobile application may consist of multiple processes, including cases where certain functions are achieved by temporarily switching to secondary application, providing the said functions such as social network login.
  • mobile application screen is recorded on the mobile device and the video stream is encoded using a hardware video codec of the said mobile device.
  • profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs.
  • the video stream is encoded using video codec such as H264, or H265, or WebP or Bink.
  • the mobile application screen is recorded on the computer system using the operating system installed on the computer, using either digital signal interface such as HDMI or video compressed stream interface such as AirPlay.
  • the video stream and profiling information about the mobile application is sent from said mobile device to said remote computer system;
  • the video stream is sent from the computer system to the remote computer system, and the profiling information about the mobile application is sent from the said mobile device to said remote computer system;
  • cyclic buffer may be logically mapped into a nonvolatile storage such as NAND memory.
  • the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising (Fig.8): capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system' s binding time into first cyclic buffer; redirecting said tested mobile application network traffic from said mobile device to said remote computer system in order to record network activity of the said mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system' s time; sending said video stream stored in said cyclic buffer, said profiling information to said remote computer system to prepare an interactive report on said remote computer system contains system time correlated said video stream, said profiling information, and said information about mobile application network activity.
  • the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising: capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system' s binding time into first cyclic buffer; recording network activity of the mobile application on said mobile application into second cyclic buffer and binding said network activity to said mobile application system's time; preparing an interactive report on said mobile application contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.
  • Fig.1 embodiment where mobile device and remote server are used.
  • Fig. 2 profiling application and application under test.
  • Fig. 3 cyclic buffer.
  • Fig.4 embodiment where computer system, mobile device and remote server are used.
  • This technical solution in its different embodiments can be implemented as a computer method, in the form of a system or a machine -readable medium containing instructions for using the said method.
  • system means a computer system, PC (personal computer), CNC (computer numeric control), PLC (programmable logic controller), computerized control systems and any other devices that can perform defined, clearly determined sequence of operations (actions, instructions).
  • PC personal computer
  • CNC computer numeric control
  • PLC programmable logic controller
  • Command processing device means an electronic unit or integral circuit (microprocessor) that executes machine instructions (programs).
  • Command processing device reads and executes machine instructions (programs) from one or more data storage devices.
  • Data storage devices include but are not limited to hard drives (HDD), flash memory, ROM (read-only memory), solid-state drives (SSD), optical drives.
  • Program means a sequence of instructions intended for execution by computer control device or command processing devices.
  • Non-volatile memory, nonvolatile memory, NVM or non-volatile storage is computer memory that can retrieve stored information even after having been power cycled.
  • Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM (F-RAM), most types of magnetic computer storage devices (e.g. hard disks, floppy disks, and magnetic tape), optical discs.
  • a root certificate is an unsigned or a self-signed public key certificate that identifies the Root Certificate Authority (CA).
  • CA Root Certificate Authority
  • the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising:
  • a mobile device user Before performing the method, a mobile device user must install mobile profiling application 201 (Fig. 2) on the mobile device 101 (Fig. 1). A CA Root self-signed root certificate will be installed during installation on the mobile device (in some embodiments it's not required). A user must then launch profiling application 201 to connect to the remote computer system 103 via network 102 (Fig. l) for subsequent redirection of network traffic of the tested application 202 (Fig.2). A user should then launch the tested application 202 and turn profiling application 201 on. capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device ' s system time;
  • application 201 To perform profiling, application 201 must record certain profiling information (utilization of memory, CPU etc.) of application 202. In the process of operation, application 202 can create system log files. In some embodiments profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs recording said mobile application screen, encoding and storing said video stream to said mobile device system ' s binding time into first cyclic buffer;
  • mobile device screen capture is performed by capturing mobile device 101 video buffer and coding it into video motion codec such as H264 by mobile device CPU hardware acceleration video coding functionality integrated in it and timestamped
  • a video motion codec is implemented as separate logical core to the CPU.
  • a video motion codec is implemented on CPU as a subprogram or a library.
  • Received coded video stream packets are continuously stored into cyclic buffer (Fig.3) according to such packet time stamp.
  • Buffer possesses fixed size and is stored in RAM to eliminate memory fragmentation. It maintains an index between timestamps and elementary video stream packet locations within buffer, which enables rapid playback, seek and video exporting.
  • cyclic buffer may be logically mapped into a nonvolatile storage such as NAND memory. redirecting said mobile application network traffic from said mobile device to a remote computer system, recording network activity of the mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system ' s time
  • Remote computer system 103 receives application under test 202 network traffic (Fig.2), analyzes and stores it in a circular buffer allocated in said remote computer system' s 103 RAM.
  • cyclic buffer may be logically mapped into nonvolatile storage such as HDD or SDD.
  • a separate capture and network traffic analysis server is used.
  • a network mobile device is connected to may be configured in such manner that all network traffic would naturally be routed thru capture server, i.e. declaring it as default router for mobile devices.
  • an application under test may interact with remote servers using specially designed hostnames.
  • This method requires intercepting traffic to be transmitted in an encrypted manner, over TLS (HTTPS) protocol, and implies the fact that server name transmission is part of TLS handshake protocol.
  • HTTPS TLS
  • DNS Domain Name Service
  • application developers would change in the application code the hostname of target server of api.server.com into api-server-com.special.domain.com where special.domain.com is a capture server special domain zone.
  • capture server naturally possesses the destination server by parsing TLS server name during TLS handshake process.
  • NAT Network Address Translation
  • Mobile application under test 501 (Fig.5) initiates a TCP or UDP connection by means of stateful protocol, such as HTTPS to target server, using standard OS means.
  • stateful protocol such as HTTPS
  • target server using standard OS means.
  • mobile operating system has to issue at least the following commands:
  • Capture Server 502 acting as a networking gateway for the mobile device under test 501, would be configured to terminate the above mentioned connections to local TCP or UDP ports, served by Capture Server 502 (Fig.5).
  • Capture Server 502 would use the acquired knowledge of prior DNS (from DNS-server 505) resolution requests (destination server address response, mapped to domain name) and IP payload information about original destination address, would open another connection to the destination server 506, impersonating the mobile application under test 501, and would proxy incoming data from 501 to destination server 506, while being able to perform data recording and time stamping.
  • Capture Server 502 would, by either knowing the prior DNS resolution requests from mobile device 501 or by utilizing Server Name fields in the TLS protocol, or by performing a TLS handshake in advance with destination server IP and learning the domains it serves, would perform TLS handshake with mobile device 501 by providing a server certificate, signed by self-signed CA root.
  • CA root is installed as trusted root CA certificate source on mobile device, an mobile application under test 501 would normally complete TLS handshake assuming it is directly communicating with destination server 506.
  • a method of dynamic hostnames and special DNS zone may be utilized for the same purpose without need to install a self-signed root CA certificate to mobile device under test.
  • Capture Server operating system 503 (Fig.5) is configured to fulfill the following parameters:
  • HDD hard drives
  • SSD solid state drives
  • capture server communicates with the screen capturing software, it would maintain at least the same time-frame for network data as screen buffer.
  • Each client therefore is enjoying its own resource constraints and is unaffected by other client's collection activities happening on this server.
  • Capture server may employ some advanced methods to better utilize constrained environments, such as deciding to only keep part of the request data or to store larger request data to non-volatile memory. As an example, only up to certain amount of data being kept per individual request, which may be of help while debugging i.e. video-centric applications where one is interested in API calls and not really interested in caching streamed video data in full. Alternatively a longer requests might be stored to nonvolatile memory outright, without affecting the RAM buffer.
  • Application level protocols such as HTTP, Websocket, DNS, and others are formally defined by numerous standards, making it feasible to both automatically detect and parse their contents into human readable form.
  • Such a thorough timestamping from application level, parsed form of the protocol down to individual packets allow us to perform numerous quantitative analysis in order to detect various anomalies or malfunctions automatically via a set of rules, possibly extendable by the user.
  • rules might include detection of whether there is an HTTP pipelining in place between client and server by detecting multiplexed overlapping requests / responses over single TCP channel, identifying tolerance of client to network delays, identifying bottlenecks in Transport Layer Security handshakes, etc.
  • NTP network time protocol
  • Interactive report consists of: a) video recording of mobile handset screen, b) network requests view, c) system logs, d) any other collectable metrics such as RAM, CPU usage.
  • network requests could be presented in a table format.
  • network requests could be presented in form of Gantt chart, with optional grouping by various parameters such as destination hostname, TCP connection, transmitted content type and other meaningful parameters.
  • the interactive report shown in Fig. 6 consists of the mobile device time- synchronized screen capture 601 (Fig. 6), network request filter 602(Fig.6), request timeline 603 (Fig.6) in form of Gantt chart where network requests 607 (Fig.7) such as individual transactions within HTTP protocol are aligned horizontally by time, and grouped first by server name or address 606 (Fig.6), and then by logical data stream such as TCP connection, information from log files, and other metrics.
  • request timeline 603 When starting the video stream, it is possible to view the network traffic information in request timeline 603, along with basic data on ongoing processes containing information about protocols, sources, time, date, etc.
  • the information is arranged as a table with certain fragments color highlighted.
  • An extended information about individual request 604 may be obtained by selecting any individual request in the table.
  • An accurate positioning for a specific point in time may be achieved by either manipulating a time control 605 which seeks video 601 and request timeline 603 to render said point in time.

Abstract

The present disclosure relates to the field of application debugging, more particularly, to the mobile application debugging and profiling. The method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising: capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device`s system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system`s binding time into first cyclic buffer; redirecting said mobile application network traffic from said mobile device to a remote computer system, recording network activity of the mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system`s time; sending said video stream stored in said first cyclic buffer and said profiling information to said remote computer system; preparing an interactive report on said remote computer system contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.

Description

ANALYSIS AND REPORTING ON MOBILE APPLICATION PERFORMANCE
USING TIME-CORRELATED VIDEO AND NETWORK ACTIVITY
TECHNICAL FIELD
The present disclosure relates to the field of application debugging, more particularly, to the mobile application debugging and profiling.
PRIOR ART
Modern applications, would they be native or browser-based apps have their logic distributed across code running on a device such as mobile phone, tablet or regular personal computer, multiple network servers and numerous 3rd party services which provide authentication, tracking or additional infrastructure mechanism.
As a result, troubleshooting of applications during development and QA process is very complicated, as people who catch a bug need to elaborate what had happened to the user on the screen, and possibly try to re-create it, which takes time and often might not be possible due to the root cause being very often in network responses from one or many mentioned services.
While capturing network traffic and screen is technically possible, it requires complicated setup, often involving multiple computers, and results are inherently uncorrected, making capture time consuming, error-prone and therefore impractical.
In order to capture network traffic "wireshark" or "tcpdump" network capturing and filtering tools could be used, which captures network packets from given network interface. However, due to security and sandboxing requirements, this tool is not operational on mobile devices, hence an environment incorporating a separate computer which would bypass network traffic from mobile device is required, which is a relatively labor-intensive task to accomplish. .
SUMMARY
In some embodiments the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising (Fig.7): capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system's binding time into first cyclic buffer; redirecting said mobile application network traffic from said mobile device to a remote computer system, recording network activity of the mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system' s time; sending said video stream stored in said first cyclic buffer and said profiling information to said remote computer system; preparing an interactive report on said remote computer system contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.
In some embodiments, remote computer system includes network capture and network analysis functionality.
In some embodiments, at least two remote computer systems are used where the first computer system is used for network traffic data collection (capturing) and the other for analysis and generating reports.
In some embodiments mobile application may consist of multiple processes, including cases where certain functions are achieved by temporarily switching to secondary application, providing the said functions such as social network login. In some embodiments mobile application screen is recorded on the mobile device and the video stream is encoded using a hardware video codec of the said mobile device.
In some embodiments profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs.
In some embodiments the video stream is encoded using video codec such as H264, or H265, or WebP or Bink.
In some embodiments the first cyclic buffer is stored in said mobile device
RAM.
In some embodiments the mobile application screen is recorded on the computer system using the operating system installed on the computer, using either digital signal interface such as HDMI or video compressed stream interface such as AirPlay.
In some embodiments first cyclic buffer is stored in the computer system
RAM.
In some embodiments the video stream and profiling information about the mobile application is sent from said mobile device to said remote computer system;
In some embodiments the video stream is sent from the computer system to the remote computer system, and the profiling information about the mobile application is sent from the said mobile device to said remote computer system;
In some embodiments, cyclic buffer may be logically mapped into a nonvolatile storage such as NAND memory.
In some embodiments the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising (Fig.8): capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system' s binding time into first cyclic buffer; redirecting said tested mobile application network traffic from said mobile device to said remote computer system in order to record network activity of the said mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system' s time; sending said video stream stored in said cyclic buffer, said profiling information to said remote computer system to prepare an interactive report on said remote computer system contains system time correlated said video stream, said profiling information, and said information about mobile application network activity.
In some embodiments the method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising: capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; recording said mobile application screen, encoding and storing said video stream to said mobile device system' s binding time into first cyclic buffer; recording network activity of the mobile application on said mobile application into second cyclic buffer and binding said network activity to said mobile application system's time; preparing an interactive report on said mobile application contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig.1 - embodiment where mobile device and remote server are used. Fig. 2 - profiling application and application under test. Fig. 3 - cyclic buffer. Fig.4 - embodiment where computer system, mobile device and remote server are used.
Fig.5 - redirection of a network traffic via Capture Server.
Fig.6 - interactive report.
Fig. 7, 8 - embodiments of described method
DETAILED DESCRIPTION
Various embodiments of the technical solution are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person with ordinary skill in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the invention.
This technical solution in its different embodiments can be implemented as a computer method, in the form of a system or a machine -readable medium containing instructions for using the said method.
In this technical solution the system means a computer system, PC (personal computer), CNC (computer numeric control), PLC (programmable logic controller), computerized control systems and any other devices that can perform defined, clearly determined sequence of operations (actions, instructions).
Command processing device means an electronic unit or integral circuit (microprocessor) that executes machine instructions (programs).
Command processing device reads and executes machine instructions (programs) from one or more data storage devices. Data storage devices include but are not limited to hard drives (HDD), flash memory, ROM (read-only memory), solid-state drives (SSD), optical drives. Program means a sequence of instructions intended for execution by computer control device or command processing devices.
Non-volatile memory, nonvolatile memory, NVM or non-volatile storage is computer memory that can retrieve stored information even after having been power cycled. Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM (F-RAM), most types of magnetic computer storage devices (e.g. hard disks, floppy disks, and magnetic tape), optical discs.
In cryptography and computer security, a root certificate is an unsigned or a self-signed public key certificate that identifies the Root Certificate Authority (CA).
The method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising:
Before performing the method, a mobile device user must install mobile profiling application 201 (Fig. 2) on the mobile device 101 (Fig. 1). A CA Root self-signed root certificate will be installed during installation on the mobile device (in some embodiments it's not required). A user must then launch profiling application 201 to connect to the remote computer system 103 via network 102 (Fig. l) for subsequent redirection of network traffic of the tested application 202 (Fig.2). A user should then launch the tested application 202 and turn profiling application 201 on. capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time;
To perform profiling, application 201 must record certain profiling information (utilization of memory, CPU etc.) of application 202. In the process of operation, application 202 can create system log files. In some embodiments profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs recording said mobile application screen, encoding and storing said video stream to said mobile device system's binding time into first cyclic buffer;
After starting the video recording of a mobile application under test 202 (Fig.2), mobile device screen capture is performed by capturing mobile device 101 video buffer and coding it into video motion codec such as H264 by mobile device CPU hardware acceleration video coding functionality integrated in it and timestamped
In some embodiments, a video motion codec is implemented as separate logical core to the CPU.
In some embodiments, a video motion codec is implemented on CPU as a subprogram or a library.
Received coded video stream packets are continuously stored into cyclic buffer (Fig.3) according to such packet time stamp.
Buffer possesses fixed size and is stored in RAM to eliminate memory fragmentation. It maintains an index between timestamps and elementary video stream packet locations within buffer, which enables rapid playback, seek and video exporting.
In some embodiments, cyclic buffer may be logically mapped into a nonvolatile storage such as NAND memory. redirecting said mobile application network traffic from said mobile device to a remote computer system, recording network activity of the mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system's time
Remote computer system 103 (Fig. 1) receives application under test 202 network traffic (Fig.2), analyzes and stores it in a circular buffer allocated in said remote computer system' s 103 RAM.
In some embodiments, cyclic buffer may be logically mapped into nonvolatile storage such as HDD or SDD.
In order to analyze the mobile application traffic, the following technique is implemented. It should be noted, that because modern smartphones are based on fully featured operating systems such as Linux (Android) and BSD (iOS), the described technique could also be implemented on the mobile device itself without much modification, which may become practical in the future when mobile device processing power and available RAM would increase.
In some embodiments a separate capture and network traffic analysis server is used.
Traffic Interception
In order to divert all network (TCP, IP and UDP) traffic from mobile handsets, utilizing one of virtual private network protocols, such as IPSEC, Open VPN, PPP, L2TP and others, widely supported on majority of modern mobile devices across various platforms including Android, iOS, Windows Phone, and others, is a natural choice.
By either using an OS -provided API for bespoke VPN tunnel, utilizing a 3rd party application enabling VPN access, or OS -provided configuration mechanism, we establish a network tunnel between mobile device 501 (Fig. l) and capture server 502, which would make an operating system to send all network packets to capture server. In some embodiments, instead of utilizing a VPN tunnelling, a network mobile device is connected to may be configured in such manner that all network traffic would naturally be routed thru capture server, i.e. declaring it as default router for mobile devices.
In some embodiments, an application under test may interact with remote servers using specially designed hostnames. This method requires intercepting traffic to be transmitted in an encrypted manner, over TLS (HTTPS) protocol, and implies the fact that server name transmission is part of TLS handshake protocol. One would need to configure a Domain Name Service (DNS) special domain which would resolve host name queries into capture server address. Then, if application developers would change in the application code the hostname of target server of api.server.com into api-server-com.special.domain.com where special.domain.com is a capture server special domain zone. When receiving such requests, capture server naturally possesses the destination server by parsing TLS server name during TLS handshake process.
Traffic Analysis
On capture server, we could configure operating system networking stack in such a manner that capture server would become an internet gateway for the mobile device, by means of performing Network Address Translation (NAT) for the TCP and UDP connections made by mobile device. This procedure is the same for cases when mobile device is connecting via VPN or it is a network setup to route network data thru this server.
In order to analyze network traffic from mobile device, we could utilize one of the standard methods, by manipulating operating system network stack configuration: a) capture all packets passing thru outbound network interface of capture host on low-level, physical network interface level (i.e. Ethernet). In order to assemble the data into meaningful client-server conversation flow, an intercepting application would utilize knowledge of underlying transport protocols functioning, such as TCP sequence numbers which explicitly order individual packets sent over network. b) make an operating system transparently proxy all outbound connections to our application, which would then initiate another connection towards destination and perform effectively "proxying" of data; this latter method is called "transparent proxying".
There are multiple ways one may capture network traffic from a mobile handset, some may be preferred in specific environments.
Secured Data Interception
Mobile application under test 501 (Fig.5) initiates a TCP or UDP connection by means of stateful protocol, such as HTTPS to target server, using standard OS means. In order to fulfill application request, mobile operating system has to issue at least the following commands:
1. Perform domain name to IP address resolution of a target server
2. Open TCP or UDP connection to a well-known port, as defined by the protocol standard
An operating system of capture server 502 (Fig.5), acting as a networking gateway for the mobile device under test 501, would be configured to terminate the above mentioned connections to local TCP or UDP ports, served by Capture Server 502 (Fig.5). Capture Server 502 would use the acquired knowledge of prior DNS (from DNS-server 505) resolution requests (destination server address response, mapped to domain name) and IP payload information about original destination address, would open another connection to the destination server 506, impersonating the mobile application under test 501, and would proxy incoming data from 501 to destination server 506, while being able to perform data recording and time stamping.
In case Transport Layer Security would be required by application protocol in question, Capture Server 502 would, by either knowing the prior DNS resolution requests from mobile device 501 or by utilizing Server Name fields in the TLS protocol, or by performing a TLS handshake in advance with destination server IP and learning the domains it serves, would perform TLS handshake with mobile device 501 by providing a server certificate, signed by self-signed CA root. As CA root is installed as trusted root CA certificate source on mobile device, an mobile application under test 501 would normally complete TLS handshake assuming it is directly communicating with destination server 506.
In some embodiments, a method of dynamic hostnames and special DNS zone may be utilized for the same purpose without need to install a self-signed root CA certificate to mobile device under test.
Therefore, Capture Server operating system 503 (Fig.5) is configured to fulfill the following parameters:
1. Accept VPN connections from remote clients (if VPN is used for network capture), OR
2. Route the traffic of client subnet / IP addresses to public network, if transparent routing is used as a method for network capture
3. Perform 'port forwarding' or "proxying" of all client traffic for supported protocol ports to local ports, served by Capture Server. I.e. all requests to port 80 (HTTP) would get terminated to port 2080 on Capture Server machine.
Data Collection In order to perform data collection, we could utilize either a continuous recording to permanent media such as file-system backed by hard drives (HDD) or solid state drives (SSD), or keep it in volatile memory. In both cases, it might be beneficial to periodically purge older data which is likely to be of no interest to the client, in order to maintain a continuous cyclic buffer.
As capture server communicates with the screen capturing software, it would maintain at least the same time-frame for network data as screen buffer. Each client therefore is enjoying its own resource constraints and is unaffected by other client's collection activities happening on this server.
Capture server may employ some advanced methods to better utilize constrained environments, such as deciding to only keep part of the request data or to store larger request data to non-volatile memory. As an example, only up to certain amount of data being kept per individual request, which may be of help while debugging i.e. video-centric applications where one is interested in API calls and not really interested in caching streamed video data in full. Alternatively a longer requests might be stored to nonvolatile memory outright, without affecting the RAM buffer.
Data Analysis
Application level protocols, such as HTTP, Websocket, DNS, and others are formally defined by numerous standards, making it feasible to both automatically detect and parse their contents into human readable form.
In some embodiments captured network data 504 decoded in accordance to the RFC and other specifications.
In order to correlate network protocol events with other data collected on mobile device (such as screen capture or CPU load sampling, memory usage sampling or system log entries capture) we assign a timestamp to both individual network packets received and upper level parsed structures which are part of the application-level protocol, such as timestamp an HTTP request was fully sent to server and timestamp when response to this request has been obtained. An accurate and thorough timestamping is crucial for correlation analysis such as understanding the delay from server response reception to screen refresh in mobile application, which allows to discriminate between network-specific issues and application data processing ones.
Such a thorough timestamping from application level, parsed form of the protocol down to individual packets allow us to perform numerous quantitative analysis in order to detect various anomalies or malfunctions automatically via a set of rules, possibly extendable by the user. Examples of such rules might include detection of whether there is an HTTP pipelining in place between client and server by detecting multiplexed overlapping requests / responses over single TCP channel, identifying tolerance of client to network delays, identifying bottlenecks in Transport Layer Security handshakes, etc.
Timestamping
As there could be multiple individual devices involved in overall data capture (i.e. mobile handset screen being captured from desktop PC, device system log being fetched directly from device include device timestamps, and network capture on a dedicated capture server - possibly in the cloud, it is important to maintain timestamp accuracy between them. We assume all parties maintain a correct internal clock using network time protocol (NTP).
In order to perform correction between the timestamps observable on i.e. capture server to the point in time where this same packet was sent or received on a mobile device, we measure the communication link between the said mobile device and said remote system latency - i.e. by sending ICMP Ping packets between them. The derived latency value could later on be applied to capture -server observable timestamps to convert them into mobile device-observable timestamps. sending said video stream stored in said first cyclic buffer and said profiling information to said remote computer system
Once the required testing of application 202 (Fig. 2) is completed, the user must activate application 201 and select the video clip of the recorded application screen to be exported. Application 201 will then send the user-selected video clip, log files, and profiling information (i.e. CPU, RAM) to the remote computer system 103 (Fig. 1). preparing an interactive report on said remote computer system contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application
Interactive report consists of: a) video recording of mobile handset screen, b) network requests view, c) system logs, d) any other collectable metrics such as RAM, CPU usage.
In some embodiments, network requests could be presented in a table format.
In some embodiments, network requests could be presented in form of Gantt chart, with optional grouping by various parameters such as destination hostname, TCP connection, transmitted content type and other meaningful parameters.
The interactive report shown in Fig. 6 consists of the mobile device time- synchronized screen capture 601 (Fig. 6), network request filter 602(Fig.6), request timeline 603 (Fig.6) in form of Gantt chart where network requests 607 (Fig.7) such as individual transactions within HTTP protocol are aligned horizontally by time, and grouped first by server name or address 606 (Fig.6), and then by logical data stream such as TCP connection, information from log files, and other metrics.
When starting the video stream, it is possible to view the network traffic information in request timeline 603, along with basic data on ongoing processes containing information about protocols, sources, time, date, etc. The information is arranged as a table with certain fragments color highlighted. An extended information about individual request 604 may be obtained by selecting any individual request in the table. An accurate positioning for a specific point in time may be achieved by either manipulating a time control 605 which seeks video 601 and request timeline 603 to render said point in time.
These and other aspects of the present invention will become apparent to those skilled in the art by a review of the preceding detailed description. Although a number of salient features of the present invention have been described above, the invention is capable of other embodiments and of being practiced and carried out in various ways that would be apparent to one of ordinary skill in the art after reading the disclosed invention. Therefore, the above description should not be considered to be exclusive of these other embodiments. Also, it is to be understood that the phraseology and terminology employed herein are for the purposes of description and should not be regarded as limiting.

Claims

WE CLAIM
1. The method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising:
o capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device' s system time;
o recording said mobile application screen, encoding and storing said video stream to said mobile device system's binding time into first cyclic buffer;
o redirecting said mobile application network traffic from said mobile device to a remote computer system, recording network activity of the mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system' s time;
o sending said video stream stored in said first cyclic buffer and said profiling information to said remote computer system;
o preparing an interactive report on said remote computer system contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.
2. The method of claim 1, where mobile application may consist of multiple processes, including cases where certain functions are achieved by temporarily switching to secondary application, providing the said functions such as social network login.
3. The method of claim 1, where said mobile application screen is recorded on the said mobile device and the video stream is encoded using a hardware video codec of the said mobile device.
4. The method of claim 1, where profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs.
5. The method of claim 3, where said video stream is encoded using video codec such as H264, or H265, or WebP or Bink.
6. The method of claim 2, where said first cyclic buffer is stored in said mobile device RAM.
7. The method of claim 1, where said mobile application screen is recorded on said computer system using the operating system installed on the computer, using either digital signal interface such as HDMI or video compressed stream interface such as AirPlay
8. The method of claim 7, where said first cyclic buffer is stored in said computer system RAM.
9. The method of claim 4, where said video stream and profiling information about said mobile application is sent from said mobile device to said remote computer system;
10. The method of claim 7, where said video stream is sent from the said computer system to said remote computer system, and the profiling information about the mobile application is sent from the said mobile device to said remote computer system;
11. The method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising:
o capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device' s system time;
o recording said mobile application screen, encoding and storing said video stream to said mobile device system's binding time into first cyclic buffer; o redirecting said tested mobile application network traffic from said mobile device to said remote computer system in order to record network activity of the said mobile application on said remote computer system into second cyclic buffer and binding said network activity to said remote computer system's time;
o sending said video stream stored in said cyclic buffer, said profiling information to said remote computer system to prepare an interactive report on said remote computer system contains system time correlated said video stream, said profiling information, and said information about mobile application network activity.
12. The method of claim 11, where mobile application may consist of multiple processes, including cases where certain functions are achieved by temporarily switching to secondary application, providing the said functions such as social network login.
13. The method of claim 11, where said mobile application screen is recorded on the said mobile device and the video stream is encoded using a hardware video codec of the said mobile device.
14. The method of claim 11, where profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs.
15. The method of claim 13, where said video stream is encoded using video codec such as H264, or H265, or WebP or Bink.
16. The method of mobile device screen, network activity, profiling information capture, sharing and analysis comprising:
• capturing profiling information about mobile application under test on a mobile device and binding said profiling information to said mobile device's system time; • recording said mobile application screen, encoding and storing said video stream to said mobile device system's binding time into first cyclic buffer;
• recording network activity of the mobile application on said mobile application into second cyclic buffer and binding said network activity to said mobile application system' s time;
• preparing an interactive report on said mobile application contains system time correlated said profiling information, said video stream and information about said network activity of said mobile application.
17. The method of claim 16, where mobile application may consist of multiple processes, including cases where certain functions are achieved by temporarily switching to secondary application, providing the said functions such as social network login.
18. The method of claim 16, where mobile application screen is recorded on the mobile device and the video stream is encoded using a hardware video codec of the said mobile device.
19. The method of claim 16, where profiling information comprising: CPU load, RAM allocation, bandwidth utilization and other OS kernel exposed metrics, system and application processes logs.
20. The method of claim 18, where said video stream is encoded using video codec such as H264, or H265, or WebP or Bink.
PCT/CA2015/050916 2015-09-18 2015-09-18 Analysis and reporting on mobile application performance using time-correlated video and network activity WO2017045057A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CA2015/050916 WO2017045057A1 (en) 2015-09-18 2015-09-18 Analysis and reporting on mobile application performance using time-correlated video and network activity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2015/050916 WO2017045057A1 (en) 2015-09-18 2015-09-18 Analysis and reporting on mobile application performance using time-correlated video and network activity

Publications (1)

Publication Number Publication Date
WO2017045057A1 true WO2017045057A1 (en) 2017-03-23

Family

ID=58287970

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2015/050916 WO2017045057A1 (en) 2015-09-18 2015-09-18 Analysis and reporting on mobile application performance using time-correlated video and network activity

Country Status (1)

Country Link
WO (1) WO2017045057A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3386233A1 (en) * 2017-04-04 2018-10-10 Aruba Networks, Inc. Mobile device recording for troubleshooting assistance

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130063288A1 (en) * 2011-09-13 2013-03-14 John B. Bley Methods and computer program products for providing a compressed circular buffer for efficient storage of network performance data
US8997081B1 (en) * 2014-09-18 2015-03-31 Ensighten, Inc. Analytics for mobile applications

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130063288A1 (en) * 2011-09-13 2013-03-14 John B. Bley Methods and computer program products for providing a compressed circular buffer for efficient storage of network performance data
US8997081B1 (en) * 2014-09-18 2015-03-31 Ensighten, Inc. Analytics for mobile applications

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3386233A1 (en) * 2017-04-04 2018-10-10 Aruba Networks, Inc. Mobile device recording for troubleshooting assistance

Similar Documents

Publication Publication Date Title
US10454984B2 (en) Method for streaming packet captures from network access devices to a cloud server over HTTP
Hofstede et al. Flow monitoring explained: From packet capture to data analysis with netflow and ipfix
Maier et al. On dominant characteristics of residential broadband internet traffic
US9942247B2 (en) Traffic shape obfuscation when using an encrypted network connection
Wundsam et al. {OFRewind}: Enabling Record and Replay Troubleshooting for Networks
He et al. Next stop, the cloud: Understanding modern web service deployment in ec2 and azure
US10218733B1 (en) System and method for detecting a malicious activity in a computing environment
Razaghpanah et al. Haystack: A multi-purpose mobile vantage point in user space
Merlo et al. A comparative performance evaluation of DNS tunneling tools
Bujlow et al. Comparison of deep packet inspection (dpi) tools for traffic classification
US10819597B2 (en) Network device measurements employing white boxes
Botta et al. D-ITG 2.8. 1 Manual
US11811623B2 (en) Deep tracing of user experience
Nath Packet Analysis with Wireshark
US8972543B1 (en) Managing clients utilizing reverse transactions
Agarwal et al. An infrastructure for passive network monitoring of application data streams
WO2017045057A1 (en) Analysis and reporting on mobile application performance using time-correlated video and network activity
Wang et al. Bridging the gap between security tools and SDN controllers
Karamollahi et al. Packet-Level Analysis of Zoom Performance Anomalies
Stanek et al. Characteristics of real open SIP-Server traffic
Kazemi et al. Evaluation of IPsec overhead for VoIP using a bare PC
Toll et al. IoTreeplay: Synchronous Distributed Traffic Replay in IoT Environments
US20230319109A1 (en) Packet Capture Using Fixed Encryption Key
Shekhada et al. A comparison of current web protocols for usage in cloud based automation systems
Répás et al. Stability analysis and performance comparison of five 6to4 relay implementations

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15903777

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15903777

Country of ref document: EP

Kind code of ref document: A1